Install aks-preview CLI extension
To use pod security policies, you need the aks-preview CLI extension version 0.4.1 or higher. Install the aks-preview Azure CLI extension using the az extension add command, then check for any available updates using the az extension update command:
$ az extension add --name aks-preview
The installed extension 'aks-preview' is in preview.
$ az extension update --name aks-preview
No updates available for 'aks-preview'. Use --debug for more information.
$ az feature register --name PodSecurityPolicyPreview --namespace Microsoft.ContainerService
Once the feature 'PodSecurityPolicyPreview' is registered, invoking 'az provider register -n Microsoft.ContainerService' is required to get the change propagated
{
"id": "/subscriptions/b63b61a0-605d-47e8-b8a6-598e188a00ed/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/PodSecurityPolicyPreview",
"name": "Microsoft.ContainerService/PodSecurityPolicyPreview",
"properties": {
"state": "Registering"
},
"type": "Microsoft.Features/providers/features"
}
Register pod security policy feature provider
To create or update an AKS cluster to use pod security policies, first enable a feature flag on your subscription. To register the PodSecurityPolicyPreview feature flag, use the az feature register command as shown in the following example:
It takes a few minutes for the status to show Registered. You can check on the registration status using the az feature listcommand:
az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/PodSecurityPolicyPreview')].{Name:name,State:properties.state}"
Name State
--------------------------------------------------- -----------
Microsoft.ContainerService/PodSecurityPolicyPreview Registering
When ready, refresh the registration of the Microsoft.ContainerService resource provider using the az provider registercommand:
az provider register --namespace Microsoft.ContainerService