last sync: 2024-Apr-19 17:44:22 UTC

[Preview]: Use Image Integrity to ensure only trusted images are deployed

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Use Image Integrity to ensure only trusted images are deployed
Idaf28bf8b-c669-4dd3-9137-1e68fdc61bd6
Version1.1.0-preview
Details on versioning
CategoryKubernetes
Microsoft Learn
DescriptionUse Image Integrity to ensure AKS clusters deploy only trusted images by enabling the Image Integrity and Azure Policy Add-Ons on AKS clusters. Image Integrity Add-On and Azure Policy Add-On are both pre-requisites to using Image Integrity to verify if image is signed upon deployment. For more info, visit https://aka.ms/aks/image-integrity.
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy count Total Policies: 3
Builtin Policies: 3
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
[Image Integrity] Kubernetes clusters should only use images signed by notation cf426bb8-b320-4321-8545-1b784a5df3a4 Kubernetes Default
Audit
Allowed
Audit, Disabled
0 Preview
[Preview]: Deploy Image Integrity on Azure Kubernetes Service 5dc99dae-cfb2-42cc-8762-9aae02b74e27 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment GA
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters a8eff44f-8c92-45c3-a3fb-9880802d67a7 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment GA
Roles used Total Roles usage: 4
Total Roles unique usage: 2
Role Role Id Policies count Policies
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 2 [Preview]: Deploy Image Integrity on Azure Kubernetes Service, Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064 2 [Preview]: Deploy Image Integrity on Azure Kubernetes Service, Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
History
Date/Time (UTC ymd) (i) Changes
2023-10-30 19:02:13 add Policy Deploy Azure Policy Add-on to Azure Kubernetes Service clusters (a8eff44f-8c92-45c3-a3fb-9880802d67a7)
Version change: '1.0.1-preview' to '1.1.0-preview'
2023-10-19 18:01:48 Version change: '1.0.0-preview' to '1.0.1-preview'
2023-10-16 18:02:29 Description change: 'Use Image Integrity to ensure AKS clusters deploy only trusted images: Enable Image Integrity on AKS clusters and use Image Integrity to verify if image is signed upon deployment. For more info, visit https://aka.ms/aks/image-integrity' to 'Use Image Integrity to ensure AKS clusters deploy only trusted images by enabling the Image Integrity and Azure Policy Add-Ons on AKS clusters. Image Integrity Add-On and Azure Policy Add-On are both pre-requisites to using Image Integrity to verify if image is signed upon deployment. For more info, visit https://aka.ms/aks/image-integrity.'
2023-09-06 19:45:48 add Initiative af28bf8b-c669-4dd3-9137-1e68fdc61bd6
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC