General availability: Update in policy compliance for Azure Kubernetes Policies
Published date: September 01, 2021
Starting on September 1, 2021, Azure data-plane policies targeting Azure Kubernetes clusters will provide compliance reason codes as well as report any conflicts present. Conflicts may happen if two Azure policy assignments reference Rego templates that have the same resource metadata name but have different sources. If the conflicting policies are not already installed on the cluster, they will not be installed until conflicts are resolved. Existing conflicting policies will function normally but will report a conflict.
Compliance reason codes will also be provided if there are any policy resource level issues in policy evaluation. Reason codes will be provided for scenarios that include Rego template conflicts and Rego template installation failures.
For an existing Azure Policy Assignment with a Rego template already on the cluster, if a template failed to update for any of the compliance reasons listed here, we will protect the cluster by maintaining the existing Rego template, but we will report a ‘non-compliant’ state with ComplianceReasonCode until the failure has been resolved for that Policy Assignment.
See a full list of reason codes in our documentation.
For self-help technical inquiries, please visit Microsoft Q&A. If you require technical support and have a support plan, please submit a support ticket in Microsoft Azure Support or work with your Microsoft Technical Account Manager. If you would like to purchase a support plan, please explore the Azure support plans.