Detections
Analytics

Ensure labels are configured to keep track of organization resources for Azure Kubernetes Cluster

LOW

Description

Azure Kubernetes Cluster is not configured with labels, this may make identification of resources challenging.

Remediation

The node labels of an AKS cluster cannot be changed once the node pool has been created. To create a new resource with the appropriate settings, follow the steps below.

In Azure Console -

  1. Open the Azure Portal and go to Kubernetes Services.
  2. Choose the cluster you wish to edit.
  3. Under Settings, choose Node pools.
  4. Create a new node pool.
  5. Configure as needed and add labels under the Optional Settings tab, Labels section.

In Terraform -

  1. In the azurerm_kubernetes_cluster resource, create a default_node_pool block.
  2. Configure default_node_pool.node_labels as needed.

References:
https://learn.microsoft.com/en-us/azure/aks/use-labels
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#node_labels

Policy Details

Rule Reference ID: AC_AZURE_0215
CSP: Azure
Remediation Available: Yes
Domain: Compliance Validation
Resource: azurerm_kubernetes_cluster
Resource Category: Compute
Resource Type: Azure Kubernetes Service (AKS)

Frameworks