Tilgangen til APIet på AKS bør begrenses til gitte IP-adresser

Altinn / altinn-platform

Altinn Platform infrastructure

6 stars 1 forks source link

Tilgangen til APIet på AKS bør begrenses til gitte IP-adresser #50

Open annerisbakk opened 2 years ago

annerisbakk commented 2 years ago

https://dev.azure.com/digdir/Altinn/_workitems/edit/43753 Ref: https://docs.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges

Her må en vurdere hvordan dette passer med Azure DevOps og terraform.

[ ] Begrense tilgangen til platform-kluster APIet
[ ] Begrense tilgangen til Altinn Studio APIet
[ ] Begrense tilgangen på AKS APIet til tjenesteeierkluster
[ ] Vurdere om vi kan begrense IP-adressene tilstrekkelig

SandGrainOne commented 2 years ago

We've added a dependency to issue #231. We would like a mechanism were we can avoid the need for a an extra virutal machine just to access resources in Azure.

ghost commented 2 years ago

@SandGrainOne This might be a mechanism to consider.

bengtfredh commented 2 years ago

Setting restriction on AKS api will prevent use of virtual nodes:

https://learn.microsoft.com/en-us/azure/aks/virtual-nodes#:~:text=Using%20api%20server%20authorized%20ip%20ranges%20for%20AKS.