gcloud container hub policycontroller update

NAME
gcloud container hub policycontroller update - updates the configuration of Policy Controller Feature
SYNOPSIS
gcloud container hub policycontroller update [--all-memberships     | [--memberships=[MEMBERSHIPS,…] : --location=LOCATION] --origin=ORIGIN     | --audit-interval=AUDIT_INTERVAL --constraint-violation-limit=CONSTRAINT_VIOLATION_LIMIT --version=VERSION --clear-exemptable-namespaces     | --exemptable-namespaces=EXEMPTABLE_NAMESPACES --log-denies     | --no-log-denies --monitoring=MONITORING     | --no-monitoring --mutation     | --no-mutation --referential-rules     | --no-referential-rules] [GCLOUD_WIDE_FLAG]
DESCRIPTION
Updates the configuration of the Policy Controller installation
EXAMPLES
To change the installed version, run:
gcloud container hub policycontroller update --version=VERSION

To modify the audit interval to 120 seconds, run:

gcloud container hub policycontroller update --audit-interval=120
FLAGS
Membership flags.

At most one of these can be specified:

--all-memberships
If supplied, apply to all Policy Controllers memberships in the fleet.
Membership resource - The group of arguments defining one or more memberships. The arguments in this group can be used to specify the attributes of this resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways.

To set the project attribute:

  • provide the argument --memberships on the command line with a fully specified name;
  • provide the argument --project on the command line;
  • set the property core/project.
--memberships=[MEMBERSHIPS,…]
IDs of the memberships or fully qualified identifiers for the memberships.

To set the memberships attribute:

  • provide the argument --memberships on the command line.

This flag argument must be specified if any of the other arguments in this group are specified.

--location=LOCATION
Location for the memberships.

To set the location attribute:

  • provide the argument --memberships on the command line with a fully specified name;
  • provide the argument --location on the command line;
  • set the property gkehub/location.
At most one of these can be specified:
--origin=ORIGIN
If --origin=FLEET will set the configuration of the membership to the fleet default.

ORIGIN must be (only one value is supported): FLEET.

--audit-interval=AUDIT_INTERVAL
How often Policy Controller will audit resources, in seconds.
--constraint-violation-limit=CONSTRAINT_VIOLATION_LIMIT
The number of violations stored on the constraint resource. Must be greater than 0.
--version=VERSION
The version of Policy Controller to install; defaults to latest version.
Exemptable Namespace flags.

At most one of these can be specified:

--clear-exemptable-namespaces
Removes any namespace exemptions, enabling Policy Controller on all namespaces. Setting this flag will overwrite currently exempted namespaces, not append.
--exemptable-namespaces=EXEMPTABLE_NAMESPACES
Namespaces that Policy Controller should ignore, separated by commas if multiple are supplied.
Log Denies flags.

At most one of these can be specified:

--log-denies
If set, log all denies and dry run failures. (To disable, use --no-log-denies)
--no-log-denies
If set, disable all log denies.
Monitoring flags.

At most one of these can be specified:

--monitoring=MONITORING
Monitoring backend options Policy Controller should export metrics to, separated by commas if multiple are supplied. Setting this flag will overwrite currently enabled backends, not append. Options: prometheus, cloudmonitoring
--no-monitoring
Include this flag to disable the monitoring configuration of Policy Controller.
Mutation flags.

At most one of these can be specified:

--mutation
If set, enable support for mutation. (To disable, use --no-mutation)
--no-mutation
Disables mutation support.
Referential Rules flags.

At most one of these can be specified:

--referential-rules
If set, enable support for referential constraints. (To disable, use --no-referential-rules)
--no-referential-rules
Disables referential rules support.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
These variants are also available:
gcloud alpha container hub policycontroller update
gcloud beta container hub policycontroller update