Ensure AKS uses Azure policies add-on

Error: AKS does not use Azure policies add-on

Bridgecrew Policy ID: BC_AZR_KUBERNETES_7
Checkov Check ID: CKV_AZURE_116
Severity: LOW

AKS does not use Azure policies add-on

Description

Azure Policy Add-on for Kubernetes service (AKS) extends Gatekeeper v3, an admission controller webhook for Open Policy Agent (OPA), to apply at-scale enforcements and safeguards on your clusters in a centralized, consistent manner.

Fix - Buildtime

Terraform

  • Resource: azurerm_kubernetes_cluster
  • Argument: addon_profile.azure_policy.enabled
resource "azurerm_kubernetes_cluster" "example" {
                  ...
+                  addon_profile {
+                    azure_policy {
+                      enabled = true
                    }
                  }         
                }