/area security
/kind enhancement

What would you like to be added:
We would like that option to configure the DDoS paramters for Azure vnet as part of the shoot,yaml file wil be added.
The parameters are:
1 - enable/disable
2- protection plan

Why is this needed:
As part of our ongoing effort to improve our product security and protect against DDoS we want to add it to our clusters vnet.
The workaround of "bring-your-won-vnet" creates a lot of lifecycle effort from our side, an effort which already done as part of the vnet confgirution today (e.g. create, delete, reconcile etc)

Hi @saggir,
thanks for the request. In general this is technically doable. It just a matter on how much infrastructure specific configuration options Gardener and its infrastructure extensions should abstract. We added the bring your own vnet scenario to give users the ability to configure their vnet flexible if required as Gardener probably can never abstract everything.

At this point in time I can't give an estimate when we can tackle this, but if you want/need it urgently you could consider to contribute a PR for it. Happy to help reviewing it.

Thank You!