[BUG] FW rules - March release requires Windows Server Failover Cluster Object IP

[Elektronenvolt]

We use a network setup as described here: https://github.com/Azure/aks-hybrid/issues/97#issue-897601769 vlan 100 -> physical hardware vlan 200 -> AKS Hybrid VMs

And based on documented Firewall rules https://learn.microsoft.com/en-us/azure/aks/hybrid/system-requirements?tabs=allow-table#aks-on-azure-stack-hci-and-windows-server-requirements these Firewall rules:

From vlan 100 to vlan 200 Source: physical node IPs + cloudserviceCIDR Destination: AKS Hybrid IP range TCP Ports 22, 6443, 46000

From vlan 200 to vlan 100 Source: AKS Hybrid IP range Destination: physical node IPs + cloudserviceCIDR TCP Ports 55000, 65000

Since the March 2023 we must add the Failover Cluster Object IP address.

To Reproduce Install a release before March 2023 - physical node IPs + cloudserviceCIDR are ok. Install the March 2023 release - physical node IPs + cloudserviceCIDR + the Failover Cluster Object IP are required

Expected behavior

Screenshots

Environment (please complete the following information):

• OS: Windows Server 2022
• Version 1.1.68
• AKS-HCI Version : March 2023
• Kubernetes Version

Collect log files

• From a PowerShell Admin window run Get-AksHciLogs
• If you are running into issues with the deployment wizard in Windows Admin Center, run Get-SMEUILogs.ps1 from the machine hosting Windows Admin Center.”