AzStackHciConnectivity/Targets/AzStackHci.EnvironmentChecker.Azure.Kubernetes.Service.Targets.json

[
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure API Management",
    "Name": "Azure_Kubernetes_Service_Azure_API_Management",
    "Severity": "Warning",
    "Description": "Required for the agent to connect to Azure and register the cluster.",
    "Endpoint": [
      "management.azure.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/network-requirements?tabs=azure-cloud",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure Arc Helm Chart",
    "Name": "Azure_Kubernetes_Service_Azure_Arc_Helm_Chart",
    "Severity": "Warning",
    "Description": "This endpoint is needed for Helm client download to facilitate deployment of the agent helm chart.",
    "Endpoint": [
      "k8connecthelm.azureedge.net"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/network-requirements?tabs=azure-cloud",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure RBAC",
    "Name": "Azure_Kubernetes_Service_Azure_RBAC",
    "Severity": "Warning",
    "Description": "Required when Azure RBAC is configured.",
    "Endpoint": [
      "graph.microsoft.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/azure-arc/kubernetes/network-requirements?tabs=azure-cloud",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Microsoft Container Registry",
    "Name": "Azure_Kubernetes_Service_Microsoft_Container_Registry",
    "Severity": "Warning",
    "Description": "Used for official Microsoft artifacts such as container images",
    "Endpoint": [
      "mcr.microsoft.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure Arc identity service",
    "Name": "Azure_Kubernetes_Service_Azure_Arc_identity_service",
    "Severity": "Warning",
    "Description": "Used for identity and access control",
    "Endpoint": [
      "gbl.his.arc.azure.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Kubernetes",
    "Name": "Azure_Kubernetes_Service_Kubernetes",
    "Severity": "Warning",
    "Description": "Used for Azure Arc configuration",
    "Endpoint": [
      "eastus.dp.kubernetesconfiguration.azure.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "EastUS",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Cluster connect",
    "Name": "Azure_Kubernetes_Service_Cluster_connect",
    "Severity": "Warning",
    "Description": "Used to securely connect to Azure Arc-enabled Kubernetes clusters without requiring any inbound port to be enabled on the firewall.",
    "Endpoint": [
      "azgnrelay-eastus-l1.servicebus.windows.net"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "EastUS",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Notification service",
    "Name": "Azure_Kubernetes_Service_Notification_service",
    "Severity": "Warning",
    "Description": "Used for guest notification operations.",
    "Endpoint": [
      "guestnotificationservice.azure.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Data plane service",
    "Name": "Azure_Kubernetes_Service_Data_plane_service",
    "Severity": "Warning",
    "Description": "Used for data plane operations for Resource bridge (appliance).",
    "Endpoint": [
      "eastus.dp.prod.appliances.azure.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "EastUS",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Download agent",
    "Name": "Azure_Kubernetes_Service_Download_agent",
    "Severity": "Warning",
    "Description": "Used to download images and agents.",
    "Endpoint": [
      "westus.data.mcr.microsoft.com",
      "azurearcfork8s.azurecr.io",
      "linuxgeneva-microsoft.azurecr.io",
      "pipelineagent.azurecr.io",
      "ecpacr.azurecr.io"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Metrics and health monitoring",
    "Name": "Azure_Kubernetes_Service_Download_agent",
    "Severity": "Warning",
    "Description": "Used for metrics and monitoring telemetry traffic.",
    "Endpoint": [
      "global.prod.microsoftmetrics.com",
      "prod5.prod.hot.ingestion.msftcloudes.com",
      "dc.services.visualstudio.com",
      "eastus-shared.prod.warm.ingest.monitor.core.windows.net",
      "gcs.prod.monitoring.core.windows.net/healthcheck"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "ARB Images",
    "Name": "Azure_Kubernetes_Service_ARB_Images",
    "Severity": "Warning",
    "Description": "Used to download Resource bridge (appliance) images.",
    "Endpoint": [
      "arcplatformcliextprod.blob.core.windows.net",
      "fe3cr.delivery.mp.microsoft.com",
      "geo.prod.do.dsp.mp.microsoft.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Kubernetes",
    "Name": "Azure_Kubernetes_Service_Kubernetes",
    "Severity": "Warning",
    "Description": "Used to download Azure Arc for Kubernetes container images.",
    "Endpoint": [
      "azurearcfork8sdev.azurecr.io"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Telemetry",
    "Name": "Azure_Kubernetes_Service_Telemetry",
    "Severity": "Warning",
    "Description": "Used periodically to send required diagnostic data to Microsoft from control plane nodes.",
    "Endpoint": [
      "adhs.events.data.microsoft.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Telemetry",
    "Name": "Azure_Kubernetes_Service_Telemetry",
    "Severity": "Warning",
    "Description": "Used periodically to send required diagnostic data to Microsoft from control plane nodes.",
    "Endpoint": [
      "adhs.events.data.microsoft.com",
      "v20.events.data.microsoft.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Python package",
    "Name": "Azure_Kubernetes_Service_Python_package",
    "Severity": "Warning",
    "Description": "Validate Kubernetes and Python versions.",
    "Endpoint": [
      "pypi.org",
      "files.pythonhosted.org"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Container image",
    "Name": "Azure_Kubernetes_Service_Python_package",
    "Severity": "Warning",
    "Description": "Required to access the HybridAKS operator image.",
    "Endpoint": [
      "hybridaks.azurecr.io"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "az extensions",
    "Name": "A",
    "Severity": "Warning",
    "Description": "Required to download Azure CLI extensions such as akshybrid and connectedk8s.",
    "Endpoint": [
      "aka.ms"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure",
    "Name": "Azure_Kubernetes_Service_Azure",
    "Severity": "Warning",
    "Description": "Required to fetch and update Azure Resource Manager tokens",
    "Endpoint": [
      "eastus.login.microsoft.com",
      "login.microsoftonline.com",
      "login.windows.net"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure Arc",
    "Name": "Azure_Kubernetes_Service_Azure_Arc",
    "Severity": "Warning",
    "Description": "For Cluster Connect and Custom Location-based scenarios.",
    "Endpoint": [
      "sts.windows.net",
      "eastus.obo.arc.azure.com:8084",
      "k8sconnectcsp.azureedge.net"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure Stack HCI",
    "Name": "Azure_Kubernetes_Service_Azure_Stack_HCI",
    "Severity": "Warning",
    "Description": "AKSHCI static website hosted in Azure Storage.",
    "Endpoint": [
      "hybridaksstorage.z13.web.core.windows.net"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "GitHub",
    "Name": "Azure_Kubernetes_Service_GitHub",
    "Severity": "Warning",
    "Description": "Used for GitHub.",
    "Endpoint": [
      "raw.githubusercontent.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Microsoft official web site",
    "Name": "Azure_Kubernetes_Service_Microsoft_official_web_site",
    "Severity": "Warning",
    "Description": "Microsoft official web site.",
    "Endpoint": [
      "www.microsoft.com"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  },
  {
    "Service": [
      "Azure Kubernetes Service"
    ],
    "Title": "Azure Arc Networking",
    "Name": "Azure_Kubernetes_Service_Azure_Arc_Networking",
    "Severity": "Warning",
    "Description": "For downloading Arc Networking related images",
    "Endpoint": [
      "aszk8snetworking.azurecr.io"
    ],
    "Protocol": [
      "https"
    ],
    "Mandatory": false,
    "OperationType": [
      "Workload"
    ],
    "Group": "ReadinessChecks",
    "Remediation": "https://learn.microsoft.com/en-us/azure/aks/hybrid/aks-hci-network-system-requirements#firewall-url-exceptions",
    "TargetResourceID": "",
    "TargetResourceName": "",
    "TargetResourceType": "",
    "Tags": {
      "Group": "ReadinessChecks",
      "Mandatory": false,
      "OperationType": [
        "Workload"
      ]
    },
    "AdditionalData": null,
    "Region": "Global",
    "ARCGateway": false
  }
]