Use Azure Policy Add-on with AKS clusters#
Configure Azure Kubernetes Service (AKS) clusters to use Azure Policy Add-on for Kubernetes.
AKS clusters support integration with Azure Policy using an Open Policy Agent (OPA). Azure Policy integration is provided by an optional add-on that can be enabled on AKS clusters. Once enabled and Azure policies assigned, AKS clusters will enforce the configured constraints.
Examples of policies include:
- Enforce HTTPS ingress in Kubernetes cluster.
- Do not allow privileged containers in Kubernetes cluster.
- Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster.
Consider installing the Azure Policy Add-on for AKS clusters. Additionally, assign one or more Azure Policy definitions to security controls.
Azure Policy for AKS clusters is generally available (GA). Azure Policy for AKS Engine and Arc enabled Kubernetes are currently in preview.
- Governance, risk, and compliance
- Understand Azure Policy for Kubernetes clusters
- Overview of securing pods with Azure Policy for AKS