AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

[Preview]: Sets readOnlyRootFileSystem in the Pod spec in init containers to true if it is not set.

Azure BuiltIn Policy definition

Source

Azure Portal

Display name

[Preview]: Sets readOnlyRootFileSystem in the Pod spec in init containers to true if it is not set.

2ae2f266-ecc3-4d26-82c5-8c3cb7774f45

Version

1.2.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 3
1.0.0-preview
1.1.0-preview
1.2.0-preview
Built-in Versioning [Preview]

Category

Kubernetes
Microsoft Learn

Description

Setting readOnlyRootFileSystem to true increases security by preventing containers from writing into the root filesystem. This works only for linux containers.

Mode

Microsoft.Kubernetes.Data

Type

BuiltIn

Preview

True

Deprecated

False

Effect

Default
Mutate
Allowed
Mutate, Disabled

RBAC role(s)

none

Rule aliases

none

Rule resource types

IF (1)
Microsoft.ContainerService/managedClusters

Compliance

Not a Compliance control

Initiatives usage

Initiative DisplayName	Initiative Id	Initiative Category	State	Type
[Preview]: Deployment safeguards should help guide developers towards AKS recommended best practices	c047ea8e-9c78-49b2-958b-37e56d291a44	Kubernetes	Preview	BuiltIn

History

Date/Time (UTC ymd) (i)	Change type	Change detail
2024-08-09 18:17:47	change	Minor, suffix remains equal (1.1.0-preview > 1.2.0-preview)
2024-04-12 17:45:57	change	Minor, suffix remains equal (1.0.0-preview > 1.1.0-preview)
2024-04-08 17:52:20	add	2ae2f266-ecc3-4d26-82c5-8c3cb7774f45

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC