When you deploy Azure resources, you are prompted by the deployment script to supply a range of IP addresses to allow to access the API services. The client application will not work if the appropriate Power Automate (Azure Logic Apps) outbound IP addresses are not allowlisted. Additionally, if you need to test the API from Postman, you will need to add your own IP address to the list. If you need to add IP addresses to the allowlist post-deployment, you can follow these instructions:
- Go to the resource group for your deployment (rg-esgdocanalysisxxxxx)
- Select the Azure Kubernetes Service resource (aks-esgdocanalysisxxxxx)
- Press the Start button if your Kubernetes service is stopped and wait until it is running
- Select Kubernetes resources > Services and ingresses > Ingresses > ingress-aiservice > YAML to edit your ingress resource's metadata
- Add your desired IP addresses to the
nginx.ingress.kubernetes.io/whitelist-source-rangeannotation and thekubectl.kubernetes.io/last-applied-configurationannotation - Click the Review + save button
- Check the confirm manifest changes box and click Save
IMPORTANT SECURITY NOTE: The API service endpoints can only be accessed from client apps with IPs that are white listed. After deployment, you will need to implement additional API security to prevent unauthorized use. It is advised to monitor access and scan system logs to detect unusual patterns.