test nginx configuration with chosen ciphers suites

kubernetes/aks/apps/finesse/public/ingress.yaml

@@ -10,9 +10,6 @@ metadata:
     nginx.ingress.kubernetes.io/rewrite-target: /$2  # https://kubernetes.github.io/ingress-nginx/examples/rewrite/
     ingress.kubernetes.io/force-ssl-redirect: "true"
     kubernetes.io/tls-acme: "true"
-    nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers: "true"
-    nginx.ingress.kubernetes.io/ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
-    nginx.ingress.kubernetes.io/ssl-ecdh-curve: "secp256r1:secp384r1:secp521r1"
 spec:
   ingressClassName: nginx
   tls:

kubernetes/aks/system/ingress-nginx/helm/values.yaml

@@ -48,7 +48,12 @@ controller:
   # -- Will add custom configuration options to Nginx https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/
   config:
     proxy-body-size: "200m"
-    server-snippet: add_header X-Robots-Tag "noindex,nofollow";
+    ssl-prefer-server-ciphers: "true"
+    ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256"
+    ssl-ecdh-curve: "secp256r1:secp384r1:secp521r1"
+    server-snippet: |
+      add_header X-Robots-Tag "noindex,nofollow";
+      ssl_conf_command CipherSuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384;
   # -- Annotations to be added to the controller config configuration configmap.
   configAnnotations: {}
   # -- Will add custom headers before sending traffic to backends according to https://github.com/kubernetes/ingress-nginx/tree/main/docs/examples/customization/custom-headers