You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Install aks-preview CLI extension

To use pod security policies, you need the aks-preview CLI extension version 0.4.1 or higher. Install the aks-preview Azure CLI extension using the az extension add command, then check for any available updates using the az extension update command:


$ az extension add --name aks-preview
The installed extension 'aks-preview' is in preview.

$ az extension update --name aks-preview
No updates available for 'aks-preview'. Use --debug for more information.

$ az feature register --name PodSecurityPolicyPreview --namespace Microsoft.ContainerService
Once the feature 'PodSecurityPolicyPreview' is registered, invoking 'az provider register -n Microsoft.ContainerService' is required to get the change propagated
{
  "id": "/subscriptions/b63b61a0-605d-47e8-b8a6-598e188a00ed/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/PodSecurityPolicyPreview",
  "name": "Microsoft.ContainerService/PodSecurityPolicyPreview",
  "properties": {
    "state": "Registering"
  },
  "type": "Microsoft.Features/providers/features"
}


Register pod security policy feature provider

To create or update an AKS cluster to use pod security policies, first enable a feature flag on your subscription. To register the PodSecurityPolicyPreview feature flag, use the az feature register command as shown in the following example:


It takes a few minutes for the status to show Registered. You can check on the registration status using the az feature listcommand:

az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/PodSecurityPolicyPreview')].{Name:name,State:properties.state}"

Name                                                 State
---------------------------------------------------  ----------
Microsoft.ContainerService/PodSecurityPolicyPreview  Registered


When ready, refresh the registration of the Microsoft.ContainerService resource provider using the az provider registercommand:

az provider register --namespace Microsoft.ContainerService


Enable pod security policy on an AKS cluster

$ az aks update \
    --resource-group <RESOURCE_GROUP> \
    --name <K8S_CLUSTER> \
    --enable-pod-security-policy


Example:

$ az aks update \
    --resource-group ncyd-perftest7-rg-onprem \
    --name ncyd-perftest7-aks-cluster-onprem \
    --enable-pod-security-policy
The behavior of this command has been altered by the following extension: aks-preview
 | Running ..



  • No labels

Copyright JMEHAN.COM