- NAME
-
- gcloud alpha container fleet policycontroller content bundles set - sets bundle installation for Policy Controller content
- SYNOPSIS
-
-
gcloud alpha container fleet policycontroller content bundles set
BUNDLE_NAME
[--all-memberships
| [--memberships
=[MEMBERSHIPS
,…] :--location
=LOCATION
]] [--exempted-namespaces
=EXEMPTED_NAMESPACES
|--no-exempted-namespaces
] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(ALPHA)
Google-defined policy bundles of constraints can be installed onto Policy Controller installations.The namespace exclusion flag (
--exempted-namespaces
) will specify a set of namespaces that the installed bundle will ignore. Subsequent calls with the same bundle name and this flag will overwrite what namespaces are being ignored. Using--no-exempted-namespaces
or specifying no namespaces with--exempted-namespaces
will remove all namespaces from the ignore list.To uninstall a bundle, use the
remove
command. - EXAMPLES
-
To install a policy bundle:
gcloud alpha container fleet policycontroller content bundles set cis-k8s-v1.5.1
To install a policy bundle, while ignoring (exempting) certain namespaces from being affected by the bundle:
gcloud alpha container fleet policycontroller content bundles set cis-k8s-v1.5.1 --exempted-namespaces=kube-system,gatekeeper-system
To remove all exempted namespaces from a particular bundles ignore list:
gcloud alpha container fleet policycontroller content bundles set cis-k8s-v1.5.1 --no-exempted-namespaces
- POSITIONAL ARGUMENTS
-
BUNDLE_NAME
- The constraint bundle to install in Policy Controller.
- FLAGS
-
-
Membership flags.
At most one of these can be specified:
--all-memberships
- If supplied, apply to all Policy Controllers memberships in the fleet.
-
Membership resource - The group of arguments defining one or more memberships.
The arguments in this group can be used to specify the attributes of this
resource. (NOTE) Some attributes are not given arguments in this group but can
be set in other ways.
To set the
project
attribute:-
provide the argument
--memberships
on the command line with a fully specified name; -
provide the argument
--project
on the command line; -
set the property
core/project
.
--memberships
=[MEMBERSHIPS
,…]-
IDs of the memberships or fully qualified identifiers for the memberships.
To set the
memberships
attribute:-
provide the argument
--memberships
on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location
=LOCATION
-
Location for the memberships.
To set the
location
attribute:-
provide the argument
--memberships
on the command line with a fully specified name; -
provide the argument
--location
on the command line; -
set the property
gkehub/location
.
-
provide the argument
-
provide the argument
-
Exempted Namespaces flags.
At most one of these can be specified:
--exempted-namespaces
=EXEMPTED_NAMESPACES
- Exempted namespaces are ignored by Policy Controller when applying constraints added by this bundle.
--no-exempted-namespaces
- Removes all exempted namespaces from the specified bundle.
-
Membership flags.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in alpha and might change without notice. If this
command fails with API permission errors despite specifying the correct project,
you might be trying to access an API with an invitation-only early access
allowlist. These variants are also available:
gcloud container fleet policycontroller content bundles set
gcloud beta container fleet policycontroller content bundles set
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-02-06 UTC.