forked from Azure/PSRule.Rules.Azure
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(new): Added Azure.Azure.VMSS.AutoInstanceRepairs (Azure#2897)
* feat(new): Added Azure.Azure.VMSS.AutoInstanceRepairs * fix: Fixed wrong issue reference --------- Co-authored-by: Bernie White <[email protected]>
- Loading branch information
1 parent
0e8ad12
commit 1e28104
Showing
5 changed files
with
164 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
--- | ||
severity: Important | ||
pillar: Reliability | ||
category: RE:07 Self-preservation | ||
resource: Virtual Machine Scale Sets | ||
online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.VMSS.AutoInstanceRepairs/ | ||
--- | ||
|
||
# Automatic instance repairs | ||
|
||
## SYNOPSIS | ||
|
||
Automatic instance repairs are enabled. | ||
|
||
## DESCRIPTION | ||
|
||
Enabling automatic instance repairs helps to achieve high application availability by automatically detecting and recovering unhealthy VM instances at runtime. | ||
|
||
The automatic instance repair feature relies on health monitoring of individual VM instances in a scale set. | ||
VM Instances in a scale set can be configured to emit application health status using either the Application Health extension or Load balancer health probes. | ||
If an VM instance is found to be unhealthy, the scale set will perform a preconfigured repair action on the unhealthy VM instance. | ||
Automatic instance repairs can be enabled in the Virtual Machine Scale Set model by using the `automaticRepairsPolicy` object. | ||
|
||
See documentation references below for additional limitations and important information. | ||
|
||
## RECOMMENDATION | ||
|
||
Consider enabling automatic instance repairs to achieve high application availability by maintaining a set of healthy VM instances. | ||
|
||
## EXAMPLES | ||
|
||
### Configure with Azure template | ||
|
||
To deploy virtual machine scale sets that pass this rule: | ||
|
||
- Set the `properties.automaticRepairsPolicy.enabled` property to `true`. | ||
|
||
For example: | ||
|
||
```json | ||
{ | ||
"type": "Microsoft.Compute/virtualMachineScaleSets", | ||
"apiVersion": "2023-09-01", | ||
"name": "[parameters('name')]", | ||
"location": "[parameters('location')]", | ||
"sku": { | ||
"name": "b2ms", | ||
"tier": "Standard", | ||
"capacity": 1 | ||
}, | ||
"properties": { | ||
"automaticRepairsPolicy": { | ||
"enabled": true | ||
} | ||
} | ||
} | ||
``` | ||
|
||
### Configure with Bicep | ||
|
||
To deploy virtual machine scale sets that pass this rule: | ||
|
||
- Set the `properties.automaticRepairsPolicy.enabled` property to `true`. | ||
|
||
For example: | ||
|
||
```bicep | ||
resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2023-09-01' = { | ||
name: name | ||
location: location | ||
sku: { | ||
name: 'b2ms' | ||
tier: 'Standard' | ||
capacity: 1 | ||
} | ||
properties: { | ||
automaticRepairsPolicy: { | ||
enabled: true | ||
} | ||
} | ||
} | ||
``` | ||
|
||
## NOTES | ||
|
||
This feature for virtual machine scale sets is currently in preview. | ||
|
||
In order for automatic repairs policy to work properly, ensure that all the requirements for opting in to this feature are met. | ||
|
||
## LINKS | ||
|
||
- [RE:07 Self-preservation](https://learn.microsoft.com/azure/well-architected/reliability/self-preservation) | ||
- [Automatic instance repairs](https://learn.microsoft.com/azure/virtual-machine-scale-sets/virtual-machine-scale-sets-automatic-instance-repairs) | ||
- [Azure resource deployment](https://learn.microsoft.com/azure/templates/microsoft.compute/virtualmachinescalesets#automaticrepairspolicy) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
# Copyright (c) Microsoft Corporation. | ||
# Licensed under the MIT License. | ||
|
||
# | ||
# Validation rules for Azure Virtual Machine Scale Sets | ||
# | ||
|
||
#region Rules | ||
|
||
--- | ||
# Synopsis: Automatic instance repairs are enabled. | ||
apiVersion: github.com/microsoft/PSRule/v1 | ||
kind: Rule | ||
metadata: | ||
name: Azure.VMSS.AutoInstanceRepairs | ||
ref: AZR-000426 | ||
tags: | ||
release: preview | ||
ruleSet: 2024_06 | ||
Azure.WAF/pillar: Reliability | ||
spec: | ||
type: | ||
- Microsoft.Compute/virtualMachineScaleSets | ||
condition: | ||
field: properties.automaticRepairsPolicy.enabled | ||
equals: true | ||
|
||
#endregion Rules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters