last sync: 2021-Jul-23 16:37:57 UTC

Azure Policy definition

Azure Kubernetes Service Private Clusters should be enabled

Name Azure Kubernetes Service Private Clusters should be enabled
Azure Portal
Id 040732e8-d947-40b8-95d6-854c95024bf8
Version 1.0.0
details on versioning
Category Kubernetes
Microsoft docs
Description Enable the private cluster feature for your Azure Kubernetes Service cluster to ensure network traffic between your API server and your node pools remains on the private network only. This is a common requirement in many regulatory and industry compliance standards.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Default: Audit
Allowed: (Audit, Deny, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2021-03-09 14:37:41 add 040732e8-d947-40b8-95d6-854c95024bf8
Used in Initiatives none
JSON
{
  "properties": {
    "displayName": "Azure Kubernetes Service Private Clusters should be enabled",
    "policyType": "BuiltIn",
    "mode": "Indexed",
    "description": "Enable the private cluster feature for your Azure Kubernetes Service cluster to ensure network traffic between your API server and your node pools remains on the private network only. This is a common requirement in many regulatory and industry compliance standards.",
    "metadata": {
      "version": "1.0.0",
      "category": "Kubernetes"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "Enable or disable the execution of the policy."
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.ContainerService/managedClusters"
          },
          {
            "field": "Microsoft.ContainerService/managedClusters/apiServerAccessProfile.enablePrivateCluster",
            "notEquals": true
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "040732e8-d947-40b8-95d6-854c95024bf8"
}