Forum Discussion

krupakar's avatar
krupakar
Copper Contributor
Feb 17, 2022

Can't create custom azure policy for AKS which require access to state data

Currently i was unable to create custom azure policy for AKS which require access to state data.For example to create a policy for uniqueingresshostnames in AKS cluster ,it is impossible to know if an ingress's hostname is unique among all ingresses unless a rule has access to all other ingresses. To make such rules possible, we need to enable syncing of data into OPA. Kubernetes data can be replicated into OPA via the sync config resource.

Currently config cant be edited for azure policy addon

azure policy

1 Reply

  • BrooksV's avatar
    BrooksV
    Copper Contributor
    May 07, 2022

    krupakar 

    The first thing to check is does the resource have a property that contains the value you want to access from a policy rule?

    • If so, then search https://www.azadvertizer.net/azpolicyaliasesadvertizer_all.html for a Policy Alias that represents that resource property.
    • If the Policy Alias exists, then you can construct a policy rule to examine and determine compliance.
    • If the Policy Alias does not exist, then you need to open a support ticket with Microsoft Azure Support and request the Policy Alias to be added.

     

Resources