last sync: 2020-Oct-30 14:31:57 UTC

Azure Policy definition

[Deprecated]: Do not allow privileged containers in AKS

Name [Deprecated]: Do not allow privileged containers in AKS
Azure Portal
Id 7ce7ac02-a5c6-45d6-8d1b-844feb1c1531
Version 1.0.1-deprecated
details on versioning
Category Kubernetes service
Microsoft docs
Description This policy does not allow privileged containers creation in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.
Mode Microsoft.ContainerService.Data
Type BuiltIn
Preview FALSE
Deprecated True
Effect Default: EnforceRegoPolicy
Allowed: (EnforceRegoPolicy, Disabled)
Used RBAC Role none
History
Date/Time (UTC ymd) (i) Change type Change detail
2020-06-01 18:36:18 change Previous DisplayName: [Limited Preview]: [AKS] Do not allow privileged containers in AKS
2019-11-12 19:11:12 change Previous DisplayName: [Limited Preview]: Do not allow privileged containers in AKS
Used in Initiatives none
Json
{
  "properties": {
  "displayName": "[Deprecated]: Do not allow privileged containers in AKS",
    "policyType": "BuiltIn",
    "mode": "Microsoft.ContainerService.Data",
    "description": "This policy does not allow privileged containers creation in an Azure Kubernetes Service cluster. This policy is deprecated, please visit https://aka.ms/kubepolicydoc for instructions on using new Kubernetes policies.",
    "metadata": {
      "version": "1.0.1-deprecated",
      "category": "Kubernetes service",
      "deprecated": true
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
        "displayName": "[Deprecated]: Effect",
          "description": "Enable or disable the execution of the policy"
        },
        "allowedValues": [
          "EnforceRegoPolicy",
          "Disabled"
        ],
        "defaultValue": "EnforceRegoPolicy"
      }
    },
    "policyRule": {
      "if": {
        "field": "type",
        "equals": "Microsoft.ContainerService/managedClusters"
      },
      "then": {
      "effect": "[parameters('effect')]",
        "details": {
          "policyId": "ContainerNoPrivilege",
          "policy": "https://raw.githubusercontent.com/Azure/azure-policy/master/built-in-references/KubernetesService/container-no-privilege/limited-preview/gatekeeperpolicy.rego"
        }
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/7ce7ac02-a5c6-45d6-8d1b-844feb1c1531",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "7ce7ac02-a5c6-45d6-8d1b-844feb1c1531"
}