last sync: 2020-Jul-10 14:05:01 UTC

Azure Policy

[Deprecated]: Ensure containers listen only on allowed ports in AKS

Policy DisplayName [Deprecated]: Ensure containers listen only on allowed ports in AKS
Policy Id 0f636243-1b1c-4d50-880f-310f6199f2cb
Policy Category Kubernetes service
Policy Description This policy enforces containers to listen only on allowed ports in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.
Policy Mode Microsoft.ContainerService.Data
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated True
Policy Effect Default: EnforceRegoPolicy
Allowed: (EnforceRegoPolicy,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-06-01 18:36:18 change: DisplayName previous DisplayName: [Limited Preview]: [AKS] Ensure containers listen only on allowed ports in AKS
2019-11-12 19:11:12 change: DisplayName previous DisplayName: [Limited Preview]: Ensure containers listen only on allowed ports in AKS
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Deprecated]: Ensure containers listen only on allowed ports in AKS",
    "policyType": "BuiltIn",
    "mode": "Microsoft.ContainerService.Data",
    "description": "This policy enforces containers to listen only on allowed ports in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.",
    "metadata": {
      "version": "1.0.1-deprecated",
      "category": "Kubernetes service",
      "deprecated": true
    },
    "parameters": {
      "allowedContainerPortsRegex": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Allowed container ports regex",
          "description": "Regex representing container ports allowed in Kubernetes cluster. E.g. Regex for allowing ports 443,446 is ^(443|446)$"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "EnforceRegoPolicy",
          "Disabled"
        ],
        "defaultValue": "EnforceRegoPolicy"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.ContainerService/managedClusters"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "policyId": "ContainerAllowedPorts",
          "policy": "https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-allowed-ports/limited-preview/gatekeeperpolicy.rego",
          "policyParameters": {
          "allowedContainerPortsRegex": "[parameters('allowedContainerPortsRegex')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/0f636243-1b1c-4d50-880f-310f6199f2cb",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "0f636243-1b1c-4d50-880f-310f6199f2cb"
}