gcloud beta container hub update

NAME
gcloud beta container hub update - update a fleet
SYNOPSIS
gcloud beta container hub update[--async][--display-name=DISPLAY_NAME][--update-labels=[KEY=VALUE,…]][--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE--binauthz-policy-bindings=[name=BINAUTHZ_POLICY]--security-posture=SECURITY_POSTURE--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING][--clear-labels    |--remove-labels=[KEY,…]][GCLOUD_WIDE_FLAG]
DESCRIPTION
(BETA) This command can fail for the following reasons:
  • The project specified does not exist.
  • The project specified already has a fleet.
  • The active account does not have permission to access the given project.
EXAMPLES
To update the display name of the fleet in projectexample-foo-bar-1 toupdated-name, run:
gcloudbetacontainerhubupdate--display-name=updated-name--project=example-foo-bar-1
FLAGS
--async
Return immediately, without waiting for the operation in progress to complete.
--display-name=DISPLAY_NAME
Display name of the fleet to be created (optional). 4-30 characters,alphanumeric and [ '"!-] only.
--update-labels=[KEY=VALUE,…]
List of label KEY=VALUE pairs to update. If a label exists, its value ismodified. Otherwise, a new label is created.

Keys must start with a lowercase character and contain only hyphens(-), underscores (_), lowercase characters, andnumbers. Values must contain only hyphens (-), underscores(_), lowercase characters, and numbers.

Default cluster configurations to apply across the fleet.
Binary Authorization config.
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
Configure binary authorization mode for clusters to onboard the fleet,
gcloudbetacontainerhubupdate--binauthz-evaluation-mode=policy-bindings

BINAUTHZ_EVALUATION_MODE must be one of:disabled,policy-bindings.

--binauthz-policy-bindings=[name=BINAUTHZ_POLICY]
The relative resource name of the Binary Authorization policy to audit and/orenforce. GKE policies have the following format:projects/{project_number}/platforms/gke/policies/{policy_id}.
Security posture config.
--security-posture=SECURITY_POSTURE
To apply standard security posture to clusters in the fleet,
gcloudbetacontainerhubupdate--security-posture=standard

SECURITY_POSTURE must be one of:disabled,standard,enterprise.

--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
To apply standard vulnerability scanning to clusters in the fleet,
gcloudbetacontainerhubupdate--workload-vulnerability-scanning=standard

WORKLOAD_VULNERABILITY_SCANNING must be one of:disabled,standard,enterprise.

At most one of these can be specified:
--clear-labels
Remove all labels. If--update-labels is also specified then--clear-labels is applied first.

For example, to remove all labels:

gcloudbetacontainerhubupdate--clear-labels

To remove all existing labels and create two new labels,foo andbaz:

gcloudbetacontainerhubupdate--clear-labels--update-labelsfoo=bar,baz=qux
--remove-labels=[KEY,…]
List of label keys to remove. If a label does not exist it is silently ignored.If--update-labels is also specified then--update-labels is applied first.
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
This command is currently in beta and might change without notice. Thesevariants are also available:
gcloudcontainerhubupdate
gcloudalphacontainerhubupdate

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-01-21 UTC.