Change: Replace AppGW WAF config with WAF policy resource. #316
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
- Add bash snippet to set pre-existing group. - Add hints to skip user creation / member adding group has members.
...making sure they are also written to aks_baseline.env by saveenv.sh.
This reverts commit 9234b57.
This reverts commit fba516b.
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
ulkeba
added a commit
to ulkeba/aks-baseline_fork
that referenced
this pull request
May 10, 2022
* Allow communication with API server via udp/1194. References: mspnp#223 https://docs.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service * Return IP address instead of res. ID (acc to doc) * Minimal user feedback: echo variables to console. * ifconfig.io to return IPv4 addr for access policy * Notes for macOS users, having BSD sed. * Improvement to comment. Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Comment out firewall rule, but add hints. * Enable FW rule in bicep; remove warning. * Update references to 'aks-baseline'. * Get current branch name and pass as parameter. * Pass domain name as parameter to curl container. * Optimize docs for pre-existing AAD group. - Add bash snippet to set pre-existing group. - Add hints to skip user creation / member adding group has members. * Hint for single-tenant deployment. * Make namespace reader group optional. * Fix: Print correct variable name. * Only stage intentionally changed file for commit. * FIx deployment failures on role lookup * Add some clarification to docs. * Make saveenv.sh independent of current directory. * Append suffix to GITOPS variables... ...making sure they are also written to aks_baseline.env by saveenv.sh. * export GITOPS variables. * Revert "FIx deployment failures on role lookup" This reverts commit 9234b57. * Revert "Only stage intentionally changed file for commit." This reverts commit fba516b. * GITOPS variables are just 'local'. * Update 01-prerequisites.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 11-validation.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * GITOPS variables are just 'local'. * Replace WAF configuration with WAF policy. Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
ckittel
added a commit
that referenced
this pull request
May 10, 2022
* Allow communication with API server via udp/1194. References: #223 https://docs.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service * Return IP address instead of res. ID (acc to doc) * Minimal user feedback: echo variables to console. * ifconfig.io to return IPv4 addr for access policy * Notes for macOS users, having BSD sed. * Improvement to comment. Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Comment out firewall rule, but add hints. * Enable FW rule in bicep; remove warning. * Update references to 'aks-baseline'. * Get current branch name and pass as parameter. * Pass domain name as parameter to curl container. * Optimize docs for pre-existing AAD group. - Add bash snippet to set pre-existing group. - Add hints to skip user creation / member adding group has members. * Hint for single-tenant deployment. * Make namespace reader group optional. * Fix: Print correct variable name. * Only stage intentionally changed file for commit. * FIx deployment failures on role lookup * Add some clarification to docs. * Make saveenv.sh independent of current directory. * Append suffix to GITOPS variables... ...making sure they are also written to aks_baseline.env by saveenv.sh. * export GITOPS variables. * Revert "FIx deployment failures on role lookup" This reverts commit 9234b57. * Revert "Only stage intentionally changed file for commit." This reverts commit fba516b. * GITOPS variables are just 'local'. * Update 01-prerequisites.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 11-validation.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * GITOPS variables are just 'local'. * Fix: Peering name length for long region names. * Update networking/spoke-BU0001A0008.bicep Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Change: Replace AppGW WAF config with WAF policy resource. (#316) * Allow communication with API server via udp/1194. References: #223 https://docs.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service * Return IP address instead of res. ID (acc to doc) * Minimal user feedback: echo variables to console. * ifconfig.io to return IPv4 addr for access policy * Notes for macOS users, having BSD sed. * Improvement to comment. Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Comment out firewall rule, but add hints. * Enable FW rule in bicep; remove warning. * Update references to 'aks-baseline'. * Get current branch name and pass as parameter. * Pass domain name as parameter to curl container. * Optimize docs for pre-existing AAD group. - Add bash snippet to set pre-existing group. - Add hints to skip user creation / member adding group has members. * Hint for single-tenant deployment. * Make namespace reader group optional. * Fix: Print correct variable name. * Only stage intentionally changed file for commit. * FIx deployment failures on role lookup * Add some clarification to docs. * Make saveenv.sh independent of current directory. * Append suffix to GITOPS variables... ...making sure they are also written to aks_baseline.env by saveenv.sh. * export GITOPS variables. * Revert "FIx deployment failures on role lookup" This reverts commit 9234b57. * Revert "Only stage intentionally changed file for commit." This reverts commit fba516b. * GITOPS variables are just 'local'. * Update 01-prerequisites.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 11-validation.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * Update 03-aad.md Co-authored-by: Chad Kittel <chad.kittel@gmail.com> * GITOPS variables are just 'local'. * Replace WAF configuration with WAF policy. Co-authored-by: Chad Kittel <chad.kittel@gmail.com> Co-authored-by: Chad Kittel <chad.kittel@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change: Replace AppGW WAF config with WAF policy resource.