support for (mTLS) Mutual Transport Layer Security

[berry2012]

Is your feature request related to a problem?
Originally posted by @kishorj in #1973 (comment)

Describe the solution you'd like
I'd like to see ALB controller add support for mTLS.
The Application Load Balancer now reliably verifies certificate-based client identities hence the ask if this can now be effected in the ALB controller settings.

Describe alternatives you've considered

1. With Nginx Ingress controller by adding additional annotations to your Ingress Resource to specify Client-Certificate Authentication.
   https://github.com/kubernetes/ingress-nginx/blob/main/docs/examples/auth/client-certs/ingress.yaml

2. With ALB controller provisioning an ALB after creating the ingress resource then manually editing the created ALB from EC2 console to enable the mTLS (not smooth, but it is a workaround for now). Having a way to use annotations to specify the certificate stored in secret will give better experience.

[arununzer]

+1 , Can we have the support for mTLS for ALB controller as an ingress Annotations like we have it for nginx ingress controller

[oliviassss]

/assign @shraddhabang

[k8s-ci-robot]

@oliviassss: GitHub didn't allow me to assign the following users: shraddhabang.

Note that only kubernetes-sigs members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @shraddhabang

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[shraddhabang]

Thank you for bringing this up. We are currently working on the implementation to support mTLS configuration through controller. We are planning to release this in coming month in next minor release.

[berry2012]

Good to know. Thanks for the update @shraddhabang

[JCachada]

Hey 😄 No pressure, but is this still planned for release in the next minor? Have there been any updates to the plan in the meantime?

[kangadrewie]

Hey 😄 No pressure, but is this still planned for release in the next minor? Have there been any updates to the plan in the meantime?

+1 -- I see the ticket is still in todo, this would be a great addition

[arununzer]

Hello Folks, Any idea on when it will be released ..an appropriate release date ?

[oliviassss]

@JCachada, @kangadrewie, @arununzer, hi all, I think the team are working on releasing this feature with v2.7.0, targetting on mid Jan. Thanks

[suman-ganta]

Hi @oliviassss, is v2.7.0 still on track to release this week?

[shraddhabang]

@suman-ganta I have raised a PR for this feature. The release for v2.7.0 is set by end of January. Thank you for your patience.

[arununzer]

Thanks @shraddhabang for the mTLS release