Possible to use Azure Application Gateway and Azure Firewall on AKS?

Question

I have an AKS cluster running on Azure (managed Kubernetes). I'd like to put a WAF in front of it, using Azure Web Application Gateway. I think this is possible.

But I also want a firewall in front of it, to limit both inbound and outbound traffic. I don't see any documentation on how to combine both an application gateway and a firewall in Azure.

Is this possible? And is this possible using AKS? I tried to get the Application Gateway working on AKS but didn't succeed, I always get a 502 meaning the gateway can't reach the backend pool.

score 3 · Accepted Answer · answered Oct 09 '18 at 18:29

you can put application gateway in front of aks. just use internal load balancer as a balancing mechanism for your services and point properly configured application gateway at it. To use internal load balancer you have to create a service similar to this:

apiVersion: v1
kind: Service
metadata:
  name: name
  annotations:
    service.beta.kubernetes.io/azure-load-balancer-internal: "true"
spec:
  ports:
  - port: port
  selector:
    app: something
  type: LoadBalancer

I dont think you need Azure Firewall, you need Network Security Group (NSG). You can use NSG together with Application gateway, but there are some restrictions you have to keep in mind.
https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#configuration

Overall - yes, this is possible

Possible to use Azure Application Gateway and Azure Firewall on AKS?

1 Answers1