Closed Mathias8610 closed 8 months ago
Can be ignored. It works with the appGWsku=Standard_v2. Maybe a Check would make it more "Dummy-Safe" but with the correct SKU it works fine.
Can be ignored. It works with the appGWsku=Standard_v2. Maybe a Check would make it more "Dummy-Safe" but with the correct SKU it works fine.
Thanks First of all, thanks to all the people contributing to this project. It's simply great and makes my life so much easier.
Describe the bug I have a working deployment for AKS. When I add Application Gateway without a firewall (appGWenableFirewall=false), I get the following error:
ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/e24ab5c3-e409-43da-b98f-f35128733a3e/resourceGroups/az-appgwtest/providers/Mic rosoft.Resources/deployments/main","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"ApplicationGatewayFirewallNotConfiguredForSelectedSku","message":"Application Gateway /subscriptions/e24ab5c3-e409-43da-b98f-f35128733a3e/resourceGroups/az-appgwtest/providers/Microsoft.Network/applicationGateways/agw-az-appgwtest with the selected SKU tier WAF_v2 must have a valid WAF policy or configuration","details":[]}]}}
To Reproduce Steps to reproduce the behavior:
Create Resource Group
az group create -l SwitzerlandNorth -n az-appgwtest
Deploy template with in-line parameters
az deployment group create -g az-appgwtest --template-uri https://github.com/Azure/AKS-Construction/releases/download/0.10.3/main.json --parameters
resourceName=az-appgwtest
agentVMSize=Standard_DS2_v2nodePoolName=npwin1
osType=WindowsosSKU=Windows2022
osDiskType=ManagedosDiskSizeGB=32
custom_vnet=trueenableTelemetry=false
ingressApplicationGateway=trueappGWcount=1
appGWsku=WAF_v2appGWenableFirewall=false
automationAccountScheduledStartStop=WeekdayExpected behavior I expect the deployment of a AKS integrated Application Gateway without the firewall feature.