gcloud container hub policycontroller enable

NAME
gcloud container hub policycontroller enable - enable Policy Controller Feature
SYNOPSIS
gcloud container hub policycontroller enable[--all-memberships    | [--memberships=[MEMBERSHIPS,…] :--location=LOCATION]--audit-interval=AUDIT_INTERVAL--constraint-violation-limit=CONSTRAINT_VIOLATION_LIMIT--no-content--no-default-bundles--version=VERSION--clear-exemptable-namespaces    |--exemptable-namespaces=EXEMPTABLE_NAMESPACES--log-denies    |--no-log-denies--monitoring=MONITORING    |--no-monitoring--mutation    |--no-mutation--referential-rules    |--no-referential-rules    |--fleet-default-member-config=FLEET_DEFAULT_MEMBER_CONFIG    |--no-fleet-default-member-config][GCLOUD_WIDE_FLAG]
DESCRIPTION
Enables the Policy Controller Feature in a fleet.
EXAMPLES
To enable the Policy Controller Feature, run:
gcloudcontainerhubpolicycontrollerenable
FLAGS
At most one of these can be specified:
Membership flags.

At most one of these can be specified:

--all-memberships
If supplied, apply to all Policy Controllers memberships in the fleet.
Membership resource - The group of arguments defining one or more memberships.The arguments in this group can be used to specify the attributes of thisresource. (NOTE) Some attributes are not given arguments in this group but canbe set in other ways.

To set theproject attribute:

  • provide the argument--memberships on the command line with a fullyspecified name;
  • provide the argument--project on the command line;
  • set the propertycore/project.
--memberships=[MEMBERSHIPS,…]
IDs of the memberships or fully qualified identifiers for the memberships.

To set thememberships attribute:

  • provide the argument--memberships on the command line.

This flag argument must be specified if any of the other arguments in this groupare specified.

--location=LOCATION
Location for the memberships.

To set thelocation attribute:

  • provide the argument--memberships on the command line with a fullyspecified name;
  • provide the argument--location on the command line;
  • set the propertygkehub/location.
--audit-interval=AUDIT_INTERVAL
How often Policy Controller will audit resources, in seconds.
--constraint-violation-limit=CONSTRAINT_VIOLATION_LIMIT
The number of violations stored on the constraint resource. Must be greater than0.
--no-content
If set, Policy content, including the template library and policy bundles, willnot be installed.
--no-default-bundles
If set, skip installing the default bundle of policy-essentials.
--version=VERSION
The version of Policy Controller to install; defaults to latest version.
Exemptable Namespace flags.

At most one of these can be specified:

--clear-exemptable-namespaces
Removes any namespace exemptions, enabling Policy Controller on all namespaces.Setting this flag will overwrite currently exempted namespaces, not append.
--exemptable-namespaces=EXEMPTABLE_NAMESPACES
Namespaces that Policy Controller should ignore, separated by commas if multipleare supplied.
Log Denies flags.

At most one of these can be specified:

--log-denies
If set, log all denies and dry run failures. (To disable, use --no-log-denies)
--no-log-denies
If set, disable all log denies.
Monitoring flags.

At most one of these can be specified:

--monitoring=MONITORING
Monitoring backend options Policy Controller should export metrics to, separatedby commas if multiple are supplied. Setting this flag will overwrite currentlyenabled backends, not append. Options: prometheus, cloudmonitoring
--no-monitoring
Include this flag to disable the monitoring configuration of Policy Controller.
Mutation flags.

At most one of these can be specified:

--mutation
If set, enable support for mutation. (To disable, use --no-mutation)
--no-mutation
Disables mutation support.
Referential Rules flags.

At most one of these can be specified:

--referential-rules
If set, enable support for referential constraints. (To disable, use--no-referential-rules)
--no-referential-rules
Disables referential rules support.
Flags for setting Fleet Default Configuration files.

At most one of these can be specified:

--fleet-default-member-config=FLEET_DEFAULT_MEMBER_CONFIG
The path to a policy-controller.yaml configuration file. If specified, thisconfiguration will become the default Policy Controller configuration for allmemberships in your fleet. It can be overridden with a membership-specificconfiguration by using the theUpdate command.
ToenablethePolicyControllerFeaturewithafleet-leveldefaultmembershipconfiguration,run:
gcloudcontainerhubpolicycontrollerenable--fleet-default-member-config=/path/to/policy-controller.yaml
--no-fleet-default-member-config
Removes the fleet default configuration for policy controller. Membershipsconfigured with the fleet default will maintain their current configuration.
gcloudcontainerhubpolicycontrollerenable--no-fleet-default-member-config
GCLOUD WIDE FLAGS
These flags are available to all commands:--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.

Run$gcloud help for details.

NOTES
These variants are also available:
gcloudalphacontainerhubpolicycontrollerenable
gcloudbetacontainerhubpolicycontrollerenable

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-07-22 UTC.