Specify Additional Azure Settings
< packages | cluster plan creation workflow
Overview
In this section, you specify the Pod Security Standards (PSS) to enforce, along with any optional Azure-specific settings.
Pod Security Standards (PSS):
This setting enforces security policies for Kubernetes clusters. You define default and allowable standards for flexibility and compliance.
Azure-specific settings:
- Node OS Upgrade Channel: Choose the update channel for node-level OS security updates to ensure timely and controlled updates across the cluster.
- Create User Assigned Identity: Creates a user-assigned identity with contributor privileges on the subscription for the cluster, instead of the default Azure-managed one.
- Infra Resource Group Override: If you need to ensure clusters created using this plan use a specific infrastructure resource group, specify this value. Note that all clusters built from this plan will use the same named resource group. If unpopulated, Wayfinder will generate an appropriate, dedicated infra resource group for each cluster, which is preferable for most situations.
- Resource Group Override: If you need to ensure clusters created using this plan are placed in a specific resource group, specify this value. Note that all clusters built from this plan will use the same named resource group. If unpopulated, Wayfinder will generate an appropriate, dedicated resource group for each cluster, which is preferable for most situations.
- Private Link DNS Zone VNet Links: Links the auto-provisioned private link DNS zone for clusters built from this plan to the provided VNets, allowing them to be resolved in (for example) a central DNS management hub.
📚 For more details on key points, refer to the overview section.
📚 Explore the properties section for additional information on each UI property.
CLI Instructions
Create a new cluster plan
Follow the instructions in the details section.
Web Interface Instructions
Steps
- Fill in the scope details as outlined in the properties section.
- Click Continue to proceed
Screenshot(s)
Properties
| Field | Description |
|---|---|
| Enable Pod Security Standards | Choose if you want to allow privileged, baseline and restricted policies. You must select one of those policies to be the default. |
| Node OS Upgrade Channel | The channel to use for node-level OS security updates. The default value is "Node Image". Option(s): - None - Unmanaged - Security Patch - Node Image |
| Create User Assigned Identity | Option(s): - Enabled: Wayfinder will create a user-assigned managed identity for access to Azure by Kubernetes components. - Disabled: AKS will create system-assigned managed identity which will only be able to access AKS services. For more information, see Azure's documentation. |
| Infra Resource Group Override | All virtual machine scale sets, load balancers, and other resources are placed in a resource group with this name for every cluster created from this plan. Option(s): - Unspecified: Wayfinder will name the resource group for you if this is empty. - Specified: Specify a name for the resource group. |
| Resource Group Override | The AKS cluster resource is placed in this resource group of this name for every cluster created from this plan. Option(s): - Unspecified: Wayfinder will name a resource group for you if this is empty. - Specified: Specify a name for the resource group. |
| Private Link DNS Zone Virtual Network Links | The full Azure resource IDs of virtual networks to link the Azure-generated private link DNS zone for the cluster to. Only applicable to private clusters when the ClusterNetworkPlan has DNS Resolver IP Addresses set. |