AzInitiativeAdvertizer

last sync: 2025-Apr-29 17:15:47 UTC

[Preview]: Use Image Integrity to ensure only trusted images are deployed

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display name[Preview]: Use Image Integrity to ensure only trusted images are deployed
Idaf28bf8b-c669-4dd3-9137-1e68fdc61bd6
Version1.1.0-preview
Details on versioning
Versioning Versions supported for Versioning: 1
1.1.0-preview
Built-in Versioning [Preview]
CategoryKubernetes
Microsoft Learn
DescriptionUse Image Integrity to ensure AKS clusters deploy only trusted images by enabling the Image Integrity and Azure Policy Add-Ons on AKS clusters. Image Integrity Add-On and Azure Policy Add-On are both pre-requisites to using Image Integrity to verify if image is signed upon deployment. For more info, visit https://aka.ms/aks/image-integrity.
Cloud environmentsAzureCloud = true
AzureChinaCloud = unknown
AzureUSGovernment = true
Available in AzUSGovThe PolicySet is available in AzureUSGovernment cloud. Version: '1.0.1-preview'
Repository: Azure-Policy af28bf8b-c669-4dd3-9137-1e68fdc61bd6
TypeBuiltIn
DeprecatedFalse
PreviewTrue
Policy-used summary
Policy types Policy states Policy categories
Total Policies: 3
Builtin Policies: 3
Static Policies: 0
GA: 2
Preview: 1
1 categories:
Kubernetes: 3
Policy-used
Policy DisplayName Policy Id Category Version Versioning Effect Roles# Roles State policy in AzUSGov
[Image Integrity] Kubernetes clusters should only use images signed by notation cf426bb8-b320-4321-8545-1b784a5df3a4 Kubernetes 1.1.0-preview 2x
1.1.0-preview, 1.0.0-preview		 Default
Audit
Allowed
Audit, Disabled		 0 Preview true
[Preview]: Deploy Image Integrity on Azure Kubernetes Service 5dc99dae-cfb2-42cc-8762-9aae02b74e27 Kubernetes 1.1.0-preview 3x
1.1.0-preview, 1.0.5-preview, 1.0.4-preview		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment GA true
Deploy Azure Policy Add-on to Azure Kubernetes Service clusters a8eff44f-8c92-45c3-a3fb-9880802d67a7 Kubernetes 4.2.0 3x
4.2.0, 4.1.0, 4.0.1		 Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled		 2 Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment GA true
Roles used Total Roles usage: 4
Total Roles unique usage: 2
Role Role Id #Policies Policies
Azure Kubernetes Service Policy Add-on Deployment 18ed5180-3e48-46fd-8541-4ea054d57064 2 [Preview]: Deploy Image Integrity on Azure Kubernetes Service, Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
Azure Kubernetes Service Contributor Role ed7f3fbd-7b88-4dd4-9017-9adb7ce333f8 2 [Preview]: Deploy Image Integrity on Azure Kubernetes Service, Deploy Azure Policy Add-on to Azure Kubernetes Service clusters
History
Date/Time (UTC ymd) (i) Changes
2023-10-30 19:02:13 add Policy Deploy Azure Policy Add-on to Azure Kubernetes Service clusters (a8eff44f-8c92-45c3-a3fb-9880802d67a7)
Version change: '1.0.1-preview' to '1.1.0-preview'
2023-10-19 18:01:48 Version change: '1.0.0-preview' to '1.0.1-preview'
2023-10-16 18:02:29 Description change: 'Use Image Integrity to ensure AKS clusters deploy only trusted images: Enable Image Integrity on AKS clusters and use Image Integrity to verify if image is signed upon deployment. For more info, visit https://aka.ms/aks/image-integrity' to 'Use Image Integrity to ensure AKS clusters deploy only trusted images by enabling the Image Integrity and Azure Policy Add-Ons on AKS clusters. Image Integrity Add-On and Azure Policy Add-On are both pre-requisites to using Image Integrity to verify if image is signed upon deployment. For more info, visit https://aka.ms/aks/image-integrity.'
2023-09-06 19:45:48 add Initiative af28bf8b-c669-4dd3-9137-1e68fdc61bd6
JSON compare
compare mode: version left: version right:
JSON
api-version=2023-04-01
EPAC