Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New Policy (Azure Kubernetes Services): Ensure ephemeral disks are used for OS disks on Agent Pool Profiles #435

Conversation

tdefise
Copy link
Contributor

@tdefise tdefise commented Apr 4, 2024

Policy

  • Name: Ensure ephemeral disks are used for OS disks on Agent Pool Profiles
  • Description: Ephemeral OS disks are created on the local virtual machine (VM) storage and not saved to the remote Azure Storage, as when using managed OS disks
  • Supported effect(s): Deny, Audit, Disabled
  • Parameters: None

Description

Ensure ephemeral disks are used for OS disks on Agent Pool Profiles

Details

Ephemeral OS disks are created on the local virtual machine (VM) storage and not saved to the remote Azure Storage, as when using managed OS disks. For more information on the performance of a managed disk, see Disk allocation and performance. Ephemeral OS disks work well for stateless workloads, where applications are tolerant of individual VM failures but are more affected by VM deployment time or reimaging of individual VM instances. With Ephemeral OS disks, you get lower read/write latency to the OS disk and faster VM reimage.

The key features of ephemeral disks are the following:

  • Ideal for stateless applications and workloads.
  • Supported by the Azure Marketplace, custom images, and Azure Compute Gallery
  • Ability to fast reset or reimage virtual machines and scale set instances to the original boot state.
  • Lower latency, similar to a temporary disk.
  • Ephemeral OS disks are free; you incur no storage cost for OS disks.
  • Available in all Azure regions.

Source: https://learn.microsoft.com/en-us/samples/azure-samples/aks-ephemeral-os-disk/aks-ephemeral-os-disk

Contribution Rules

  • Contain a single Policy in a folder by itself with 3 files: azurepolicy.json, azurepolicy.rules.json, and azurepolicy.parameters.json
  • Used Confirm-PolicyDefinitionIsValid.ps1
  • Used Out-FormattedPolicyDefinition.ps1
  • Effect default value alignes with convention

@aschabus aschabus merged commit fe0dd1c into Azure:main Apr 17, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants