Catégorie : Azure

Azure Resource Graph Policy Exceptions 

Hi!

I’m excited to share that you can now harness the power of Azure Resource Graph to effortlessly retrieve all policy exceptions. This is made even more seamless with the introduction of the new field: microsoft.authorization/policyexemptions.

Example: Extract all the policies which expire within 90 days

PolicyResources | where type == 'microsoft.authorization/policyexemptions' | extend expiresOnC = todatetime(properties.expiresOn) | where isnotnull(expiresOnC) | where expiresOnC >= now() and expiresOnC < now(+90d) | project name, expiresOnC

Example: All the policies exceptions per assignment

PolicyResources | where type == 'microsoft.authorization/policyexemptions' | summarize count() by tostring(properties.policyAssignmentId)

Maxime.

AKS | Release Tracker

Hi!

AKS releases weekly updates, including fixes, features, and component enhancements, affecting all clusters and customers. However, due to Azure Safe Deployment Practices (SDP), it may take up to two weeks for these updates to be fully deployed across all regions from the initial shipping date.

It is imperative for customers to stay informed about when a particular AKS release will reach their region, and the AKS release tracker provides real-time information sorted by versions and regions. This tool empowers customers to monitor specific component updates included in an AKS version release, such as fixes applied to a core add-on.

https://releases.aks.azure.com/

Maxime.

AKS | Image Cleaner GA

Hi!

Exciting news! Microsoft is thrilled to announce that the Image Cleaner feature is now officially available for general use. In the realm of optimizing image creation and deployment within Azure Kubernetes Service (AKS) clusters, pipelines take center stage. However, amid their prowess in image generation, a common oversight comes to light: the gradual accumulation of outdated images. This seemingly minor misstep often leads to unwelcome image bloat within cluster nodes, a situation that cannot be underestimated due to potential vulnerabilities stemming from these lingering images.

To fortify the security stance of your clusters, it’s imperative to adopt proactive measures for purging these unreferenced images. The conventional manual approach to image cleanup, while well-intentioned, proves both labor-intensive and prone to human error. Enter the game-changing Image Cleaner—an innovative solution meticulously crafted to tackle this very challenge.

By automating the identification and removal of redundant images, Image Cleaner emerges as a pivotal instrument in mitigating the risks posed by outdated images. Its role transcends mere security enhancement, as it also significantly streamlines the image maintenance process, thereby conserving precious time and resources.

If you’re curious to delve deeper into this subject, I penned an article in September 2022. Feel free to explore it by following this link: https://zigmax.net/aks-image-cleaner/

Maxime.