Ensure HTTPS is enabled on Kubernetes Ingress resource

MEDIUM

Description

Enabling end-to-end TLS encryption can help keep data in-transit protected. In addition, using the latest version of TLS and modern ciphers can help keep data in-transit protected from man-in-the-middle and similar attacks.

Remediation

In the Kubernetes Ingress YAML file, add an annotation for kubernetes.io/ingress.allow-http and set it to false.

References:
https://cloud.google.com/kubernetes-engine/docs/concepts/ingress-xlb#disabling_http

Policy Details

Rule Reference ID: AC_K8S_0002

CSP: Kubernetes

Remediation Available: No

Domain: Infrastructure Security

Resource: kubernetes_ingress

Resource Category: Virtual Network

Resource Type: Ingress

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics