# # PSRule configuration # # Please see the documentation for all configuration options: # https://microsoft.github.io/PSRule/ # https://azure.github.io/PSRule.Rules.Azure/setup/configuring-options/ # https://github.com/microsoft/PSRule.Rules.CAF input: pathIgnore: - '.vscode/' - '*.md' - '*.Designer.cs' - '*.resx' - '*.sln' - '*.txt' - '*.html' - '*.ico' include: path: [] module: - 'PSRule.Rules.Azure' - 'PSRule.Rules.CAF' requires: PSRule.Rules.CAF: '>=0.3.0' output: culture: - en-US configuration: # Enable automatic expansion of Azure parameter files AZURE_PARAMETER_FILE_EXPANSION: true # Bicep is experimental and currently disabled as testing occurs against compiled template # Enable automatic expansion of bicep source files AZURE_BICEP_FILE_EXPANSION: true AZURE_BICEP_FILE_EXPANSION_TIMEOUT: 30 #ProjectSpecifc rules Azure_AKSNodeMinimumMaxPods: 30 rule: exclude: # Ignore the following rules for all resources - Azure.Resource.UseTags - Azure.VM.Standalone - Azure.KeyVault.SoftDelete - Azure.KeyVault.PurgeProtect - Azure.AppGw.UseHTTPS #In this project AGIC is in charge of managing the AppGW. - Azure.ACR.ContentTrust # Ignore the following rules for specific deployments # -aks-AksStan = Low spec'd AKS deployment that won't meet many WAF rules # - aks-Byo = moderately spec'd AKS deplyoment that wont meet every rule suppression: Azure.AKS.AuthorizedIPs: # Exclude the following AKS clusters - aks-AksStan - aks-Byo Azure.AKS.MinNodeCount: - aks-AksStan Azure.AKS.NetworkPolicy: - aks-AksStan Azure.AKS.AzurePolicyAddOn: - aks-AksStan Azure.AKS.AutoScaling: - aks-AksStan Azure.AKS.AvailabilityZone: - aks-AksStan Azure.AppGw.UseWAF: - agw-Byo Azure.AppGw.Prevention: - agw-Byo Azure.AppGw.WAFEnabled: - agw-Byo Azure.AKS.AutoUpgrade: #Auto-upgrade can be a pain for short lived test clusters - aks-Byo