Ensure AKS cluster has Network Policy configured

Explanation

The Kubernetes object type NetworkPolicy should be defined to have opportunity allow or block traffic to pods, as in a Kubernetes cluster configured with default settings, all pods can discover and communicate with each other without any restrictions.

Insecure Example

The following example will fail the AZU006 check.

resource "azurerm_kubernetes_cluster" "my-aks-cluster" {
	network_profile {
	  }
}

Secure Example

The following example will pass the AZU006 check.

resource "azurerm_kubernetes_cluster" "my-aks-cluster" {
	network_profile {
	  network_policy = "calico"
	  }
}

Related Links

• https://www.terraform.io/docs/providers/azurerm/r/kubernetes_cluster.html#network_policy

• https://docs.microsoft.com/en-us/azure/aks/use-network-policies

• https://kubernetes.io/docs/concepts/services-networking/network-policies