Custom AKS policy support - now public preview
Published date: September 01, 2021
Embedded Support & New Template Info Property
- TemplateInfo allows users to define the source type for the constraint template. TemplateInfo currently supports two ways to define the constraint template source type: Base64Encodedand PublicUrl. Base64Encoded format privately embeds the constraint template within an Azure policy definition.
- With the use of templateInfo, Azure Policy will now auto-generate the constraint property for you.
Learn more in our documentation and recent blog post.
Error State Reporting & Compliance Reason Codes
- Azure dataplane policies targeting Azure Kubernetes clusters now provide compliance reason codes for any template errors or conflicts preventing accurate policy evaluation.
- For existing policy assignments and constraint templates already on the cluster, if that Constraint/Template fails, the cluster is protected by maintaining the existing Constraint/Template. The cluster reports as non-compliant until the failure is resolved on the policy assignment or the add-on self-heals.
- Existing conflicting policies will function normally but will now report a conflict to users. If the conflicting policies are not already installed on the cluster, they will not be installed until conflicts are resolved.
Learn more and seea full list of reason codes in our documentation.
Azure Policy VS Code Extension Enhancements
- You can now auto-generate an Azure Policy custom definition from a constraint template. Based on user input, the extension will either embed the constraint template for you in embedded64 format or allow you to input a public URL for a given constraint template.
Learn more in our documentation andrecent blog post.
For self-help technical inquiries, please visit Microsoft Q&A. If you require technical support and have a support plan, please submit a support ticket in Microsoft Azure Support or work with your Microsoft Technical Account Manager. If you would like to purchase a support plan, please explore the Azure support plans.