feat: restrict backend API to private access in WAF mode #39405

[Abdul-Microsoft]

Purpose

• Implement private backend access for WAF (Well-Architected Framework) deployment mode, ensuring backend APIs (aiservice, kernelmemory) are not directly exposed to the public internet.
• Add Kubernetes NetworkPolicy to restrict direct external traffic to backend pods.
• Add internal-only ingress for backend service routing within the cluster.
• Fix DNS name reuse on script re-runs to prevent hostname mismatch when the deployment script is re-executed.

Does this introduce a breaking change?

• Yes
• No

Golden Path Validation

• I have tested the primary workflows (the "golden path") to ensure they function correctly without errors.

Deployment Validation

• I have validated the deployment process successfully and all services are running as expected with this change.

What to Check

Verify that the following are valid

• Frontend is publicly accessible via HTTPS
• Backend is NOT directly accessible on port 9001 (should timeout)
• Backend is accessible only through ingress proxy (/backend path)
• File upload and document retrieval working end-to-end
• NetworkPolicy deny-external-to-backend is active and enforcing traffic restrictions
• Re-running the deployment script does not change the DNS name

Other Information

New Files

• Deployment/kubernetes/deploy.ingress.waf.yaml.template - WAF-specific public ingress that routes frontend publicly and backend through ingress proxy
• Deployment/kubernetes/deploy.ingress.internal.yaml.template - Internal-only ingress for backend service routing
• Deployment/kubernetes/deploy.networkpolicy.yaml.template - Kubernetes NetworkPolicy restricting direct external access to backend pods

Modified Files

• Deployment/resourcedeployment.ps1 - Added WAF-mode conditional block to apply internal ingress and network policies; Fixed DNS name reuse on re-runs
• infra/main.bicep - WAF deployment flag support
• docs/DeploymentGuide.md - Added WAF network architecture documentation

Architecture (WAF Mode)

• Public Ingress - Frontend only + /backend routed internally via nginx proxy
• Internal Ingress - Backend services accessible only within cluster
• NetworkPolicy - Blocks direct external traffic to backend pods, allows only frontapp pods, ingress controller, and inter-service communication
• All PaaS services - Behind private endpoints (Storage, CosmosDB, OpenAI, AI Search, etc.)