last sync: 2021-Sep-27 15:52:17 UTC

Azure Policy definition

[Deprecated]: Pod Security Policies should be defined on Kubernetes Services

Name [Deprecated]: Pod Security Policies should be defined on Kubernetes Services
Azure Portal
Id 3abeb944-26af-43ee-b83d-32aaf060fb94
Version 1.0.0-deprecated
details on versioning
Category Security Center
Microsoft docs
Description Define Pod Security Policies to reduce the attack vector by removing unnecessary application privileges. It is recommended to configure Pod Security Policies to only allow pods to access the resources which they have permissions to access.
Mode All
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default: Disabled
Allowed: (Audit, Disabled)
Used RBAC Role none
History none
Used in Initiatives none
JSON
{
  "displayName": "[Deprecated]: Pod Security Policies should be defined on Kubernetes Services",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "Define Pod Security Policies to reduce the attack vector by removing unnecessary application privileges. It is recommended to configure Pod Security Policies to only allow pods to access the resources which they have permissions to access.",
  "metadata": {
    "version": "1.0.0-deprecated",
    "category": "Security Center",
    "deprecated": true
  },
  "parameters": {
    "effect": {
      "type": "String",
      "metadata": {
        "displayName": "Effect",
        "description": "Enable or disable the execution of the policy"
      },
      "allowedValues": [
        "Audit",
        "Disabled"
      ],
      "defaultValue": "Disabled"
    }
  },
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.ContainerService/managedClusters"
        },
        {
          "anyOf": [
            {
              "field": "Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy",
              "exists": "false"
            },
            {
              "field": "Microsoft.ContainerService/managedClusters/enablePodSecurityPolicy",
              "equals": "false"
            }
          ]
        }
      ]
    },
    "then": {
      "effect": "[parameters('effect')]"
    }
  }
}