PSRule.Rules.Azure

0.1.0

rules/Azure.AKS.Rule.ps1

                                #

# Validation rules for Azure Kubernetes Service (AKS)

#

# Synopsis: AKS clusters should have minimum number of nodes for failover and updates

Rule 'Azure.AKS.MinNodeCount' -If { ResourceType 'Microsoft.ContainerService/managedClusters' } -Tag @{ severity = 'Important'; category = 'Reliability' } {

    Hint 'Use at least three (3) agent nodes'

    $TargetObject.Properties.agentPoolProfiles[0].count -ge 3

}

# Synopsis: AKS cluster should meet the minimum version

Rule 'Azure.AKS.Version' -If { ResourceType 'Microsoft.ContainerService/managedClusters' } -Tag @{ severity = 'Important'; category = 'Operations management' } {

    $minVersion = [Version]$Configuration.minAKSVersion

    Hint "Upgrade Kubernetes to at least $minVersion"

    ([Version]$TargetObject.Properties.kubernetesVersion) -ge $minVersion

} -Configure @{ minAKSVersion = '1.13.5' }

# Synopsis: AKS cluster should use role-based access control

Rule 'Azure.AKS.UseRBAC' -If { ResourceType 'Microsoft.ContainerService/managedClusters' } -Tag @{ severity = 'Important'; category = 'Security configuration' } {

    $TargetObject.Properties.enableRBAC

}