Link Search Menu Expand Document

Ensure AKS cluster has Network Policy configured

Explanation

The Kubernetes object type NetworkPolicy should be defined to have opportunity allow or block traffic to pods, as in a Kubernetes cluster configured with default settings, all pods can discover and communicate with each other without any restrictions.

Insecure Example

The following example will fail the AZU006 check.

resource "azurerm_kubernetes_cluster" "my-aks-cluster" {
	network_profile {
	  }
}

Secure Example

The following example will pass the AZU006 check.

resource "azurerm_kubernetes_cluster" "my-aks-cluster" {
	network_profile {
	  network_policy = "calico"
	  }
}