last sync: 2020-Jul-07 14:21:17 UTC

Azure Policy

[Deprecated]: Enforce labels on pods in AKS

Policy DisplayName [Deprecated]: Enforce labels on pods in AKS
Policy Id 16c6ca72-89d2-4798-b87e-496f9de7fcb7
Policy Category Kubernetes service
Policy Description This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.
Policy Mode Microsoft.ContainerService.Data
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated True
Policy Effect Default: EnforceRegoPolicy
Allowed: (EnforceRegoPolicy,Disabled)
Roles used none
Policy Changes
Date/Time (UTC ymd) (i) Change Change detail
2020-06-01 18:36:18 change: DisplayName previous DisplayName: [Limited Preview]: [AKS] Enforce labels on pods in AKS
2019-11-12 19:11:12 change: DisplayName previous DisplayName: [Limited Preview]: Enforce labels on pods in AKS
Used in Policy Initiative(s) none
Policy Rule
{
  "properties": {
  "displayName": "[Deprecated]: Enforce labels on pods in AKS",
    "policyType": "BuiltIn",
    "mode": "Microsoft.ContainerService.Data",
    "description": "This policy enforces the specified labels are provided for pods in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.",
    "metadata": {
      "version": "1.0.1-deprecated",
      "category": "Kubernetes service",
      "deprecated": true
    },
    "parameters": {
      "commaSeparatedListOfLabels": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Comma-separated list of labels",
          "description": "A comma-separated list of labels to be specified on Pods in Kubernetes cluster. E.g. test1,test2"
        }
      },
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "EnforceRegoPolicy",
          "Disabled"
        ],
        "defaultValue": "EnforceRegoPolicy"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.ContainerService/managedClusters"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "policyId": "PodEnforceLabels",
          "policy": "https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/pod-enforce-labels/limited-preview/gatekeeperpolicy.rego",
          "policyParameters": {
          "commaSeparatedListOfLabels": "[parameters('commaSeparatedListOfLabels')]"
          }
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/16c6ca72-89d2-4798-b87e-496f9de7fcb7",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "16c6ca72-89d2-4798-b87e-496f9de7fcb7"
}