IP range for Azure Application Gateway with integrated WAF

[vandjelk]

Azure Application Gateway requires dedicated subnet.

Azure implementation of IP range does not allow us to create additional subnet. If we would like to deploy Azure Application Gateway into exsiting ip range we would need to extend the feature to supports mutiple subnets.

Alternative approach is to use another IP range for Application Gateway but that also requires changes to existing IP range functionality. Azure IP range creates multiple resources on Azure side in order to fulfill Azure Redis Instance requirements so here is the breakdown:

• Creates Cloud Manager (cm) network with desired address space (spec.cidr)
• Peer cm network with Kyma network
• Creates subnet in cm network by allocating whole address space
• Creates security group
• Creates private DNS zone privatelink.redis.cache.windows.net (or privatelink.redis.cache.chinacloudapi.cn for China restricted market)
• Link private DNS zone to Kyma network

Bottomline in order to use secondary IP range for Application Gateway we need to remove private DNS zone and link from IP range implementation.