Install aks-preview CLI extension
To use pod security policies, you need the aks-preview CLI extension version 0.4.1 or higher. Install the aks-preview Azure CLI extension using the az extension add command, then check for any available updates using the az extension update command:
$ az extension add --name aks-preview The installed extension 'aks-preview' is in preview. $ az extension update --name aks-preview No updates available for 'aks-preview'. Use --debug for more information. $ az feature register --name PodSecurityPolicyPreview --namespace Microsoft.ContainerService Once the feature 'PodSecurityPolicyPreview' is registered, invoking 'az provider register -n Microsoft.ContainerService' is required to get the change propagated { "id": "/subscriptions/b63b61a0-605d-47e8-b8a6-598e188a00ed/providers/Microsoft.Features/providers/Microsoft.ContainerService/features/PodSecurityPolicyPreview", "name": "Microsoft.ContainerService/PodSecurityPolicyPreview", "properties": { "state": "Registering" }, "type": "Microsoft.Features/providers/features" }
Register pod security policy feature provider
To create or update an AKS cluster to use pod security policies, first enable a feature flag on your subscription. To register the PodSecurityPolicyPreview feature flag, use the az feature register command as shown in the following example:
It takes a few minutes for the status to show Registered. You can check on the registration status using the az feature listcommand:
az feature list -o table --query "[?contains(name, 'Microsoft.ContainerService/PodSecurityPolicyPreview')].{Name:name,State:properties.state}" Name State --------------------------------------------------- ----------- Microsoft.ContainerService/PodSecurityPolicyPreview Registering
When ready, refresh the registration of the Microsoft.ContainerService resource provider using the az provider registercommand:
az provider register --namespace Microsoft.ContainerService