Closed flamingboo closed 4 years ago
@flamingboo not currently as it's in a limited preview state. Setting this as a feature ask and will feed this into the preview feedback.
FYI @ritazh / @LizMS for discussion in next meetings
@julk I cannot see the option of enable /disable Azure Policy in ARM template of AKS API 2020-01-01. Is this still on the roadmap?
@flamingboo this should be doable today, thanks for raising this back up. Could you give this a try?
It's not in the ARM reference because the addonprofile isn't captured in there.
{
"properties": {
"mode": "incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"clusterName": {
"type": "string"
},
"clusterLocation": {
"type": "string"
},
"clusterVersion": {
"type": "string"
}
},
"resources": [
{
"name": "[parameters('clusterName')]",
"type": "Microsoft.ContainerService/managedClusters",
"location": "[parameters('clusterLocation')]",
"apiVersion": "2020-01-01",
"properties": {
"id": "[resourceId('Microsoft.ContainerService/managedClusters', parameters('clusterName'))]",
"kubernetesVersion": "[parameters('clusterVersion')]",
"addonProfiles": {
"azurepolicy": {
"enabled": true
}
}
}
}
]
},
"parameters": {
"clusterName": {
"value": "[field('name')]"
},
"clusterLocation": {
"value": "[field('location')]"
},
"clusterVersion": {
"value": "[field('Microsoft.ContainerService/managedClusters/kubernetesVersion')]"
}
}
}
}
@jluk Perfect! I'll ask my team to test this tomorrow. Thanks!
This issue has been automatically marked as stale because it has not had any activity for 60 days. It will be closed if no further activity occurs within 15 days of this comment.
This issue will now be closed because it hasn't had any activity for 15 days after stale. flamingboo feel free to comment again on the next 7 days to reopen or open a new issue after that time if you still have a question/issue or suggestion.
I see Azure Policy is available in preview: https://docs.microsoft.com/en-us/azure/governance/policy/concepts/rego-for-aks
However, the only option to enable to it is through Azure CLI (as per above link) using addon.
Is there a way to implement this via ARM template ... like oms agent or http application routing addson:
addonProfiles": { "omsagent": { "enabled": "[parameters('enableOMS')]", "config": { "logAnalyticsWorkspaceResourceID": "[parameters('workSpaceId')]" } }, "httpApplicationRouting": { "enabled": "[parameters('enableHttpIngress')]" }
Thx Dan
What happened:
What you expected to happen:
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
Environment:
kubectl version
):