Azure Policies for Azure Kubernetes Service - Part 1
Introduction
The Azure Platform supplies over 100 policies for deployment (including preview policies). These assist with configuration and management of Azure Kubernetes Service (AKS). In this blog series will be looking at the current policies available. Due to the number available we will split these posts out into the following areas.
- Kubernetes cluster pod security baseline standards for Linux-based workloads
- Kubernetes cluster pod security restricted standards for Linux-based workloads
- [Preview]: Deployment safeguards should help guide developers towards AKS recommended best practices
- [Preview]: Use Image Integrity to ensure only trusted images are deployed
- Other Policies for Cluster Configuration
- [Preview]: Other Policies for Cluster Configuration
- Other Policies for Container Configuration
- [Preview]: Other Policies for Container Configuration
- GitOps Configuration
Initially we will look at the 4 available Policies Initiatives, followed by the other available policies broken down by Cluster, Container and Resource, and GitOps Configuration.
Azure Policy
Azure Policy is a service to enforce compliance and other organisation standards across the organisation’s Azure estate. It provides an aggregated view of all active policies on the dashboard. These policies can be used to ensure resources are deployed to specific regions, using specific SKUs, configured with logging settings.
The policies are evaluated on a regular frequency which updates the central dashboard. Policies can also be configured to deploy services and configurations when resources are not compliant.
In relation to AKS, Azure Policy extends Gatekeeper an admission controller that runs within the cluster, this allows for cluster configuration and guardrails to be deployed in a consistent and centralised way. These policies also report to the central dashboard. These policies are managed via the Azure Policy Add-On within AKS, or via the Policy Extension for Arc-enabled clusters.