Merge pull request #98 from baoduy/develop

Develop
baoduy · Oct 11, 2024 · e92382c · e92382c
2 parents 4ac8b85 + b33cf86
commit e92382c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 11 deletions.
diff --git a/src/Aks/index.ts b/src/Aks/index.ts
@@ -266,8 +266,8 @@ export default async ({
         },
 
         azurePolicy: { enabled: true },
-        kubeDashboard: { enabled: false },
-        httpApplicationRouting: { enabled: false },
+        // kubeDashboard: { enabled: false },
+        // httpApplicationRouting: { enabled: false },
 
         aciConnectorLinux: {
           enabled: Boolean(network.virtualHostSubnetName),

diff --git a/src/VNet/FirewallPolicies/AksFirewallPolicy.ts b/src/VNet/FirewallPolicies/AksFirewallPolicy.ts
@@ -127,15 +127,24 @@ export default ({
       ],
       destinationPorts: ['443'],
     },
-    // {
-    //   ruleType: 'NetworkRule',
-    //   name: 'others-dns',
-    //   description: 'Others DNS.',
-    //   ipProtocols: ['TCP', 'UDP'],
-    //   sourceAddresses: subnetSpaces,
-    //   destinationAddresses: ['*'],
-    //   destinationPorts: ['53'],
-    // },
+    {
+      ruleType: 'NetworkRule',
+      name: 'aks-allows-commons-dns',
+      description: 'Others DNS.',
+      ipProtocols: ['TCP', 'UDP'],
+      sourceAddresses: ['*'],
+      destinationAddresses: [
+        //Azure
+        '168.63.129.16',
+        //CloudFlare
+        '1.1.1.1',
+        '1.0.0.1',
+        //Google
+        '8.8.8.8',
+        '8.8.4.4',
+      ],
+      destinationPorts: ['53'],
+    },
   );
 
   //AKS Apps Rules