💡 Feature Request - NSG is whitelisting by IP address for outbound access for AKS

Azure / Azure-Proactive-Resiliency-Library-v2

Azure Proactive Resiliency Library v2 (APRL) - Source for Azure WAF reliability guidance and associated ARG queries

MIT License

69 stars 82 forks source link

Open lloydlimmsft opened 1 month ago

lloydlimmsft commented 1 month ago

Customer created NSG is whitelisting by IP address for outbound access for AKS

AKS requires various wildcard domains to ensure the management and control plane is functional https://learn.microsoft.com/en-us/azure/aks/outbound-rules-control-egress

Customer using NSG to permit only these by IP (instead of name) is not recommended as IP addresses can change anytime.

oZakari commented 2 weeks ago

@mosabami is this something your team can create a recommendation for?