AKS-Construction/ps-rule.yaml

#
# PSRule configuration
#

# Please see the documentation for all configuration options:
# https://microsoft.github.io/PSRule/
# https://azure.github.io/PSRule.Rules.Azure/setup/configuring-options/
# https://github.com/microsoft/PSRule.Rules.CAF

input:
  pathIgnore:
  - '.vscode/'
  - '*.md'
  - '*.Designer.cs'
  - '*.resx'
  - '*.sln'
  - '*.txt'
  - '*.html'
  - '*.ico'

include:
  path: []
  module:
  - 'PSRule.Rules.Azure'
  - 'PSRule.Rules.CAF'

requires:
  PSRule.Rules.CAF: '>=0.3.0'

output:
  culture:
  - en-US

configuration:
  # Enable automatic expansion of Azure parameter files
  AZURE_PARAMETER_FILE_EXPANSION: true

  # Bicep is experimental and currently disabled as testing occurs against compiled template
  # Enable automatic expansion of bicep source files
  AZURE_BICEP_FILE_EXPANSION: true
  AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 30

  #ProjectSpecifc rules
  Azure_AKSNodeMinimumMaxPods: 30

rule:
  exclude:
  # Ignore the following rules for all resources
  - Azure.Resource.UseTags
  - Azure.VM.Standalone
  - Azure.KeyVault.SoftDelete
  - Azure.KeyVault.PurgeProtect
  - Azure.AppGw.UseHTTPS #In this project AGIC is in charge of managing the AppGW.
  - Azure.ACR.ContentTrust

# Ignore the following rules for specific deployments
# -aks-AksStan = Low spec'd AKS deployment that won't meet many WAF rules
# - aks-Byo = moderately spec'd AKS deplyoment that wont meet every rule
suppression:
  Azure.AKS.AuthorizedIPs:
  # Exclude the following AKS clusters
  - aks-AksStan
  - aks-Byo

  Azure.AKS.MinNodeCount:
  - aks-AksStan

  Azure.AKS.NetworkPolicy:
  - aks-AksStan

  Azure.AKS.AzurePolicyAddOn:
  - aks-AksStan

  Azure.AKS.AutoScaling:
  - aks-AksStan

  Azure.AKS.AvailabilityZone:
  - aks-AksStan

  Azure.AppGw.UseWAF:
  - agw-Byo

  Azure.AppGw.Prevention:
  - agw-Byo

  Azure.AppGw.WAFEnabled:
  - agw-Byo

  Azure.AKS.AutoUpgrade: #Auto-upgrade can be a pain for short lived test clusters
  - aks-Byo