search

Azure / AKS-Construction

Accelerate your onboarding to AKS with; Helper Web App, bicep templating and CI/CD samples. Flexible & secure AKS baseline implementations in a Microsoft + community maintained reference implementation.
https://azure.github.io/AKS-Construction/
MIT License
356 stars 165 forks source link

Deployment of Application Gateway without Firewall returns error code "ApplicationGatewayFirewallNotConfiguredForSelectedSku" #678

Closed Mathias8610 closed 8 months ago

Mathias8610 commented 8 months ago

Thanks First of all, thanks to all the people contributing to this project. It's simply great and makes my life so much easier.

Describe the bug I have a working deployment for AKS. When I add Application Gateway without a firewall (appGWenableFirewall=false), I get the following error:

ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/e24ab5c3-e409-43da-b98f-f35128733a3e/resourceGroups/az-appgwtest/providers/Mic rosoft.Resources/deployments/main","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"ApplicationGatewayFirewallNotConfiguredForSelectedSku","message":"Application Gateway /subscriptions/e24ab5c3-e409-43da-b98f-f35128733a3e/resourceGroups/az-appgwtest/providers/Microsoft.Network/applicationGateways/agw-az-appgwtest with the selected SKU tier WAF_v2 must have a valid WAF policy or configuration","details":[]}]}}

To Reproduce Steps to reproduce the behavior:

Create Resource Group

az group create -l SwitzerlandNorth -n az-appgwtest

Deploy template with in-line parameters

az deployment group create -g az-appgwtest --template-uri https://github.com/Azure/AKS-Construction/releases/download/0.10.3/main.json --parameters resourceName=az-appgwtest agentVMSize=Standard_DS2_v2 nodePoolName=npwin1 osType=Windows osSKU=Windows2022 osDiskType=Managed osDiskSizeGB=32 custom_vnet=true enableTelemetry=false ingressApplicationGateway=true appGWcount=1 appGWsku=WAF_v2 appGWenableFirewall=false automationAccountScheduledStartStop=Weekday

Expected behavior I expect the deployment of a AKS integrated Application Gateway without the firewall feature.

Mathias8610 commented 8 months ago

Can be ignored. It works with the appGWsku=Standard_v2. Maybe a Check would make it more "Dummy-Safe" but with the correct SKU it works fine.

Mathias8610 commented 8 months ago

Can be ignored. It works with the appGWsku=Standard_v2. Maybe a Check would make it more "Dummy-Safe" but with the correct SKU it works fine.