gcloud alpha container fleet policycontroller content bundles set

NAME
gcloud alpha container fleet policycontroller content bundles set - sets bundle installation for Policy Controller content
SYNOPSIS
gcloud alpha container fleet policycontroller content bundles set BUNDLE_NAME [--all-memberships     | [--memberships=[MEMBERSHIPS,…] : --location=LOCATION]] [--exempted-namespaces=EXEMPTED_NAMESPACES     | --no-exempted-namespaces] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) Google-defined policy bundles of constraints can be installed onto Policy Controller installations.

The namespace exclusion flag (--exempted-namespaces) will specify a set of namespaces that the installed bundle will ignore. Subsequent calls with the same bundle name and this flag will overwrite what namespaces are being ignored. Using --no-exempted-namespaces or specifying no namespaces with --exempted-namespaces will remove all namespaces from the ignore list.

To uninstall a bundle, use the remove command.

EXAMPLES
To install a policy bundle:
gcloud alpha container fleet policycontroller content bundles set cis-k8s-v1.5.1

To install a policy bundle, while ignoring (exempting) certain namespaces from being affected by the bundle:

gcloud alpha container fleet policycontroller content bundles set cis-k8s-v1.5.1 --exempted-namespaces=kube-system,gatekeeper-system

To remove all exempted namespaces from a particular bundles ignore list:

gcloud alpha container fleet policycontroller content bundles set cis-k8s-v1.5.1 --no-exempted-namespaces
POSITIONAL ARGUMENTS
BUNDLE_NAME
The constraint bundle to install in Policy Controller.
FLAGS
Membership flags.

At most one of these can be specified:

--all-memberships
If supplied, apply to all Policy Controllers memberships in the fleet.
Membership resource - The group of arguments defining one or more memberships. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument --memberships on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.
--memberships=[MEMBERSHIPS,…]
IDs of the memberships or fully qualified identifiers for the memberships.

To set the memberships attribute:

  • provide the argument --memberships on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--location=LOCATION
Location for the memberships.

To set the location attribute:

  • provide the argument --memberships on the command line with a fully specified name;
  • provide the argument --location on the command line;
  • set the property gkehub/location.
Exempted Namespaces flags.

At most one of these can be specified:

--exempted-namespaces=EXEMPTED_NAMESPACES
Exempted namespaces are ignored by Policy Controller when applying constraints added by this bundle.
--no-exempted-namespaces
Removes all exempted namespaces from the specified bundle.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:
gcloud container fleet policycontroller content bundles set
gcloud beta container fleet policycontroller content bundles set