azure-service-operator icon indicating copy to clipboard operation
azure-service-operator copied to clipboard

Published 20 hours ago verified publisher icon Azure

Feature: Add support for Azure policy (definition, assignment, and remediation)

Open sudivate opened this issue 2 years ago • 1 comments

AKS and Arc enabled cluster offers GitOps configuration using Flux V2 both by point-to-point per cluster and at scale (multi-cluster) through Azure Policies. Teams leveraging K8s-style infrastructure control planes can use control planes like Azure Service Operator to define Azure policies in declarative YAML and apply them through GitOPs in multi-cluster scenario.

graph LR
    A[User] -->|AzurePolicy.yaml| B(Git Repo)
    B -->|Reconcile| X    
    subgraph controlplane[Control Plane Cluster]
    X[Flux] ---> Y[ASO] 
    end    
    Y -->D[AKS/Arc Cluster-1 ]
    Y -->E[AKS/Arc Cluster-2 ]
    Y -->F[AKS/Arc Cluster-n ]

sudivate avatar Mar 09 '23 00:03 sudivate

This is also an important feature to help with automation for other things such as managed prometheus.

dtzar avatar Jun 14 '23 00:06 dtzar

Definitely still interested in doing this.

matthchr avatar Aug 12 '24 23:08 matthchr

It looks like some important resources here are:

  • https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/policydefinitions
  • https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/policyassignments

matthchr avatar Aug 12 '24 23:08 matthchr

Still of interest.

theunrepentantgeek avatar Jul 21 '25 23:07 theunrepentantgeek