In Azure Console -
From Policies (includes creating and applying custom policies):
- Open the Azure Portal and go to Policy.
- Under Authorizing, select Definitions. If you wish to create a policy, select + Policy definition. Once complete, continue below.
- In the Category drop down, uncheck Select All, then select Kubernetes.
- Choose the policy you wish to assign.
- Configure as needed. For more information on the specific criteria, see the Azure documentation.
From Kubernetes (includes enabling the service, then creating and applying custom policies):
- Open the Azure Portal and go to Kubernetes Services.
- Choose the cluster you wish to edit.
- Under Settings, choose Policies.
- Select Enable Add-on (this will take several minutes).
- Once you see the box noting that it is enabled, click go to Azure Policy.
- Create and apply policies as needed.
In Terraform -
For current Azure Provider versions:
- In the azurerm_kubernetes_cluster resource, set the field azure_policy_enabled to true.
For Azure Provider versions prior to 2.90.x:
- In the azurerm_kubernetes_cluster resource, create an addon_profile block that contains an azure_policy block.
- Set the field azure_policy.enabled to true.
References:
https://learn.microsoft.com/en-us/azure/aks/use-azure-policy
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster
https://registry.terraform.io/providers/hashicorp/azurerm/2.89.0/docs/resources/kubernetes_cluster