Json |
{
"properties": {
"displayName": "Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Upgrade your Kubernetes service cluster to a later Kubernetes version to protect against known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946 has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+",
"metadata": {
"version": "1.0.2",
"category": "Security Center"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"Audit",
"Disabled"
],
"defaultValue": "Audit"
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.ContainerService/managedClusters"
},
{
"anyOf": [
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"in": [
"1.13.4",
"1.13.3",
"1.13.2",
"1.13.1",
"1.13.0"
]
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"in": [
"1.12.6",
"1.12.5",
"1.12.4",
"1.12.3",
"1.12.2",
"1.12.1",
"1.12.0"
]
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"in": [
"1.11.8",
"1.11.7",
"1.11.6",
"1.11.5",
"1.11.4",
"1.11.3",
"1.11.2",
"1.11.1",
"1.11.0"
]
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.10.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.9.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.8.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.7.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.6.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.5.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.4.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.3.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.2.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.1.*"
},
{
"field": "Microsoft.ContainerService/managedClusters/kubernetesVersion",
"Like": "1.0.*"
}
]
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
}
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/fb893a29-21bb-418c-a157-e99480ec364c",
"type": "Microsoft.Authorization/policyDefinitions",
"name": "fb893a29-21bb-418c-a157-e99480ec364c"
}
|