last sync: 2020-Oct-30 14:31:57 UTC

Azure Policy definition

[Deprecated]: Enforce labels on pods in AKS

Name [Deprecated]: Enforce labels on pods in AKS
Azure Portal
Id 16c6ca72-89d2-4798-b87e-496f9de7fcb7
Version 1.0.1-deprecated
details on versioning
Category Kubernetes service
Microsoft docs
Description This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.
Mode Microsoft.ContainerService.Data
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default: EnforceRegoPolicy
Allowed: (EnforceRegoPolicy, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-06-01 18:36:18 change Previous DisplayName: [Limited Preview]: [AKS] Enforce labels on pods in AKS
2019-11-12 19:11:12 change Previous DisplayName: [Limited Preview]: Enforce labels on pods in AKS
Used in Initiatives none
Json
{
  "properties": {
  "displayName": "[Deprecated]: Enforce labels on pods in AKS",
    "policyType": "BuiltIn",
    "mode": "Microsoft.ContainerService.Data",
    "description": "This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.",
    "metadata": {
      "version": "1.0.1-deprecated",
      "category": "Kubernetes service",
      "deprecated": true
    },
    "parameters": {
      "commaSeparatedListOfLabels": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Comma-separated list of labels",
          "description": "A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "EnforceRegoPolicy",
          "Disabled"
        ],
        "defaultValue": "EnforceRegoPolicy"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.ContainerService/managedClusters"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "policyId": "PodEnforceLabels",
          "policy": "https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego",
          "policyParameters": {
          "commaSeparatedListOfLabels": "[parameters('commaSeparatedListOfLabels')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "16c6ca72-89d2-4798-b87e-496f9de7fcb7"
}