application-gateway-kubernetes-ingress icon indicating copy to clipboard operation
application-gateway-kubernetes-ingress copied to clipboard

Published 20 hours ago verified publisher icon Azure

Better way to prohibit changes to multiple targets

Open pbloigu opened this issue 4 years ago • 9 comments

Is your feature request related to a problem? Please describe. We have 3 clusters behind an app gw. Each cluster has multiple hosts exposed. For each cluster I now have to create ProhobitedTargets for each of the hostnames in the other two clusters. This is a bit cumbersome.

Describe the solution you'd like I would be fine with either of the two solutions:

  1. Allow for automatically prohibiting changes to hostnames not present in the current cluster
  2. Allow specifying multiple hostnames for a ProhibitedTarget, preferably with a regular expression

pbloigu avatar Jun 26 '20 11:06 pbloigu

Hi @pbloigu , are all of your 3 clusters are AKS clusters?

3quanfeng avatar Jun 29 '20 05:06 3quanfeng

Hi @pbloigu , are all of your 3 clusters are AKS clusters?

Yes they are. Do you have a better approach in mind to achieve what I described that already works with AGIC as it is? I would love to hear about it as I'm in the midst setting up the environments right now. Changing the environment later on will be harder as they're in active use.

pbloigu avatar Jun 29 '20 05:06 pbloigu

No, you will have to configure the prohibited policy on each of the cluster, or you could use one appgw per cluster without any prohibited targets?

3quanfeng avatar Jun 29 '20 05:06 3quanfeng

Yeah, that would incur additional costs which I'm unable to accept at this time. However, the host names are stable and once defined there won't be any new ones, so this is a one time task and I can live with it. In any case, though, the ability to specify multiple hosts for a ProhibitedTarget would be a nice feature to add, I think.

pbloigu avatar Jun 29 '20 10:06 pbloigu

We want to use one application gateway for multiple teams/AKS clusters. One team does not know which URLs the other teams use. For this use case and generally for an easier configuration it would be great to have AzureIngressAllowedTargets with wildcards that can be defined per cluster.

derkoe avatar Aug 11 '20 20:08 derkoe

Hello,

any milestone to deliver this feature? we have exactly the same need as @pbloigu

aelmanaa avatar Jun 25 '21 08:06 aelmanaa

hello @Azure Is there any plan on delivering this functionality? or has it been delivered already? if yes, please direct to link for ref

Gracias

swketechie-mtn-gh avatar Mar 06 '23 18:03 swketechie-mtn-gh

We're still suffering with the same , I think azure should take responsible action on this . At least a wildcard entry support should be there to save efforts and risk.
Sometimes cloud team forgets to add the entries and it gets deleted by AGIC and it affects the production environment. @Azure please provide ref if any update available or developed in the market Thanks, Umesh

umeshjadhav-tss avatar Jan 19 '24 12:01 umeshjadhav-tss

We deal with the same circumstances, as it not really understandable why this is not a top desired feature. We have 4 clusters with 7 Ingresses each, that makes 21 prohibits per cluster vs 7 allowances...

CommanderWayan avatar Apr 19 '24 08:04 CommanderWayan