Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article provides a solution to an issue where Azure Policy can't exclude privileged containers from Azure Kubernetes Service (AKS) clusters.
Symptoms
When you use Azure Policy in an AKS cluster, excluding privileged containers fails.
Cause
Azure's built-in policies don't have container exclusion parameters for AKS clusters.
Resolution
To resolve this issue, exclude containers from Azure Policy enforcement within your cluster. Here are the steps:
Create an exemption in the default Azure Security Center policy. This exemption allows you to customize the policy to meet specific requirements.
When creating an exemption, you can apply it to the whole assignment or exempt specific assignments based on your requirements. For more information, see Exempt a resource.
Create a new policy assignment that excludes the desired pods or containers. This overrides the default policy behavior and excludes the specified pods or containers from policy enforcement.
Contact us for help
If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.