Skip to content

Use Azure Policy Add-on with AKS clusters#

Configure Azure Kubernetes Service (AKS) clusters to use Azure Policy Add-on for Kubernetes.

Description#

AKS clusters support integration with Azure Policy using an Open Policy Agent (OPA). Azure Policy integration is provided by an optional add-on that can be enabled on AKS clusters. Once enabled and Azure policies assigned, AKS clusters will enforce the configured constraints.

Examples of policies include:

  • Enforce HTTPS ingress in Kubernetes cluster.
  • Do not allow privileged containers in Kubernetes cluster.
  • Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster.

Recommendation#

Consider installing the Azure Policy Add-on for AKS clusters. Additionally, assign one or more Azure Policy definitions to security controls.

Notes#

Azure Policy for AKS clusters is generally available (GA). Azure Policy for AKS Engine and Arc enabled Kubernetes are currently in preview.


Last update: 2021-09-15