Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
690 questions
Application Gateway for Containers, how to secure the public IP on the frontend?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 25%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBO%3C/text%3E%3C/svg%3E)
bryan oakley-wiggins
0
Reputation points
Question: Securing Public IP frontend for Application Gateway for Containers
I am considering using Azure Application Gateway for Containers with my internal private DNS and a private AKS cluster. I would appreciate some guidance on how best to secure the public IP for the frontend, whilst there is no immediate support for private IP on the frontend. Specifically, I want to ensure that the public IP is protected while integrating with my internal private DNS and private AKS cluster.
What are the best practices and steps to achieve this setup, with Application Gateway for Containers?
Thank you.
{count} votes
-
Deepanshukatara-6769 10,210 Reputation points2024-06-21T08:09:45.4833333+00:00 Hi, Welcome to MS Q&A
To secure the public IP for the frontend of Azure Application Gateway for Containers, it is recommended to use Azure Application Gateway with Web Application Firewall (WAF) or you can use Azure firewall which can protect all traffic from l3 to l7
For more information, you can refer to the following Azure documentation:
- Best practices and considerations for Azure Container Instances
- Protect Azure Container Apps with Web Application Firewall on Application Gateway
- Use Azure Firewall to protect Azure Kubernetes Service (AKS) clusters
Ref Image
Kindly accept answer if it helps, please let us know if further questions
Thanks
Deepanshu
-
bryan oakley-wiggins 0 Reputation points
2024-06-21T08:44:05.69+00:00 thank you for your answer. Is the recommendation, to also add an 'application gateway' (with WAF) to secure the 'application gateway for containers' frontend(s)? I was looking to only be using AGC for my private aks. Apologies if I have misunderstood your suggestion? Thank you Bry
-
KapilAnanth-MSFT 46,776 Reputation points Microsoft Employee2024-06-26T12:33:20.2066667+00:00 Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are using an Application Gateway for Containers and concerned about securing the public IP
You must note that Application Gateway for Containers is not as same as a Application Gateway and is a PaaS Service.
With that said,
- Public IP as a standalone resource is inherently protected by the default infrastructure-level DDoS protection.
- Additionally, you can use DDoS IP Protection
- However, with Application Gateway for Containers, the Public IP is not standalone.- It comes with the service and is protected by the default infrastructure-level DDoS protection.
From what I can see, WAF is not supported in Application Gateway for Containers.
Cheers,
Kapil
- Public IP as a standalone resource is inherently protected by the default infrastructure-level DDoS protection.
Sign in to comment
Sign in to answer