How to set AWS ELB TLS Security Policy from K8s Ingress?

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: test-ingress
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-policy: 'ELBSecurityPolicy-TLS-1-2-Ext-2018-06'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-1:*********
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/healthcheck-path: /index.htm
alb.ingress.kubernetes.io/target-type: ip

If you don’t specify alb.ingress.kubernetes.io/ssl-policy , then ALB will default to ELBSecurityPolicy-2016–08 . The ELBSecurityPolicy-2016–08 has support for TLS 1.0, 1,1 which are out-of-date protocols which them open to vulnerabilities.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store