feat: restrict backend API to private access in WAF mode #39405

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: Abdul-Microsoft

Deployment/kubernetes/deploy.ingress.internal.yaml.template

@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kmgs-ingress-internal
+  namespace: ns-km
+  annotations:
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/send-timeout: "3600"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  ingressClassName: webapprouting.kubernetes.azure.com
+  rules:
+  - http:
+      paths:
+      - path: /backend(/|$)(.*)
+        pathType: Prefix
+        backend:
+          service:
+            name: aiservice-service
+            port:
+              number: 9001

Deployment/kubernetes/deploy.ingress.waf.yaml.template

@@ -0,0 +1,37 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kmgs-ingress
+  namespace: ns-km
+  annotations:
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/use-regex: "true"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/send-timeout: "3600"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+spec:
+  ingressClassName: webapprouting.kubernetes.azure.com
+  defaultBackend:
+    service:
+      name: frontapp-service
+      port:
+        number: 5900
+  rules:
+  - host: {{ fqdn }}
+    http:
+      paths:
+      - path: /()(.*)
+        pathType: Prefix
+        backend:
+          service:
+            name: frontapp-service
+            port:
+              number: 5900
+  tls:
+  - hosts:
+    - {{ fqdn }}
+    secretName: secret-kmgs

Deployment/resourcedeployment.ps1

@@ -551,6 +551,16 @@ try {
 
     Write-Host "Validation Completed" -ForegroundColor Green
 
+    # Detect WAF deployment mode from resource group tag (set by Bicep: Type = 'WAF' | 'Non-WAF')
+    $isWafDeployment = $false
+    $rgDeploymentType = az group show --name $deploymentResult.ResourceGroupName --query "tags.Type" -o tsv 2>$null
+    if ($rgDeploymentType -eq "WAF") {
+        $isWafDeployment = $true
+        Write-Host "WAF deployment mode detected. Backend APIs will be restricted to private access." -ForegroundColor Cyan
+    } else {
+        Write-Host "Non-WAF deployment mode detected. Standard deployment will be used." -ForegroundColor Yellow
+    }
+
     # Step 1-3 Loading aiservice's configution file template then replace the placeholder with the actual values
     # Define the placeholders and their corresponding values for AI service configuration
 
@@ -834,12 +844,19 @@ try {
     $certManagerTemplate | Set-Content -Path $certManagerPath -Force
 
     # 3.2 Update deploy.ingress.yaml.template file and save as deploy.ingress.yaml
-    # webfront / apibackend
+    # In WAF mode, use the WAF-specific template that only exposes the frontend publicly
+    # In non-WAF mode, use the standard template that exposes both frontend and backend
     $ingressPlaceholders = @{
         '{{ fqdn }}' = $fqdn
     }
 
-    $ingressTemplate = Get-Content -Path .\kubernetes\deploy.ingress.yaml.template -Raw
+    if ($isWafDeployment) {
+        $ingressTemplatePath = ".\kubernetes\deploy.ingress.waf.yaml.template"
+        Write-Host "Using WAF ingress template (frontend-only public access)." -ForegroundColor Cyan
+    } else {
+        $ingressTemplatePath = ".\kubernetes\deploy.ingress.yaml.template"
+    }
+    $ingressTemplate = Get-Content -Path $ingressTemplatePath -Raw
     $ingress = Invoke-PlaceholdersReplacement $ingressTemplate $ingressPlaceholders
     $ingressPath = ".\kubernetes\deploy.ingress.yaml"
     $ingress | Set-Content -Path $ingressPath -Force
@@ -1003,6 +1020,19 @@ try {
     # 5.5. Deploy Ingress Controller in Kubernetes for external access
     kubectl apply -f "./kubernetes/deploy.ingress.yaml" -n $kubenamespace
 
+    # 5.6. WAF Mode: Deploy internal backend ingress and network policies
+    if ($isWafDeployment) {
+        Write-Host "Applying WAF-specific configurations: internal backend ingress and network policies..." -ForegroundColor Cyan
+
+        # Deploy internal ingress for backend services (no public exposure)
+        kubectl apply -f "./kubernetes/deploy.ingress.internal.yaml.template" -n $kubenamespace
+
+        # Deploy network policies to restrict backend traffic to internal only
+        kubectl apply -f "./kubernetes/deploy.networkpolicy.yaml" -n $kubenamespace
+
+        Write-Host "WAF network policies and internal backend ingress applied successfully." -ForegroundColor Green
+    }
+
     # #####################################################################
     # # Data file uploading
     # Show-Banner -Title "Step 9 : Sample Data Uploading to the Backend API - https://${fqdn}/backend/Documents/ImportDocument"

docs/DeploymentGuide.md

@@ -119,6 +119,8 @@ Review the configuration options below. You can customize any settings that meet
 | **Use Case** | POCs, development, testing | Production workloads |
 | **Framework** | Basic configuration | [Well-Architected Framework](https://learn.microsoft.com/en-us/azure/well-architected/) |
 | **Features** | Core functionality | Reliability, security, operational excellence |
+| **Backend API Access** | Public (accessible via ingress) | Private (internal-only, not exposed to public internet) |
+| **Network Policies** | None | Kubernetes NetworkPolicy isolates backend from external traffic |
 
 **To use production configuration:**
 
@@ -142,7 +144,28 @@ azd env set AZURE_ENV_VM_ADMIN_USERNAME <your-username>
 azd env set AZURE_ENV_VM_ADMIN_PASSWORD <your-password>
 ```
 
-### 3.3 Advanced Configuration (Optional)
+### 3.3 WAF Deployment: Network Architecture (Production Only)
+
+> **Note:** This section describes the networking architecture automatically configured when using the **Production** deployment type (WAF mode).
+
+When deploying with WAF configuration (`enablePrivateNetworking: true`), the following security measures are applied:
+
+- **AKS Private Cluster**: The AKS API server is configured as a private cluster, not accessible from the public internet.
+- **Frontend-Only Public Ingress**: Only the frontend web application is exposed publicly through the WAF/Application Gateway ingress. The `/backend` API route is removed from the public ingress.
+- **Internal Backend Ingress**: Backend API services (`aiservice`, `kernelmemory`) are accessible only through an internal ingress that is not exposed to the public internet.
+- **Kubernetes Network Policies**: NetworkPolicy resources enforce traffic isolation — backend pods only accept traffic from frontend pods and the internal ingress controller within the cluster.
+- **Private Endpoints**: All Azure PaaS services (Cosmos DB, Storage, Search, OpenAI, etc.) use private endpoints and are not accessible from the public internet.
+
+**Traffic Flow (WAF mode):**
+```
+Internet → WAF/Application Gateway → Public Ingress → Frontend (frontapp)
+                                                         ↓ (internal)
+                                                   Backend (aiservice) → Azure PaaS (via Private Endpoints)
+                                                         ↓ (internal)
+                                                   Kernel Memory Service → Azure PaaS (via Private Endpoints)
+```
+
+### 3.4 Advanced Configuration (Optional)
 
 <details>
 <summary><b>Configurable Parameters</b></summary>

infra/main.bicep

@@ -960,13 +960,14 @@ module managedCluster 'br/public:avm/res/container-service/managed-cluster:0.10.
     dnsPrefix: 'aks-${solutionSuffix}'
     enableRBAC: true
     disableLocalAccounts: false
-    publicNetworkAccess: 'Enabled'
+    // WAF aligned configuration for Private Networking
+    publicNetworkAccess: enablePrivateNetworking ? 'SecuredByPerimeter' : 'Enabled'
     managedIdentities: {
       systemAssigned: true
     }
     serviceCidr: '10.20.0.0/16'
     dnsServiceIP: '10.20.0.10'
-    enablePrivateCluster: false
+    enablePrivateCluster: enablePrivateNetworking
     primaryAgentPoolProfiles: [
       {
         name: 'agentpool'