Try-This exercise - Assign a policy definition to an Azure Kubernetes cluster
Use this Try-This exercise to gain some hands-on experience with Azure Kubernetes Service.
To assign a policy definition to your Kubernetes cluster, you must be assigned the appropriate Azure role-based access control (Azure RBAC) policy assignment operations. The Azure built-in roles Resource Policy Contributor and Owner have these operations.
Find the built-in policy definitions for managing your cluster using the Azure portal with the following steps. If using a custom policy definition, search for it by name or the category that you created it with.
Note
To complete this exercise you'll need an Azure Subscription.
Select in the left pane and then search for and select Policy.
In the left pane of the Azure Policy page, select Definitions.
From the Category dropdown list box, use Select all to clear the filter and then select Kubernetes.
Select the policy definition, then select the Assign button.
Set the Scope to the management group, subscription, or resource group of the Kubernetes cluster where the policy assignment applies.
Note
The Scope must include the cluster resource when assigning the Azure Policy for Kubernetes definition.
Give the policy assignment a Name and Description that you can use to identify it easily.
Set the Policy enforcement to one of the values.
- Enabled - Enforce the policy on the cluster. Kubernetes admission requests with violations are denied.
- Disabled - Don't enforce the policy on the cluster. Kubernetes admission requests with violations aren't denied. Compliance assessment results are still available. The Disabled option is helpful for testing the policy definition as admission requests with violations aren't denied.
Select Next.
Set parameter values
Select Review + create, and select Create.
Select Overview in the left pane and then search for and select Policy.
Under Name, view the compliance for the Policy definition.
