az aks safeguards
Manage Deployment Safeguards.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az aks safeguards create |
Enable Deployment Safeguards for a Managed Cluster. |
Core | GA |
| az aks safeguards delete |
Disable Deployment Safeguards for a Managed Cluster. |
Core | GA |
| az aks safeguards list |
List DeploymentSafeguards by parent resource. |
Core | GA |
| az aks safeguards show |
Show Deployment Safeguards Configuration for a Managed Cluster. |
Core | GA |
| az aks safeguards update |
Update Deployment Safeguards configuration for a Managed Cluster. |
Core | GA |
| az aks safeguards wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az aks safeguards create
Enable Deployment Safeguards for a Managed Cluster.
az aks safeguards create [--cluster --managed-cluster]
[--excluded-namespaces --excluded-ns]
[--level {Enforce, Warn}]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]Examples
Create a DeploymentSafeguards resource at Warn level with a managed cluster resource id
az aks safeguards create --resource /subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1 --level WarnCreate a DeploymentSafeguards resource at Warn level using subscription, resourcegroup, and name tags
az aks safeguards create --subscription subid1 -g rg1 -n cluster1 --level WarnCreate a DeploymentSafeguards resource at Warn level with ignored namespaces
az aks safeguards create -g rg1 -n mc1 --excluded-ns ns1 ns2 --level WarnOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The fully qualified Azure Resource manager identifier of the Managed Cluster.
User defined list of namespaces to exclude from Deployment Safeguards. Deployments in these namespaces will not be checked against any safeguards Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The deployment safeguards level. Possible values are Warn and Enforce.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | Enforce, Warn |
The name of the Managed Cluster.You may provide either 'managed_cluster' or both 'resource_group' and name', but not both.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the resource group. You can configure the default group using az configure --defaults group=<name>. You may provide either 'managed_cluster' or both 'resource_group' and 'name', but not both.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks safeguards delete
Disable Deployment Safeguards for a Managed Cluster.
az aks safeguards delete [--cluster --managed-cluster]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--yes]Examples
Delete a DeploymentSafeguard resource by managed cluster id
az aks safeguards delete -c subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1Delete a DeploymentSafeguard resource with resourceGroup and clusterName arguments
az aks safeguards delete -g rg1 -n cluster1Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The fully qualified Azure Resource manager identifier of the Managed Cluster.
The name of the Managed Cluster.You may provide either 'managed_cluster' or both 'resource_group' and name', but not both.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the resource group. You can configure the default group using az configure --defaults group=<name>. You may provide either 'managed_cluster' or both 'resource_group' and 'name', but not both.
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks safeguards list
List DeploymentSafeguards by parent resource.
az aks safeguards list [--cluster --managed-cluster]
[--max-items]
[--name]
[--next-token]
[--resource-group]Examples
List DeploymentSafeguards by parent resource
az aks safeguards list --managed-cluster subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1List DeploymentSafeguards by parent resource
az aks safeguards list -g rg1 -n cluster1Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The fully qualified Azure Resource manager identifier of the Managed Cluster.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
The name of the Managed Cluster.You may provide either 'managed_cluster' or both 'resource_group' and name', but not both.
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
The name of the resource group. You can configure the default group using az configure --defaults group=<name>. You may provide either 'managed_cluster' or both 'resource_group' and 'name', but not both.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks safeguards show
Show Deployment Safeguards Configuration for a Managed Cluster.
az aks safeguards show [--cluster --managed-cluster]
[--name]
[--resource-group]Examples
Gets a DeploymentSafeguard resource by managed cluster id
az aks safeguards show --managed-cluster subscriptions/subid1/resourceGroups/rg1/providers/Microsoft.ContainerService/managedClusters/cluster1Gets a DeploymentSafeguard resource with resourceGroup and clusterName arguments
az aks safeguards show -g rg1 -n cluster1Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
The fully qualified Azure Resource manager identifier of the Managed Cluster.
The name of the Managed Cluster.You may provide either 'managed_cluster' or both 'resource_group' and name', but not both.
The name of the resource group. You can configure the default group using az configure --defaults group=<name>. You may provide either 'managed_cluster' or both 'resource_group' and 'name', but not both.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks safeguards update
Update Deployment Safeguards configuration for a Managed Cluster.
az aks safeguards update [--add]
[--cluster --managed-cluster]
[--excluded-namespaces --excluded-ns]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--level {Enforce, Warn}]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--resource-group]
[--set]Examples
Update a DeploymentSafeguards resource by cluster id to Enforce level
az aks safeguards update -c /subscriptions/subid/resourcegroups/rg1/providers/Microsoft.ContainerService/managedClusters/mc1 --level EnforceUpdate a DeploymentSafeguards resource to Enforce level using resourceGroup and name arguments
az aks safeguards update --level Enforce -g rg1 -n mc1Update a DeploymentSafeguards resource by adding 2 new namespaces to ignore
az aks safeguards update -g rg1 -n mc1 --excluded-ns ns1 ns2Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The fully qualified Azure Resource manager identifier of the Managed Cluster.
User defined list of namespaces to exclude from Deployment Safeguards. Deployments in these namespaces will not be checked against any safeguards Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The deployment safeguards level. Possible values are Warn and Enforce.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | Enforce, Warn |
The name of the Managed Cluster.You may provide either 'managed_cluster' or both 'resource_group' and name', but not both.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The name of the resource group. You can configure the default group using az configure --defaults group=<name>. You may provide either 'managed_cluster' or both 'resource_group' and 'name', but not both.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aks safeguards wait
Place the CLI in a waiting state until a condition is met.
az aks safeguards wait --cluster --managed-cluster
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--name]
[--resource-group]
[--timeout]
[--updated]Required Parameters
The fully qualified Azure Resource manager identifier of the Managed Cluster.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
The name of the Managed Cluster.You may provide either 'managed_cluster' or both 'resource_group' and name', but not both.
The name of the resource group. You can configure the default group using az configure --defaults group=<name>. You may provide either 'managed_cluster' or both 'resource_group' and 'name', but not both.
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
