Skip to content

Add DNAT rule to Azure Firewall during post deploy #565

New issue
New issue
Open
Open
Add DNAT rule to Azure Firewall during post deploy#565
Labels
Keep OpenenhancementNew feature or requesthelp wantedExtra attention is needed
@Gordonby

Description

@Gordonby
Gordonby
opened on Mar 29, 2023

Is your feature request related to a problem? Please describe.
If the user has selected Azure Firewall + Ingress (Contour/Nginx/Traefik) selected, they will need a DNAT rule added to the Firewall for the ingress to be properly exposed.

Describe the solution you'd like
We could create this configuration during post-deploy after the IP for the ingress controller is known.
If the user is using a dedicated subnet for ingress controller IP's (#552) then we could even do this all in the bicep as we'll be able to assume the IP.

Describe alternatives you've considered
Creating it manually.

Additional context
https://learn.microsoft.com/en-gb/azure/aks/limit-egress-traffic#add-a-dnat-rule-to-azure-firewall

Metadata

Metadata

Assignees

No one assigned

    Labels

    Keep OpenenhancementNew feature or requesthelp wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions