Add DNAT rule to Azure Firewall during post deploy #565
Labels
Comments
|
Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month. |
github-actions
bot
added
the
stale
Gordonby
added
help wanted
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
If the user has selected Azure Firewall + Ingress (Contour/Nginx/Traefik) selected, they will need a DNAT rule added to the Firewall for the ingress to be properly exposed.
Describe the solution you'd like
We could create this configuration during post-deploy after the IP for the ingress controller is known.
If the user is using a dedicated subnet for ingress controller IP's (#552) then we could even do this all in the bicep as we'll be able to assume the IP.
Describe alternatives you've considered
Creating it manually.
Additional context
https://learn.microsoft.com/en-gb/azure/aks/limit-egress-traffic#add-a-dnat-rule-to-azure-firewall
The text was updated successfully, but these errors were encountered: