Describe the bug
Recommendation 4f63619f-5001-439c-bacb-8de891287727 - Deploy AKS cluster across availability zones is only checking for one of two PG approved methods for setting up AZs in AKS. The current ARG query is only checking to see if the customer is using the Zone Spanning option which has the cluster automatically generate node pools across each zone in a region. The PG also has published documentation for a Zone Aligned configuration, where the node pools are pinned to a specific zone. The current query does not detect this configuration and says the clusters are not zonal, when according to the PG, these are fully protected configurations.
To Reproduce
Steps to reproduce the behaviour:
- Create a cluster with Zone Aligned node pools (3 user and 3 system each pinned to a zone)
- Run query tied to recommendation 4f63619f-5001-439c-bacb-8de891287727
- The query will show a non-compliant cluster - six times - once for each user and system pool.
- This is incorrect as this configuration is fully supported by the PG as a zone resilient configuration.
Expected behaviour
A Zone-Aligned cluster should not show up as non-compliant 🙂
Screenshots 📷
If applicable, add screenshots to help explain your problem. Please feel free to blur/cover any sensitive information.
Additional context
Changing Line 10 in the query from being
| where numOfAvailabilityZones < 2
to
| where numOfAvailabilityZones < 1
generates the correct output.
I tested this in my lab.
Describe the bug
Recommendation 4f63619f-5001-439c-bacb-8de891287727 - Deploy AKS cluster across availability zones is only checking for one of two PG approved methods for setting up AZs in AKS. The current ARG query is only checking to see if the customer is using the Zone Spanning option which has the cluster automatically generate node pools across each zone in a region. The PG also has published documentation for a Zone Aligned configuration, where the node pools are pinned to a specific zone. The current query does not detect this configuration and says the clusters are not zonal, when according to the PG, these are fully protected configurations.
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
A Zone-Aligned cluster should not show up as non-compliant 🙂
Screenshots 📷
If applicable, add screenshots to help explain your problem. Please feel free to blur/cover any sensitive information.
Additional context
Changing Line 10 in the query from being
| where numOfAvailabilityZones < 2
to
| where numOfAvailabilityZones < 1
generates the correct output.
I tested this in my lab.