Add new annotation to block ip ranges

[Jasstkn]

Hi!

I would like to suggest adding new annotation to be able block specific IP ranges using NSG, e.g. service.beta.kubernetes.io/azure-blocked-ip-ranges (pretty similar to the existing service.beta.kubernetes.io/azure-allowed-ip-ranges annotation but instead of "allow" - "deny" rules will be created.

Use case: I have the list of IP ranges to be blocked (they are not included in the Azure DDOS protection offering and Azure DDOS doesn't allow to supply a custom IP blocklist).

Is there any ongoing work or interest for such functionality? I am interested in contributing it if the idea is supported by the maintainers of the provider.

[Jasstkn]

Hi @feiskyer @nilo19 @MartinForReal! Do you have any feedback regarding this issue? I would like to understand the maintainers' perspective on this request as early as possible. Thank you in advance.

[Jasstkn]

ping @feiskyer @nilo19 @MartinForReal

[nilo19]

Hi @Jasstkn it's on our list but not prioritized. We will assess this once we have time, thank you.

[Jasstkn]

@nilo19 hi! any update on this request?

[nilo19]

hi @Jasstkn , not yet.

[nilo19]

/kind feature