Azure AKS custom policy to disable/Deny addon HTTP routing. (just like the Builtin addon for AKS azure policy)

Rodrigo Rios 1 Reputation point

I am trying to create a Custom policy to prevent users to use the addon HTTP routing in AKS managed service.

it seems there is no alias for httpApplicationRouting

it exists in the ARM Template though.... 252712-image-4.png

I could hijack the template before actually building the cluster.

The custom policy I thought is very similar to this one:

A summary of my policy would be this:

  "properties": {  
    "displayName": "Deny HTTP Routing in Azure AKS managed Clusters",  
    "policyType": "Custom",  
    "mode": "Indexed",  
    "description": "Deny HTTP Routing in Azure AKS managed Clusters",  
    "metadata": {  
      "version": "1.0.1",  
      "category": "Kubernetes"  
    "parameters": {  
      "effect": {  
        "type": "String",  
        "metadata": {  
          "displayName": "Effect",  
          "description": "Enable or disable the execution of the policy"  
        "allowedValues": [  

        "defaultValue": "Deny"  
    "policyRule": {  
      "if": {  
        "allOf": [  
            "field": "type",  
            "equals": "Microsoft.ContainerService/managedClusters"  
                "field": "Microsoft.ContainerService/managedClusters/addonProfiles.httpApplicationRouting.enabled",  
                "equals": "true"  
      "then": {  
        "effect": "[parameters('effect')]"  

but changes azurepolicy -> httpApplicationRouting...

any tips appreciated...

right now if I create a dummy cluster it passes on all policy doesn't work out

this alias is not on the official list... Am I missing something?

so I cannot really prevent users of using HTTP routing add-on inside AKS .
Any tips?

Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,652 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Sam Cogan 8,377 Reputation points MVP

    Your path is missing the properties section, it should be:

    field": "Microsoft.ContainerService/managedClusters/properties/addonProfiles.httpApplicationRouting.enabled"  
    0 comments No comments

  2. Rodrigo Rios 1 Reputation point

    Thanks a lot, I am gonna test it =)

    0 comments No comments

  3. Rodrigo Rios 1 Reputation point

    Doesnt work...

    0 comments No comments