Configure installation of Flux extension on Kubernetes cluster

Azure BuiltIn Policy definition

Alias

Namespace

ResourceType

Path

PathIsDefault

DefaultPath

Modifiable

Microsoft.KubernetesConfiguration/extensions/autoUpgradeMinorVersion

Microsoft.KubernetesConfiguration

extensions

properties.autoUpgradeMinorVersion

True

False

Microsoft.KubernetesConfiguration/extensions/extensionType

Microsoft.KubernetesConfiguration

extensions

properties.extensionType

True

False

Microsoft.KubernetesConfiguration/extensions/provisioningState

Microsoft.KubernetesConfiguration

extensions

properties.provisioningState

True

False

Microsoft.KubernetesConfiguration/extensions/releaseTrain

Microsoft.KubernetesConfiguration

extensions

properties.releaseTrain

True

False

Microsoft.KubernetesConfiguration/extensions/version

Microsoft.KubernetesConfiguration

extensions

properties.version

True

False

Date/Time (UTC ymd) (i)

Change type

Change detail

2022-08-19 16:33:23

add

f9175d5f-abc8-1dc3-bd3c-5d7476ada3d1

{

displayName: "Configure installation of Flux extension on Kubernetes cluster",
policyType: "BuiltIn",
mode: "Indexed",
description: "Install Flux extension on Kubernetes cluster to enable deployment of 'fluxconfigurations' in the cluster",
metadata: {2 items
- version: "1.0.0",
- category: "Kubernetes"
},
parameters: {8 items
- helmControllerEnabled: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Enable Flux Helm Controller",
    - description: "Flag to enable or disable the Helm controller. Set to false if you don't need Helm support. Learn more: https://aka.ms/flux-extension-management"
    },
  - defaultValue: true
  },
- notificationControllerEnabled: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Enable Flux Notification Controller",
    - description: "Flag to enable or disable the Notification controller. Set to false if you don't need to use the Notification controller. Learn more: https://aka.ms/flux-extension-management"
    },
  - defaultValue: true
  },
- imageAutomationController: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Enable Flux Image Automation Controller",
    - description: "Flag to enable or disable the Image Automation controller. Set to true if you need Image Automation controller. Learn more: https://aka.ms/flux-extension-management"
    },
  - defaultValue: false
  },
- imageReflectorController: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Enable Flux Image Reflector Controller",
    - description: "Flag to enable or disable the Image Reflector controller. Set to true if you need to use the Image Reflector controller. Learn more: https://aka.ms/flux-extension-management"
    },
  - defaultValue: false
  },
- releaseTrain: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Release Train",
    - description: "The release train this extension participates in for auto-upgrade if autoUpgradeMinorVersion is 'true'."
    },
  - allowedValues: [1 item
    - "Stable"
    ],
  - defaultValue: "Stable"
  },
- autoUpgradeMinorVersion: {3 items
  - type: "Boolean",
  - metadata: {2 items
    - displayName: "Auto Upgrade Minor Version",
    - description: "Flag to control if this extension participates in auto upgrade of minor version or not."
    },
  - defaultValue: true
  },
- version: {3 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Version",
    - description: "Indicate a specific version you want to install, otherwise leave blank. autoUpgradeMinorVersion must be 'false'."
    },
  - defaultValue: ""
  },
- effect: {4 items
  - type: "String",
  - metadata: {2 items
    - displayName: "Effect",
    - description: "Enable or disable the execution of the policy"
    },
  - allowedValues: [2 items
    - "DeployIfNotExists",
    - "Disabled"
    ],
  - defaultValue: "DeployIfNotExists"
  }
},
policyRule: {2 items
- if: {2 items
  - field: "type",
  - in: [2 items
    - "Microsoft.Kubernetes/connectedClusters",
    - "Microsoft.ContainerService/managedClusters"
    ]
  },
- then: {2 items
  - effect: "[parameters('effect')]",
  - details: {4 items
    - type: "Microsoft.KubernetesConfiguration/extensions",
    - roleDefinitionIds: [1 item
      - "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c" Contributor
      ],
    - existenceCondition: {1 item
      - allOf: [5 items
        {2 items
        field: "Microsoft.KubernetesConfiguration/extensions/extensionType",
        equals: "microsoft.flux"
        },
        {2 items
        field: "Microsoft.KubernetesConfiguration/extensions/provisioningState",
        equals: "Succeeded"
        },
        {2 items
        field: "Microsoft.KubernetesConfiguration/extensions/releaseTrain",
        equals: "[parameters('releaseTrain')]"
        },
        {2 items
        field: "Microsoft.KubernetesConfiguration/extensions/autoUpgradeMinorVersion",
        equals: "[parameters('autoUpgradeMinorVersion')]"
        },
        {1 item
        anyOf: [2 items
        {1 item
        allOf: [2 items
        {2 items
        field: "Microsoft.KubernetesConfiguration/extensions/autoUpgradeMinorVersion",
        equals: "false"
        },
        {2 items
        field: "Microsoft.KubernetesConfiguration/extensions/version",
        equals: "[parameters('version')]"
        }
        ]
        },
        {2 items
        field: "Microsoft.KubernetesConfiguration/extensions/autoUpgradeMinorVersion",
        equals: "true"
        }
        ]
        }
        ]
      },
    - deployment: {1 item
      - properties: {3 items
        mode: "incremental",
        template: {4 items
        $schema: "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
        contentVersion: "1.0.0.0",
        parameters: {9 items
        clusterName: {1 item
        type: "string"
        },
        clusterResourceType: {1 item
        type: "string"
        },
        helmControllerEnabled: {1 item
        type: "bool"
        },
        notificationControllerEnabled: {1 item
        type: "bool"
        },
        imageAutomationController: {1 item
        type: "bool"
        },
        imageReflectorController: {1 item
        type: "bool"
        },
        releaseTrain: {1 item
        type: "string"
        },
        autoUpgradeMinorVersion: {1 item
        type: "bool"
        },
        version: {1 item
        type: "string"
        }
        },
        resources: [2 items
        {8 items
        condition: 🔍"[ contains( toLower( parameters('clusterResourceType') ), toLower( 'connectedclusters' ) ) ]",
        comments: "Install the Flux extension in the connected (ARC) cluster.",
        type: "Microsoft.KubernetesConfiguration/extensions",
        name: "flux",
        apiVersion: "2022-03-01",
        identity: {1 item
        type: "SystemAssigned"
        },
        properties: {5 items
        extensionType: "microsoft.flux",
        releaseTrain: "[parameters('releaseTrain')]",
        autoUpgradeMinorVersion: "[parameters('autoUpgradeMinorVersion')]",
        version: 🔍"[ if( and( not( empty( parameters('version') ) ), not( parameters('autoUpgradeMinorVersion') ) ), parameters('version'), json( 'null' ) ) ]",
        configurationSettings: {4 items
        helm-controller.enabled: "[parameters('helmControllerEnabled')]",
        notification-controller.enabled: "[parameters('notificationControllerEnabled')]",
        image-automation-controller.enabled: "[parameters('imageAutomationController')]",
        image-reflector-controller.enabled: "[parameters('imageReflectorController')]"
        }
        },
        scope: 🔍"[ concat( 'Microsoft.Kubernetes/connectedClusters/', parameters('clusterName') ) ]"
        },
        {7 items
        condition: 🔍"[ contains( toLower( parameters('clusterResourceType') ), toLower( 'managedclusters' ) ) ]",
        comments: "Install the Flux extension in the managed (AKS) cluster.",
        type: "Microsoft.KubernetesConfiguration/extensions",
        name: "flux",
        apiVersion: "2022-03-01",
        properties: {5 items
        extensionType: "microsoft.flux",
        releaseTrain: "[parameters('releaseTrain')]",
        autoUpgradeMinorVersion: "[parameters('autoUpgradeMinorVersion')]",
        version: 🔍"[ if( and( not( empty( parameters('version') ) ), not( parameters('autoUpgradeMinorVersion') ) ), parameters('version'), json( 'null' ) ) ]",
        configurationSettings: {4 items
        helm-controller.enabled: "[parameters('helmControllerEnabled')]",
        notification-controller.enabled: "[parameters('notificationControllerEnabled')]",
        image-automation-controller.enabled: "[parameters('imageAutomationController')]",
        image-reflector-controller.enabled: "[parameters('imageReflectorController')]"
        }
        },
        scope: 🔍"[ concat( 'Microsoft.ContainerService/managedClusters/', parameters('clusterName') ) ]"
        }
        ]
        },
        parameters: {9 items
        clusterName: {1 item
        value: "[field('name')]"
        },
        clusterResourceType: {1 item
        value: "[field('type')]"
        },
        helmControllerEnabled: {1 item
        value: "[parameters('helmControllerEnabled')]"
        },
        notificationControllerEnabled: {1 item
        value: "[parameters('notificationControllerEnabled')]"
        },
        imageAutomationController: {1 item
        value: "[parameters('imageAutomationController')]"
        },
        imageReflectorController: {1 item
        value: "[parameters('imageReflectorController')]"
        },
        releaseTrain: {1 item
        value: "[parameters('releaseTrain')]"
        },
        autoUpgradeMinorVersion: {1 item
        value: "[parameters('autoUpgradeMinorVersion')]"
        },
        version: {1 item
        value: "[parameters('version')]"
        }
        }
        }
      }
    }
  }
}

}