-
Notifications
You must be signed in to change notification settings - Fork 1.1k
/
MutateMaxUnavailablePods.json
78 lines (78 loc) · 2.6 KB
/
MutateMaxUnavailablePods.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{
"properties": {
"displayName": "[Preview]: Sets maxUnavailable pods to 1 for PodDisruptionBudget resources",
"policyType": "BuiltIn",
"mode": "Microsoft.Kubernetes.Data",
"description": "Setting your max unavailable pod value to 1 ensures that your application or service is available during a disruption",
"metadata": {
"version": "1.2.0-preview",
"category": "Kubernetes",
"preview": true
},
"version": "1.2.0-preview",
"parameters": {
"source": {
"type": "String",
"metadata": {
"displayName": "Source",
"description": "The source k8s object for constraint evaluation. 'Original' means only evaluate against the specific GroupVersionKind specified in the policy definition. 'Generated' means only evaluate against k8s objects generated by Gatekeeper ExpansionTemplates. 'All' means evaluate against both the original object and any generated ones."
},
"defaultValue": "Original",
"allowedValues": [
"All",
"Generated",
"Original"
]
},
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "'Mutate' modifies a non-compliant resource to be compliant when creating or updating. 'Disabled' turns off the policy.",
"portalReview": true
},
"allowedValues": [
"Mutate",
"Disabled"
],
"defaultValue": "Mutate"
},
"excludedNamespaces": {
"type": "Array",
"metadata": {
"displayName": "Namespace exclusions",
"description": "List of Kubernetes namespaces to exclude from policy evaluation."
},
"defaultValue": [
"kube-system",
"gatekeeper-system",
"azure-arc"
]
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.ContainerService/managedClusters"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"source": "[parameters('source')]",
"mutationInfo": {
"sourceType": "PublicURL",
"url": "https://store.policy.core.windows.net/kubernetes/mutate-max-unavailable-pods/v1/mutation.yaml"
},
"excludedNamespaces": "[parameters('excludedNamespaces')]"
}
}
},
"versions": [
"1.2.0-PREVIEW",
"1.1.0-PREVIEW",
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/d77f191e-2338-45d0-b6d4-4ee1c586a192",
"name": "d77f191e-2338-45d0-b6d4-4ee1c586a192"
}