Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change: Replace AppGW WAF config with WAF policy resource. #316

Merged
merged 39 commits into from
May 9, 2022
Merged

Change: Replace AppGW WAF config with WAF policy resource. #316

Changes from 1 commit
Commits
Show all changes
39 commits
Select commit Hold shift + click to select a range
c53b2e8
Allow communication with API server via udp/1194.
ulkeba Apr 27, 2022
1a1562f
Return IP address instead of res. ID (acc to doc)
ulkeba Apr 27, 2022
391a5e9
Minimal user feedback: echo variables to console.
ulkeba Apr 28, 2022
cdfa294
ifconfig.io to return IPv4 addr for access policy
ulkeba Apr 28, 2022
637567c
Notes for macOS users, having BSD sed.
ulkeba Apr 28, 2022
5849c9d
Improvement to comment.
ulkeba Apr 28, 2022
2f2b4fc
Comment out firewall rule, but add hints.
ulkeba Apr 28, 2022
595e634
Enable FW rule in bicep; remove warning.
ulkeba Apr 28, 2022
a124509
Merge branch 'mspnp:main' into main
ulkeba Apr 30, 2022
0031166
Update references to 'aks-baseline'.
ulkeba Apr 30, 2022
5138d15
Get current branch name and pass as parameter.
ulkeba Apr 30, 2022
9d10690
Pass domain name as parameter to curl container.
ulkeba Apr 30, 2022
2e1e913
Optimize docs for pre-existing AAD group.
ulkeba Apr 30, 2022
6dcfb06
Hint for single-tenant deployment.
ulkeba May 1, 2022
6c76074
Make namespace reader group optional.
ulkeba May 1, 2022
379460e
Fix: Print correct variable name.
ulkeba May 1, 2022
fba516b
Only stage intentionally changed file for commit.
ulkeba May 1, 2022
9234b57
FIx deployment failures on role lookup
ulkeba May 1, 2022
8705e9e
Add some clarification to docs.
ulkeba May 1, 2022
e5ef48a
Make saveenv.sh independent of current directory.
ulkeba May 1, 2022
25d2365
Append suffix to GITOPS variables...
ulkeba May 2, 2022
11214d2
export GITOPS variables.
ulkeba May 2, 2022
3f16ff8
Revert "FIx deployment failures on role lookup"
ulkeba May 2, 2022
150aed4
Merge remote-tracking branch 'mspnp/main' into main
ulkeba May 2, 2022
46297c8
Revert "Only stage intentionally changed file for commit."
ulkeba May 2, 2022
c45f9f9
GITOPS variables are just 'local'.
ulkeba May 2, 2022
27164ef
Update 01-prerequisites.md
ulkeba May 2, 2022
9aac22e
Update 03-aad.md
ulkeba May 2, 2022
ada0835
Update 03-aad.md
ulkeba May 2, 2022
f428e81
Update 03-aad.md
ulkeba May 2, 2022
0a0125f
Update 03-aad.md
ulkeba May 2, 2022
04bae04
Update 11-validation.md
ulkeba May 2, 2022
cbf6c2d
Update 03-aad.md
ulkeba May 2, 2022
881640b
Update 03-aad.md
ulkeba May 2, 2022
2563ded
GITOPS variables are just 'local'.
ulkeba May 2, 2022
9aa9eab
Merge remote-tracking branch 'fork/main' into main
ulkeba May 2, 2022
8c71bb0
Merge branch 'main' of github.com:mspnp/aks-baseline into mspnp-main
ulkeba May 8, 2022
0990481
Merge branch 'mspnp-main' into main
ulkeba May 8, 2022
e9d8dab
Replace WAF configuration with WAF policy.
ulkeba May 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Replace WAF configuration with WAF policy.
  • Loading branch information
@ulkeba
ulkeba committed May 8, 2022
commit e9d8dab201089e5d0dafdbc9cdc928ae364e7d04
32 changes: 24 additions & 8 deletions cluster-stamp.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ var nodeResourceGroupName = 'rg-${clusterName}-nodepools'
var defaultAcrName = 'acraks${subRgUniqueString}'

var agwName = 'apw-${clusterName}'
var wafPolicyName = 'waf-${clusterName}'

var aksIngressDomainName = 'aks-ingress.${domainName}'
var aksBackendDomainName = 'bu0001a0008-00.${aksIngressDomainName}'
Expand Down Expand Up @@ -1680,6 +1681,27 @@ resource st_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-0
dependsOn: []
}

resource wafPolicy 'Microsoft.Network/ApplicationGatewayWebApplicationFirewallPolicies@2021-05-01' = {
name: wafPolicyName
location: location
properties: {
policySettings: {
fileUploadLimitInMb: 10
state: 'Enabled'
mode: 'Prevention'
}
managedRules: {
managedRuleSets: [
{
ruleSetType: 'OWASP'
ruleSetVersion: '3.2'
ruleGroupOverrides: []
}
]
}
}
}

resource agw 'Microsoft.Network/applicationGateways@2021-05-01' = {
name: agwName
location: location
Expand Down Expand Up @@ -1743,14 +1765,8 @@ resource agw 'Microsoft.Network/applicationGateways@2021-05-01' = {
minCapacity: 0
maxCapacity: 10
}
webApplicationFirewallConfiguration: {
enabled: true
firewallMode: 'Prevention'
ruleSetType: 'OWASP'
ruleSetVersion: '3.2'
exclusions: []
fileUploadLimitInMb: 10
disabledRuleGroups: []
firewallPolicy: {
id: wafPolicy.id
}
enableHttp2: false
sslCertificates: [
Expand Down