From 6c5929739431640d6585c3bf031b0681cc96201f Mon Sep 17 00:00:00 2001 From: Bernie White Date: Tue, 17 Sep 2024 01:13:08 +1000 Subject: [PATCH] Updated Azure.AKS.Version to use 1.29.7 #3042 (#3043) --- docs/CHANGELOG-v1.md | 4 ++ .../about_PSRule_Azure_Configuration.md | 2 +- docs/en/rules/Azure.AKS.NodeAutoUpgrade.md | 4 +- docs/en/rules/Azure.AKS.Version.md | 8 ++-- docs/examples-aks.bicep | 2 +- docs/examples-aks.json | 6 +-- docs/setup/configuring-rules.md | 2 +- docs/setup/index.md | 2 +- src/PSRule.Rules.Azure/rules/Config.Rule.yaml | 2 +- .../Azure.AKS.Tests.ps1 | 2 +- .../Resources.AKS.Template.json | 12 +++--- .../Resources.AKS.json | 40 +++++++++---------- 12 files changed, 45 insertions(+), 41 deletions(-) diff --git a/docs/CHANGELOG-v1.md b/docs/CHANGELOG-v1.md index 8aa7f5222e5..f3a738df621 100644 --- a/docs/CHANGELOG-v1.md +++ b/docs/CHANGELOG-v1.md @@ -35,6 +35,10 @@ See [upgrade notes][1] for helpful information when upgrading from previous vers [#432](https://github.com/Azure/PSRule.Rules.Azure/issues/432) - Verify that availability set members are in a backend pool by @BenjaminEngeset. [#67](https://github.com/Azure/PSRule.Rules.Azure/issues/67) +- Updated rules: + - Azure Kubernetes Service: + - Updated `Azure.AKS.Version` to use `1.29.7` as the minimum version by @BernieWhite. + [#3042](https://github.com/Azure/PSRule.Rules.Azure/issues/3042) - General improvements: - **Important change:** Replaced the `Azure_AKSNodeMinimumMaxPods` option with `AZURE_AKS_POOL_MINIMUM_MAXPODS` by @BernieWhite. [#941](https://github.com/Azure/PSRule.Rules.Azure/issues/941) diff --git a/docs/concepts/about_PSRule_Azure_Configuration.md b/docs/concepts/about_PSRule_Azure_Configuration.md index b7bfaba4aa5..d964af0f30a 100644 --- a/docs/concepts/about_PSRule_Azure_Configuration.md +++ b/docs/concepts/about_PSRule_Azure_Configuration.md @@ -50,7 +50,7 @@ Default: ```yaml # YAML: The default AZURE_AKS_CLUSTER_MINIMUM_VERSION configuration option configuration: - AZURE_AKS_CLUSTER_MINIMUM_VERSION: 1.20.5 + AZURE_AKS_CLUSTER_MINIMUM_VERSION: 1.29.7 ``` Example: diff --git a/docs/en/rules/Azure.AKS.NodeAutoUpgrade.md b/docs/en/rules/Azure.AKS.NodeAutoUpgrade.md index 88e11d85fc9..95397ab5b55 100644 --- a/docs/en/rules/Azure.AKS.NodeAutoUpgrade.md +++ b/docs/en/rules/Azure.AKS.NodeAutoUpgrade.md @@ -60,7 +60,7 @@ For example: } }, "properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "enableRBAC": true, "dnsPrefix": "[parameters('dnsPrefix')]", "agentPoolProfiles": "[variables('allPools')]", @@ -137,7 +137,7 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2023-07-01' = { } } properties: { - kubernetesVersion: '1.28.9' + kubernetesVersion: '1.29.7' enableRBAC: true dnsPrefix: dnsPrefix agentPoolProfiles: allPools diff --git a/docs/en/rules/Azure.AKS.Version.md b/docs/en/rules/Azure.AKS.Version.md index 6e1eb8c3747..686c16e3e2c 100644 --- a/docs/en/rules/Azure.AKS.Version.md +++ b/docs/en/rules/Azure.AKS.Version.md @@ -67,7 +67,7 @@ For example: } }, "properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "enableRBAC": true, "dnsPrefix": "[parameters('dnsPrefix')]", "agentPoolProfiles": "[variables('allPools')]", @@ -145,7 +145,7 @@ resource cluster 'Microsoft.ContainerService/managedClusters@2023-07-01' = { } } properties: { - kubernetesVersion: '1.28.9' + kubernetesVersion: '1.29.7' enableRBAC: true dnsPrefix: dnsPrefix agentPoolProfiles: allPools @@ -207,13 +207,13 @@ az aks update -n '' -g '' --auto-upgrade-channel 'stable' ``` ```bash -az aks upgrade -n '' -g '' --kubernetes-version '1.28.9' +az aks upgrade -n '' -g '' --kubernetes-version '1.29.7' ``` ### Configure with Azure PowerShell ```powershell -Set-AzAksCluster -Name '' -ResourceGroupName '' -KubernetesVersion '1.28.9' +Set-AzAksCluster -Name '' -ResourceGroupName '' -KubernetesVersion '1.29.7' ``` ## NOTES diff --git a/docs/examples-aks.bicep b/docs/examples-aks.bicep index a92e0d6fb3a..ec7201dd768 100644 --- a/docs/examples-aks.bicep +++ b/docs/examples-aks.bicep @@ -46,7 +46,7 @@ param systemPoolMin int param systemPoolMax int = 3 @description('The version of Kubernetes.') -param kubernetesVersion string = '1.28.9' +param kubernetesVersion string = '1.29.7' @description('Maximum number of pods that can run on nodes in the system pool.') @minValue(30) diff --git a/docs/examples-aks.json b/docs/examples-aks.json index 6272f89e7ed..e4a3604416d 100644 --- a/docs/examples-aks.json +++ b/docs/examples-aks.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "5111879364998616708" + "version": "0.29.47.4906", + "templateHash": "16153598617723280180" } }, "parameters": { @@ -73,7 +73,7 @@ }, "kubernetesVersion": { "type": "string", - "defaultValue": "1.28.9", + "defaultValue": "1.29.7", "metadata": { "description": "The version of Kubernetes." } diff --git a/docs/setup/configuring-rules.md b/docs/setup/configuring-rules.md index 1d02723051b..0673c941676 100644 --- a/docs/setup/configuring-rules.md +++ b/docs/setup/configuring-rules.md @@ -68,7 +68,7 @@ Default: ```yaml title="ps-rule.yaml" # YAML: The default AZURE_AKS_CLUSTER_MINIMUM_VERSION configuration option configuration: - AZURE_AKS_CLUSTER_MINIMUM_VERSION: 1.28.9 + AZURE_AKS_CLUSTER_MINIMUM_VERSION: 1.29.7 ``` Example: diff --git a/docs/setup/index.md b/docs/setup/index.md index 6695e60d76e..823ee89e4b9 100644 --- a/docs/setup/index.md +++ b/docs/setup/index.md @@ -60,7 +60,7 @@ Use comments to add context. AZURE_BICEP_MINIMUM_VERSION: '0.28.1' # Configure the minimum AKS cluster version. - AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.28.9' + AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.29.7' rule: # Enable custom rules that don't exist in the baseline diff --git a/src/PSRule.Rules.Azure/rules/Config.Rule.yaml b/src/PSRule.Rules.Azure/rules/Config.Rule.yaml index f502edd41ea..0eb687cef99 100644 --- a/src/PSRule.Rules.Azure/rules/Config.Rule.yaml +++ b/src/PSRule.Rules.Azure/rules/Config.Rule.yaml @@ -40,7 +40,7 @@ spec: AZURE_BICEP_CHECK_TOOL: false # Configures minimum AKS cluster version. - AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.28.9' + AZURE_AKS_CLUSTER_MINIMUM_VERSION: '1.29.7' # Configures the minimum allowed max pods setting per node pool. AZURE_AKS_POOL_MINIMUM_MAXPODS: 50 diff --git a/tests/PSRule.Rules.Azure.Tests/Azure.AKS.Tests.ps1 b/tests/PSRule.Rules.Azure.Tests/Azure.AKS.Tests.ps1 index ce3b869fb59..fc92ffafc2b 100644 --- a/tests/PSRule.Rules.Azure.Tests/Azure.AKS.Tests.ps1 +++ b/tests/PSRule.Rules.Azure.Tests/Azure.AKS.Tests.ps1 @@ -96,7 +96,7 @@ Describe 'Azure.AKS' -Tag AKS { $ruleResult.TargetName | Should -BeIn 'cluster-B'; $ruleResult[0].Reason | Should -Not -BeNullOrEmpty; - $ruleResult[0].Reason | Should -BeExactly "Path Properties.kubernetesVersion: The version '1.13.8' does not match the constraint '>=1.28.9'."; + $ruleResult[0].Reason | Should -BeExactly "Path Properties.kubernetesVersion: The version '1.13.8' does not match the constraint '>=1.29.7'."; # Pass $ruleResult = @($filteredResult | Where-Object { $_.Outcome -eq 'Pass' }); diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.AKS.Template.json b/tests/PSRule.Rules.Azure.Tests/Resources.AKS.Template.json index 6046504324b..034213c0d23 100644 --- a/tests/PSRule.Rules.Azure.Tests/Resources.AKS.Template.json +++ b/tests/PSRule.Rules.Azure.Tests/Resources.AKS.Template.json @@ -50,7 +50,7 @@ "type": "SystemAssigned" }, "properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "[concat('dns-', parameters('clusterName'))]", "agentPoolProfiles": [ { @@ -210,7 +210,7 @@ "type": "SystemAssigned" }, "properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "[concat('dns-', parameters('clusterName'))]", "agentPoolProfiles": [ { @@ -395,7 +395,7 @@ "vnetSubnetID": "[concat(parameters('vnetId'), '/subnets/subnet-03')]", "maxPods": 50, "type": "VirtualMachineScaleSets", - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "osType": "Linux", "enableAutoScaling": false } @@ -427,7 +427,7 @@ "type": "SystemAssigned" }, "properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "[concat('dns-', parameters('clusterName'))]", "agentPoolProfiles": [ { @@ -628,7 +628,7 @@ "type": "SystemAssigned" }, "properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "[concat('dns-', parameters('clusterName5'))]", "agentPoolProfiles": [ { @@ -831,7 +831,7 @@ "type": "SystemAssigned" }, "properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "[concat('dns-', parameters('clusterName6'))]", "agentPoolProfiles": [ { diff --git a/tests/PSRule.Rules.Azure.Tests/Resources.AKS.json b/tests/PSRule.Rules.Azure.Tests/Resources.AKS.json index b344a498c88..d6400cbb199 100644 --- a/tests/PSRule.Rules.Azure.Tests/Resources.AKS.json +++ b/tests/PSRule.Rules.Azure.Tests/Resources.AKS.json @@ -6,7 +6,7 @@ "ResourceName": "cluster-A", "Name": "cluster-A", "Properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-A", "fqdn": "cluster-A-00000000.nnn.region.azmk8s.io", "agentPoolProfiles": [ @@ -18,7 +18,7 @@ "vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A", "maxPods": 30, "type": "AvailabilitySet", - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "osType": "Linux", "enableAutoScaling": false, "availabilityZones": null @@ -204,7 +204,7 @@ "ParentResource": null, "Properties": { "provisioningState": "Succeeded", - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-C", "fqdn": "cluster-C-00000000.nnn.region.azmk8s.io", "agentPoolProfiles": [ @@ -218,7 +218,7 @@ "maxPods": 50, "type": "VirtualMachineScaleSets", "provisioningState": "Succeeded", - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "osType": "Linux", "enableAutoScaling": false } @@ -428,7 +428,7 @@ "Plan": null, "Properties": { "provisioningState": "Succeeded", - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-D", "fqdn": "cluster-D-nnnnnnnn.hcp.region.azmk8s.io", "agentPoolProfiles": [ @@ -441,7 +441,7 @@ "maxPods": 50, "type": "VirtualMachineScaleSets", "provisioningState": "Succeeded", - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "nodeLabels": {}, "mode": "System", "osType": "Linux", @@ -655,7 +655,7 @@ "powerState": { "code": "Running" }, - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "nodeLabels": {}, "mode": "System", "osType": "Linux", @@ -725,7 +725,7 @@ "powerState": { "code": "Running" }, - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-F", "fqdn": "cluster-F-00000000.hcp.region.azmk8s.io", "azurePortalFQDN": "cluster-F-00000000.portal.hcp.region.azmk8s.io", @@ -746,7 +746,7 @@ "powerState": { "code": "Running" }, - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "nodeLabels": {}, "mode": "System", "osType": "Linux", @@ -1018,7 +1018,7 @@ "ResourceName": "cluster-G", "Name": "cluster-G", "Properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-G", "fqdn": "cluster-G-00000000.nnn.region.azmk8s.io", "agentPoolProfiles": [ @@ -1030,7 +1030,7 @@ "vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A", "maxPods": 30, "type": "VirtualMachineScaleSets", - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "osType": "Linux", "enableAutoScaling": false, "availabilityZones": null @@ -1193,7 +1193,7 @@ "ResourceName": "cluster-H", "Name": "cluster-H", "Properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-H", "fqdn": "cluster-H-00000000.nnn.region.azmk8s.io", "agentPoolProfiles": [ @@ -1205,7 +1205,7 @@ "vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A", "maxPods": 30, "type": "VirtualMachineScaleSets", - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "osType": "Linux", "enableAutoScaling": false, "availabilityZones": [] @@ -1372,7 +1372,7 @@ "ResourceName": "cluster-I", "Name": "cluster-I", "Properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-I", "fqdn": "cluster-I-00000000.nnn.region.azmk8s.io", "agentPoolProfiles": [ @@ -1390,7 +1390,7 @@ "powerState": { "code": "Running" }, - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "mode": "System", "osType": "Linux", "osSKU": "Ubuntu", @@ -1413,7 +1413,7 @@ "powerState": { "code": "Running" }, - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "mode": "User", "osType": "Linux", "osSKU": "Ubuntu", @@ -1582,7 +1582,7 @@ "ResourceName": "cluster-J", "Name": "cluster-J", "Properties": { - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-J", "fqdn": "cluster-J-00000000.nnn.region.azmk8s.io", "agentPoolProfiles": [ @@ -1594,7 +1594,7 @@ "vnetSubnetID": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnet-A/subnets/subnet-A", "maxPods": 30, "type": "VirtualMachineScaleSets", - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "osType": "Linux", "enableAutoScaling": false, "availabilityZones": null @@ -1767,7 +1767,7 @@ "powerState": { "code": "Running" }, - "kubernetesVersion": "1.28.9", + "kubernetesVersion": "1.29.7", "dnsPrefix": "cluster-K", "fqdn": "cluster-K-00000000.hcp.eastus.azmk8s.io", "azurePortalFQDN": "cluster-K-00000000.portal.hcp.eastus.azmk8s.io", @@ -1788,7 +1788,7 @@ "powerState": { "code": "Running" }, - "orchestratorVersion": "1.28.9", + "orchestratorVersion": "1.29.7", "mode": "System", "osType": "Linux", "osSKU": "Ubuntu",