GA: Policy add-on for Azure Kubernetes Service
发布日期：九月 22, 2020
The general availability of Azure Policy add on for Azure Kubernetes Service (AKS) allows customers to audit and enforce policies to their Kubernetes resources. This means you can now set policies beyond the Azure Resource Manager level and drive in-depth compliance across pods, namespaces, ingress, and other Kubernetes resources.
Azure Policy traditionally works on configurations at the Azure Resource Manager level, which are configurations that you can set on an ARM template. Use Azure Policy for AKS to set policies beyond the ARM level and target Kubernetes resources. Azure Policy for AKS leverages open-source solutions including Open Policy Agent and Gatekeeper to enable Kubernetes admission control.
Azure Policy for AKS is now generally available and these are some of its capabilities:
- Audit and enforce capabilities inside AKS clusters on Kubernetes resources
- Set policies on pods, namespaces, and ingress to conform to company compliance
- Generate compliance audit reporting across multiple AKS clusters
- View a green, yellow, red non-compliant report from Azure portal for quick scans
Azure Policy add-on for AKS GA release is expected to complete its global rollout in the next few weeks.