microsoft
/
PSRule.Rules.Azure
зеркало из https://github.com/Azure/PSRule.Rules.Azure.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Updated AKS version to 1.27.9 #2771 #1731 #2570 (#2772)

This commit is contained in:
Bernie White 2024-03-25 02:04:37 +10:00 коммит произвёл GitHub
Родитель 71b205da24
Коммит 0d9a3ea72d
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: B5690EEEBB952194
14 изменённых файлов: 235 добавлений и 163 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

10
data/policy-ignore.json
Просмотреть файл

@ -44,11 +44,19 @@
},
{
"policyDefinitionIds": [
"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d"
"/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d",
"/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7"
],
"reason": "Duplicate",
"value": "Azure.AKS.AzurePolicyAddOn"
},
{
"policyDefinitionIds": [
"/providers/Microsoft.Authorization/policyDefinitions/5c345cdf-2049-47e0-b8fe-b0e96bc2df35"
],
"reason": "Duplicate",
"value": "Azure.AKS.AutoUpgrade"
},
{
"policyDefinitionIds": [
"/providers/Microsoft.Authorization/policyDefinitions/4fa4b6c0-31ca-4c0d-b10d-24b96f62a751"

4
docs/CHANGELOG-v1.md
Просмотреть файл

@ -42,9 +42,13 @@ What's changed since pre-release v1.35.0-B0030:
[#2768](https://github.com/Azure/PSRule.Rules.Azure/issues/2768)
- Fixed `Azure.AppService.PHPVersion` check fails when phpVersion is null.
- Bumped rule set to `2024_03`.
- Updated `Azure.AKS.Version` to use `1.27.9` as the minimum version by @BernieWhite.
[#2771](https://github.com/Azure/PSRule.Rules.Azure/issues/2771)
- General improvements:
- Quality updates to rule documentation by @BernieWhite.
[#2570](https://github.com/Azure/PSRule.Rules.Azure/issues/2570)
- Additional policies added to default ignore list by @BernieWhite.
[#1731](https://github.com/Azure/PSRule.Rules.Azure/issues/1731)
- Bug fixes:
- Fixed failed to expand JObject value with invalid key by @BernieWhite.
[#2751](https://github.com/Azure/PSRule.Rules.Azure/issues/2751)

27
docs/en/rules/Azure.AKS.AutoUpgrade.md
Просмотреть файл

@ -1,8 +1,8 @@
---
reviewed: 2021/12/10
reviewed: 2024-03-25
severity: Important
pillar: Operational Excellence
category: Automation
category: OE:09 Task automation
resource: Azure Kubernetes Service
online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AKS.AutoUpgrade/
---
@ -22,13 +22,13 @@ To configure auto-upgrades select a release channel instead of the default `none
The following release channels are available:
- `none` - Disables auto-upgrades.
The default setting.
The default setting.
- `patch` - Automatically upgrade to the latest supported patch version of the current minor version.
- `stable` - Automatically upgrade to the latest supported patch release of the recommended minor version.
This is N-1 of the current AKS non-preview minor version.
This is N-1 of the current AKS non-preview minor version.
- `rapid` - Automatically upgrade to the latest supported patch of the latest support minor version.
- `node-image` - Automatically upgrade to the latest node image version.
Normally upgraded weekly.
Normally upgraded weekly.
## RECOMMENDATION
@ -189,10 +189,17 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2021-07-01' = {
az aks update -n '<name>' -g '<resource_group>' --auto-upgrade-channel 'stable'
```
### Configure with Azure Policy
To address this issue at runtime use the following policies:
- [Azure Kubernetes Service Clusters should enable cluster auto-upgrade](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_Autoupgrade_Cluster_Audit.json)
`/providers/Microsoft.Authorization/policyDefinitions/5c345cdf-2049-47e0-b8fe-b0e96bc2df35`
## LINKS
- [Automation overview](https://learn.microsoft.com/azure/architecture/framework/devops/automation-overview)
- [Supported Kubernetes versions in Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/supported-kubernetes-versions)
- [Support policies for Azure Kubernetes Service](https://docs.microsoft.com/azure/aks/support-policies)
- [Set auto-upgrade channel](https://docs.microsoft.com/azure/aks/upgrade-cluster#set-auto-upgrade-channel)
- [Azure deployment reference](https://docs.microsoft.com/azure/templates/microsoft.containerservice/managedclusters#ManagedClusterAutoUpgradeProfile)
- [OE:09 Task automation](https://learn.microsoft.com/azure/well-architected/operational-excellence/automate-tasks)
- [Supported Kubernetes versions in Azure Kubernetes Service](https://learn.microsoft.com/azure/aks/supported-kubernetes-versions)
- [Support policies for Azure Kubernetes Service](https://learn.microsoft.com/azure/aks/support-policies)
- [Automatically upgrade an Azure Kubernetes Service (AKS) cluster](https://learn.microsoft.com/azure/aks/auto-upgrade-cluster)
- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters)

224
docs/en/rules/Azure.AKS.AzurePolicyAddOn.md
Просмотреть файл

@ -1,7 +1,8 @@
---
reviewed: 2024-03-25
severity: Important
pillar: Security
category: Optimize
category: SE:08 Hardening resources
resource: Azure Kubernetes Service
online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.AKS.AzurePolicyAddOn/
---
@ -41,72 +42,93 @@ For example:
```json
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2021-10-01",
"name": "[parameters('clusterName')]",
"location": "[parameters('location')]",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')))]": {}
}
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2024-01-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[format('{0}', resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName')))]": {}
}
},
"properties": {
"kubernetesVersion": "[parameters('kubernetesVersion')]",
"disableLocalAccounts": true,
"enableRBAC": true,
"dnsPrefix": "[parameters('dnsPrefix')]",
"agentPoolProfiles": [
{
"name": "system",
"osDiskSizeGB": 0,
"minCount": 3,
"maxCount": 5,
"enableAutoScaling": true,
"maxPods": 50,
"vmSize": "Standard_D4s_v5",
"type": "VirtualMachineScaleSets",
"vnetSubnetID": "[parameters('clusterSubnetId')]",
"mode": "System",
"osDiskType": "Ephemeral"
},
{
"name": "user",
"osDiskSizeGB": 0,
"minCount": 3,
"maxCount": 20,
"enableAutoScaling": true,
"maxPods": 50,
"vmSize": "Standard_D4s_v5",
"type": "VirtualMachineScaleSets",
"vnetSubnetID": "[parameters('clusterSubnetId')]",
"mode": "User",
"osDiskType": "Ephemeral"
}
],
"aadProfile": {
"managed": true,
"enableAzureRBAC": true,
"adminGroupObjectIDs": "[parameters('clusterAdmins')]",
"tenantID": "[subscription().tenantId]"
},
"properties": {
"kubernetesVersion": "[parameters('kubernetesVersion')]",
"enableRBAC": true,
"dnsPrefix": "[parameters('dnsPrefix')]",
"agentPoolProfiles": "[variables('allPools')]",
"aadProfile": {
"managed": true,
"enableAzureRBAC": true,
"adminGroupObjectIDs": "[parameters('clusterAdmins')]",
"tenantID": "[subscription().tenantId]"
},
"networkProfile": {
"networkPlugin": "azure",
"networkPolicy": "azure",
"loadBalancerSku": "standard",
"serviceCidr": "[variables('serviceCidr')]",
"dnsServiceIP": "[variables('dnsServiceIP')]",
"dockerBridgeCidr": "[variables('dockerBridgeCidr')]"
},
"autoUpgradeProfile": {
"upgradeChannel": "stable"
},
"addonProfiles": {
"httpApplicationRouting": {
"enabled": false
},
"azurepolicy": {
"enabled": true,
"config": {
"version": "v2"
}
},
"omsagent": {
"enabled": true,
"config": {
"logAnalyticsWorkspaceResourceID": "[parameters('workspaceId')]"
}
},
"kubeDashboard": {
"enabled": false
},
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true"
}
}
},
"podIdentityProfile": {
"enabled": true
}
"networkProfile": {
"networkPlugin": "azure",
"networkPolicy": "azure",
"loadBalancerSku": "standard",
"serviceCidr": "[variables('serviceCidr')]",
"dnsServiceIP": "[variables('dnsServiceIP')]"
},
"tags": "[parameters('tags')]",
"dependsOn": [
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]"
]
"apiServerAccessProfile": {
"enablePrivateCluster": true,
"enablePrivateClusterPublicFQDN": false
},
"autoUpgradeProfile": {
"upgradeChannel": "stable"
},
"oidcIssuerProfile": {
"enabled": true
},
"addonProfiles": {
"azurepolicy": {
"enabled": true
},
"omsagent": {
"enabled": true,
"config": {
"logAnalyticsWorkspaceResourceID": "[parameters('workspaceId')]"
}
},
"azureKeyvaultSecretsProvider": {
"enabled": true,
"config": {
"enableSecretRotation": "true"
}
}
}
},
"dependsOn": [
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('identityName'))]"
]
}
```
@ -119,9 +141,9 @@ To deploy AKS clusters that pass this rule:
For example:
```bicep
resource cluster 'Microsoft.ContainerService/managedClusters@2021-10-01' = {
resource privateCluster 'Microsoft.ContainerService/managedClusters@2024-01-01' = {
location: location
name: clusterName
name: name
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
@ -130,9 +152,37 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2021-10-01' = {
}
properties: {
kubernetesVersion: kubernetesVersion
disableLocalAccounts: true
enableRBAC: true
dnsPrefix: dnsPrefix
agentPoolProfiles: allPools
agentPoolProfiles: [
{
name: 'system'
osDiskSizeGB: 0
minCount: 3
maxCount: 5
enableAutoScaling: true
maxPods: 50
vmSize: 'Standard_D4s_v5'
type: 'VirtualMachineScaleSets'
vnetSubnetID: clusterSubnetId
mode: 'System'
osDiskType: 'Ephemeral'
}
{
name: 'user'
osDiskSizeGB: 0
minCount: 3
maxCount: 20
enableAutoScaling: true
maxPods: 50
vmSize: 'Standard_D4s_v5'
type: 'VirtualMachineScaleSets'
vnetSubnetID: clusterSubnetId
mode: 'User'
osDiskType: 'Ephemeral'
}
]
aadProfile: {
managed: true
enableAzureRBAC: true
@ -145,20 +195,20 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2021-10-01' = {
loadBalancerSku: 'standard'
serviceCidr: serviceCidr
dnsServiceIP: dnsServiceIP
dockerBridgeCidr: dockerBridgeCidr
}
apiServerAccessProfile: {
enablePrivateCluster: true
enablePrivateClusterPublicFQDN: false
}
autoUpgradeProfile: {
upgradeChannel: 'stable'
}
oidcIssuerProfile: {
enabled: true
}
addonProfiles: {
httpApplicationRouting: {
enabled: false
}
azurepolicy: {
enabled: true
config: {
version: 'v2'
}
}
omsagent: {
enabled: true
@ -166,9 +216,6 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2021-10-01' = {
logAnalyticsWorkspaceResourceID: workspaceId
}
}
kubeDashboard: {
enabled: false
}
azureKeyvaultSecretsProvider: {
enabled: true
config: {
@ -176,14 +223,19 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2021-10-01' = {
}
}
}
podIdentityProfile: {
enabled: true
}
}
tags: tags
}
```
### Configure with Azure Policy
To address this issue at runtime use the following policies:
- [Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_AzurePolicyAddOn_Audit.json)
`/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d`
- [Deploy Azure Policy Add-on to Azure Kubernetes Service clusters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_AzurePolicyAddOn_DINE.json)
`/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7`
## NOTES
Azure Policy for AKS clusters is generally available (GA).
@ -191,7 +243,7 @@ Azure Policy for AKS Engine and Arc enabled Kubernetes are currently in preview.
## LINKS
- [Governance, risk, and compliance](https://learn.microsoft.com/azure/architecture/framework/security/governance#audit-and-enforce-policy-compliance)
- [Understand Azure Policy for Kubernetes clusters](https://docs.microsoft.com/azure/governance/policy/concepts/policy-for-kubernetes)
- [Secure your cluster with Azure Policy](https://docs.microsoft.com/azure/aks/use-azure-policy)
- [Azure deployment reference](https://docs.microsoft.com/azure/templates/microsoft.containerservice/managedclusters)
- [SE:08 Hardening resources](https://learn.microsoft.com/azure/well-architected/security/harden-resources)
- [Understand Azure Policy for Kubernetes clusters](https://learn.microsoft.com/azure/governance/policy/concepts/policy-for-kubernetes)
- [Secure your Azure Kubernetes Service (AKS) clusters with Azure Policy](https://learn.microsoft.com/azure/aks/use-azure-policy)
- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.containerservice/managedclusters)

5
docs/en/rules/Azure.AKS.LocalAccounts.md
Просмотреть файл

@ -232,9 +232,8 @@ az aks update -n '<name>' -g '<resource_group>' --enable-aad --aad-admin-group-o
To address this issue at runtime use the following policies:
```text
/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32
```
- [Azure Kubernetes Service Clusters should have local authentication methods disabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_DisableLocalAccounts_Deny.json)
`/providers/Microsoft.Authorization/policyDefinitions/993c2fcd-2b29-49d2-9eb0-df2c3a730c32`
## LINKS

10
docs/en/rules/Azure.AKS.Version.md
Просмотреть файл

@ -1,5 +1,5 @@
---
reviewed: 2024-02-17
reviewed: 2024-03-25
severity: Important
pillar: Reliability
category: RE:04 Target metrics
@ -67,7 +67,7 @@ For example:
}
},
"properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"enableRBAC": true,
"dnsPrefix": "[parameters('dnsPrefix')]",
"agentPoolProfiles": "[variables('allPools')]",
@ -145,7 +145,7 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2023-07-01' = {
}
}
properties: {
kubernetesVersion: '1.27.7'
kubernetesVersion: '1.27.9'
enableRBAC: true
dnsPrefix: dnsPrefix
agentPoolProfiles: allPools
@ -207,13 +207,13 @@ az aks update -n '<name>' -g '<resource_group>' --auto-upgrade-channel 'stable'
```
```bash
az aks upgrade -n '<name>' -g '<resource_group>' --kubernetes-version '1.27.7'
az aks upgrade -n '<name>' -g '<resource_group>' --kubernetes-version '1.27.9'
```
### Configure with Azure PowerShell
```powershell
Set-AzAksCluster -Name '<name>' -ResourceGroupName '<resource_group>' -KubernetesVersion '1.27.7'
Set-AzAksCluster -Name '<name>' -ResourceGroupName '<resource_group>' -KubernetesVersion '1.27.9'
```
## NOTES

42
docs/examples-aks.bicep
Просмотреть файл

@ -46,7 +46,7 @@ param systemPoolMin int
param systemPoolMax int = 3
@description('The version of Kubernetes.')
param kubernetesVersion string = '1.26.6'
param kubernetesVersion string = '1.27.9'
@description('Maximum number of pods that can run on nodes in the system pool.')
@minValue(30)
@ -104,22 +104,24 @@ var systemPools = [
scaleSetPriority: 'Regular'
}
]
var userPools = [for i in range(0, length(pools)): {
name: pools[i].name
osDiskSizeGB: osDiskSizeGB
count: pools[i].minCount
minCount: pools[i].minCount
maxCount: pools[i].maxCount
enableAutoScaling: true
maxPods: pools[i].maxPods
vmSize: pools[i].vmSize
osType: pools[i].osType
type: 'VirtualMachineScaleSets'
vnetSubnetID: clusterSubnetId
mode: 'User'
osDiskType: 'Ephemeral'
scaleSetPriority: pools[i].priority
}]
var userPools = [
for i in range(0, length(pools)): {
name: pools[i].name
osDiskSizeGB: osDiskSizeGB
count: pools[i].minCount
minCount: pools[i].minCount
maxCount: pools[i].maxCount
enableAutoScaling: true
maxPods: pools[i].maxPods
vmSize: pools[i].vmSize
osType: pools[i].osType
type: 'VirtualMachineScaleSets'
vnetSubnetID: clusterSubnetId
mode: 'User'
osDiskType: 'Ephemeral'
scaleSetPriority: pools[i].priority
}
]
// Define resources
@ -130,7 +132,7 @@ resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31'
}
// An example AKS cluster
resource cluster 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
resource cluster 'Microsoft.ContainerService/managedClusters@2024-01-01' = {
location: location
name: name
identity: {
@ -190,7 +192,7 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
}
// An example AKS cluster with pools defined.
resource clusterWithPools 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
resource clusterWithPools 'Microsoft.ContainerService/managedClusters@2024-01-01' = {
location: location
name: name
identity: {
@ -277,7 +279,7 @@ resource clusterWithPools 'Microsoft.ContainerService/managedClusters@2023-11-01
}
// An example private AKS cluster with pools defined.
resource privateCluster 'Microsoft.ContainerService/managedClusters@2023-11-01' = {
resource privateCluster 'Microsoft.ContainerService/managedClusters@2024-01-01' = {
location: location
name: name
identity: {

12
docs/examples-aks.json
Просмотреть файл

@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.25.3.34343",
"templateHash": "15286438717534282301"
"version": "0.26.54.24096",
"templateHash": "2536331348365960823"
}
},
"parameters": {
@ -73,7 +73,7 @@
},
"kubernetesVersion": {
"type": "string",
"defaultValue": "1.26.6",
"defaultValue": "1.27.9",
"metadata": {
"description": "The version of Kubernetes."
}
@ -178,7 +178,7 @@
},
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2023-11-01",
"apiVersion": "2024-01-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
@ -241,7 +241,7 @@
},
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2023-11-01",
"apiVersion": "2024-01-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
@ -331,7 +331,7 @@
},
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2023-11-01",
"apiVersion": "2024-01-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {

6
docs/setup/configuring-options.md
Просмотреть файл

@ -32,8 +32,8 @@ Use comments to add context.
```yaml
requires:
# Require a minimum of PSRule for Azure v1.30.0
PSRule.Rules.Azure: '>=1.30.0'
# Require a minimum of PSRule for Azure v1.34.2
PSRule.Rules.Azure: '>=1.34.2'
configuration:
# Enable expansion of Azure Template files.
@ -52,7 +52,7 @@ Use comments to add context.
AZURE_BICEP_MINIMUM_VERSION: '0.16.2'
# Configure the minimum AKS cluster version.
AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.27.7'
AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.27.9'
rule:
# Enable custom rules that don't exist in the baseline

2
docs/setup/configuring-rules.md
Просмотреть файл

@ -66,7 +66,7 @@ Default:
```yaml title="ps-rule.yaml"
# YAML: The default AZURE_AKS_CLUSTER_MINIMUM_VERSION configuration option
configuration:
AZURE_AKS_CLUSTER_MINIMUM_VERSION: 1.27.7
AZURE_AKS_CLUSTER_MINIMUM_VERSION: 1.27.9
```
Example:

2
src/PSRule.Rules.Azure/rules/Config.Rule.yaml
Просмотреть файл

@ -40,7 +40,7 @@ spec:
AZURE_BICEP_CHECK_TOOL: false
# Configure minimum AKS cluster version.
AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.27.7'
AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.27.9'
# Configures the minimum number of nodes across all system node pools.
AZURE_AKS_CLUSTER_MINIMUM_SYSTEM_NODES: 3

2
tests/PSRule.Rules.Azure.Tests/Azure.AKS.Tests.ps1
Просмотреть файл

@ -81,7 +81,7 @@ Describe 'Azure.AKS' -Tag AKS {
$ruleResult.TargetName | Should -BeIn 'cluster-B';
$ruleResult[0].Reason | Should -Not -BeNullOrEmpty;
$ruleResult[0].Reason | Should -BeExactly "Path Properties.kubernetesVersion: The version '1.13.8' does not match the constraint '>=1.27.7'.";
$ruleResult[0].Reason | Should -BeExactly "Path Properties.kubernetesVersion: The version '1.13.8' does not match the constraint '>=1.27.9'.";
# Pass
$ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' });

12
tests/PSRule.Rules.Azure.Tests/Resources.AKS.Template.json
Просмотреть файл

@ -50,7 +50,7 @@
"type": "SystemAssigned"
},
"properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "[concat('dns-', parameters('clusterName'))]",
"agentPoolProfiles": [
{
@ -210,7 +210,7 @@
"type": "SystemAssigned"
},
"properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "[concat('dns-', parameters('clusterName'))]",
"agentPoolProfiles": [
{
@ -395,7 +395,7 @@
"vnetSubnetID": "[concat(parameters('vnetId'), '/subnets/subnet-03')]",
"maxPods": 50,
"type": "VirtualMachineScaleSets",
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"osType": "Linux",
"enableAutoScaling": false
}
@ -427,7 +427,7 @@
"type": "SystemAssigned"
},
"properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "[concat('dns-', parameters('clusterName'))]",
"agentPoolProfiles": [
{
@ -628,7 +628,7 @@
"type": "SystemAssigned"
},
"properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "[concat('dns-', parameters('clusterName5'))]",
"agentPoolProfiles": [
{
@ -831,7 +831,7 @@
"type": "SystemAssigned"
},
"properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "[concat('dns-', parameters('clusterName6'))]",
"agentPoolProfiles": [
{

40
tests/PSRule.Rules.Azure.Tests/Resources.AKS.json
Просмотреть файл

@ -6,7 +6,7 @@
"ResourceName": "cluster-A",
"Name": "cluster-A",
"Properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-A",
"fqdn": "cluster-A-00000000.nnn.region.azmk8s.io",
"agentPoolProfiles": [
@ -18,7 +18,7 @@
"vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A",
"maxPods": 30,
"type": "AvailabilitySet",
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"osType": "Linux",
"enableAutoScaling": false,
"availabilityZones": null
@ -172,7 +172,7 @@
"ParentResource": null,
"Properties": {
"provisioningState": "Succeeded",
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-C",
"fqdn": "cluster-C-00000000.nnn.region.azmk8s.io",
"agentPoolProfiles": [
@ -186,7 +186,7 @@
"maxPods": 50,
"type": "VirtualMachineScaleSets",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"osType": "Linux",
"enableAutoScaling": false
}
@ -300,7 +300,7 @@
"Plan": null,
"Properties": {
"provisioningState": "Succeeded",
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-D",
"fqdn": "cluster-D-nnnnnnnn.hcp.region.azmk8s.io",
"agentPoolProfiles": [
@ -313,7 +313,7 @@
"maxPods": 50,
"type": "VirtualMachineScaleSets",
"provisioningState": "Succeeded",
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"nodeLabels": {},
"mode": "System",
"osType": "Linux",
@ -495,7 +495,7 @@
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"nodeLabels": {},
"mode": "System",
"osType": "Linux",
@ -565,7 +565,7 @@
"powerState": {
"code": "Running"
},
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-F",
"fqdn": "cluster-F-00000000.hcp.region.azmk8s.io",
"azurePortalFQDN": "cluster-F-00000000.portal.hcp.region.azmk8s.io",
@ -586,7 +586,7 @@
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"nodeLabels": {},
"mode": "System",
"osType": "Linux",
@ -793,7 +793,7 @@
"ResourceName": "cluster-G",
"Name": "cluster-G",
"Properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-G",
"fqdn": "cluster-G-00000000.nnn.region.azmk8s.io",
"agentPoolProfiles": [
@ -805,7 +805,7 @@
"vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A",
"maxPods": 30,
"type": "VirtualMachineScaleSets",
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"osType": "Linux",
"enableAutoScaling": false,
"availabilityZones": null
@ -968,7 +968,7 @@
"ResourceName": "cluster-H",
"Name": "cluster-H",
"Properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-H",
"fqdn": "cluster-H-00000000.nnn.region.azmk8s.io",
"agentPoolProfiles": [
@ -980,7 +980,7 @@
"vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A",
"maxPods": 30,
"type": "VirtualMachineScaleSets",
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"osType": "Linux",
"enableAutoScaling": false,
"availabilityZones": []
@ -1147,7 +1147,7 @@
"ResourceName": "cluster-I",
"Name": "cluster-I",
"Properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-I",
"fqdn": "cluster-I-00000000.nnn.region.azmk8s.io",
"agentPoolProfiles": [
@ -1165,7 +1165,7 @@
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"mode": "System",
"osType": "Linux",
"osSKU": "Ubuntu",
@ -1188,7 +1188,7 @@
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"mode": "User",
"osType": "Linux",
"osSKU": "Ubuntu",
@ -1357,7 +1357,7 @@
"ResourceName": "cluster-J",
"Name": "cluster-J",
"Properties": {
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-J",
"fqdn": "cluster-J-00000000.nnn.region.azmk8s.io",
"agentPoolProfiles": [
@ -1369,7 +1369,7 @@
"vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A",
"maxPods": 30,
"type": "VirtualMachineScaleSets",
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"osType": "Linux",
"enableAutoScaling": false,
"availabilityZones": null
@ -1542,7 +1542,7 @@
"powerState": {
"code": "Running"
},
"kubernetesVersion": "1.27.7",
"kubernetesVersion": "1.27.9",
"dnsPrefix": "cluster-K",
"fqdn": "cluster-K-00000000.hcp.eastus.azmk8s.io",
"azurePortalFQDN": "cluster-K-00000000.portal.hcp.eastus.azmk8s.io",
@ -1563,7 +1563,7 @@
"powerState": {
"code": "Running"
},
"orchestratorVersion": "1.27.7",
"orchestratorVersion": "1.27.9",
"mode": "System",
"osType": "Linux",
"osSKU": "Ubuntu",