Unintentionally deletion of a WAF HTTP Listener Association with an AGW + AGIC + AKS. Meanwhile, the associcated AGW HTTP Listener still existing.

LyTien Dung 5 Reputation points

Here are existing components:
WAF Policy:

  • Custome rule
  • Associated application gateways: HTTP Listener, fl-2991a50d204b26a829717bbebe722d00


  • AGW has fl-2991a50d204b26a829717bbebe722d00 -> rr-2991a50d204b26a829717bbebe722d00 -> a backend target which is AKS service
  • AGIC standing in the middle of AGW -> AKS
  • AKS has an USER node pool hosting service, pods that linked with fl-2991a50d204b26a829717bbebe722d00

The requirement is WAF policy allows only a list of IP addresses to access into this HTTP Listener fl-2991a50d204b26a829717bbebe722d00, the others HTTP Listener still be allowed to publicly be accessed.

Everything worked as expected until the HTTP Listener Association removed automatically after a period of time.
Even the Listener, Routing Rule, Backend Targets still persist in the AGW.
And it seems that the AGIC ingresscontroller pod did the removal of the association.

This issue forces me to "re-Add" the Association every time to have WAF policy rule applied.

Please! Could you share any idea on fixing this issue in AGW or WAF policy.

Huge thanks!

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,979 questions
{count} votes