1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-18 06:47:12 +00:00

gcloud: Thu Sep 7 10:42:28 UTC 2023

This commit is contained in:
Automated 2023-09-07 10:42:28 +00:00
parent f9edf67fe5
commit 6c8d2eb024
307 changed files with 4053 additions and 1615 deletions

View file

@ -70,11 +70,11 @@ SYNOPSIS
[--workload-metadata=WORKLOAD_METADATA] [--workload-pool=WORKLOAD_POOL]
[--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
[--additional-zones=ZONE,[ZONE,...] | --node-locations=ZONE,[ZONE,...]]
[--cluster-dns=CLUSTER_DNS --cluster-dns-domain=CLUSTER_DNS_DOMAIN
--cluster-dns-scope=CLUSTER_DNS_SCOPE]
[--binauthz-policy-bindings=[name=BINAUTHZ_POLICY,...]
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
| --enable-binauthz]
[--cluster-dns=CLUSTER_DNS --cluster-dns-domain=CLUSTER_DNS_DOMAIN
--cluster-dns-scope=CLUSTER_DNS_SCOPE]
[--disable-dataplane-v2-metrics | --enable-dataplane-v2-metrics]
[[--enable-autoprovisioning
: --autoprovisioning-config-file=AUTOPROVISIONING_CONFIG_FILE
@ -1232,7 +1232,8 @@ FLAGS
To disable in an existing cluster, explicitly set the flag to
--workload-vulnerability-scanning=disabled.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, standard.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, standard,
enterprise.
At most one of these can be specified:
@ -1277,28 +1278,6 @@ FLAGS
--location us-central1-a \
--node-locations us-central1-a,us-central1-b
Flags for Binary Authorization:
--binauthz-policy-bindings=[name=BINAUTHZ_POLICY,...]
The relative resource name of the Binary Authorization policy to
audit and/or enforce. GKE policies have the following format:
projects/{project_number}/platforms/gke/policies/{policy_id}.
At most one of these can be specified:
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
Enable Binary Authorization for this cluster.
BINAUTHZ_EVALUATION_MODE must be one of: DISABLED, MONITORING,
MONITORING_AND_PROJECT_SINGLETON_POLICY_ENFORCE, POLICY_BINDINGS,
POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE,
PROJECT_SINGLETON_POLICY_ENFORCE.
--enable-binauthz
(DEPRECATED) Enable Binary Authorization for this cluster.
The --enable-binauthz flag is deprecated. Please use
--binauthz-evaluation-mode instead.
ClusterDNS
--cluster-dns=CLUSTER_DNS
@ -1328,6 +1307,27 @@ FLAGS
vpc
Configures the Cloud DNS zone to be private to the VPC Network.
Flags for Binary Authorization:
--binauthz-policy-bindings=[name=BINAUTHZ_POLICY,...]
The relative resource name of the Binary Authorization policy to
audit and/or enforce. GKE policies have the following format:
projects/{project_number}/platforms/gke/policies/{policy_id}.
At most one of these can be specified:
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
Enable Binary Authorization for this cluster.
BINAUTHZ_EVALUATION_MODE must be one of: DISABLED, POLICY_BINDINGS,
POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE,
PROJECT_SINGLETON_POLICY_ENFORCE.
--enable-binauthz
(DEPRECATED) Enable Binary Authorization for this cluster.
The --enable-binauthz flag is deprecated. Please use
--binauthz-evaluation-mode instead.
At most one of these can be specified:
--disable-dataplane-v2-metrics

View file

@ -355,14 +355,14 @@ FLAGS
To disable in an existing cluster, explicitly set the flag to
--workload-vulnerability-scanning=disabled.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, standard.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, standard,
enterprise.
Flags for Binary Authorization:
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
Enable Binary Authorization for this cluster.
BINAUTHZ_EVALUATION_MODE must be one of: DISABLED, MONITORING,
MONITORING_AND_PROJECT_SINGLETON_POLICY_ENFORCE, POLICY_BINDINGS,
BINAUTHZ_EVALUATION_MODE must be one of: DISABLED, POLICY_BINDINGS,
POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE,
PROJECT_SINGLETON_POLICY_ENFORCE.

View file

@ -42,6 +42,8 @@ SYNOPSIS
| --additional-pod-ipv4-ranges=NAME,[NAME,...]
--remove-additional-pod-ipv4-ranges=NAME,[NAME,...]
| --additional-zones=[ZONE,...] | --node-locations=ZONE,[ZONE,...]
| --cluster-dns=CLUSTER_DNS --cluster-dns-domain=CLUSTER_DNS_DOMAIN
--cluster-dns-scope=CLUSTER_DNS_SCOPE
| --binauthz-policy-bindings=[name=BINAUTHZ_POLICY,...]
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
| --enable-binauthz | --clear-maintenance-window
@ -57,8 +59,6 @@ SYNOPSIS
| --enable-network-egress-metering
--enable-resource-consumption-metering
--resource-usage-bigquery-dataset=RESOURCE_USAGE_BIGQUERY_DATASET
| --cluster-dns=CLUSTER_DNS --cluster-dns-domain=CLUSTER_DNS_DOMAIN
--cluster-dns-scope=CLUSTER_DNS_SCOPE
| --dataplane-v2-observability-mode=DATAPLANE_V2_OBSERVABILITY_MODE
--disable-dataplane-v2-metrics | --enable-dataplane-v2-metrics
| [--enable-autoprovisioning
@ -636,7 +636,8 @@ REQUIRED FLAGS
To disable in an existing cluster, explicitly set the flag to
--workload-vulnerability-scanning=disabled.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, standard.
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, standard,
enterprise.
--additional-pod-ipv4-ranges=NAME,[NAME,...]
Additional IP address ranges(by name) for pods that need to be added
@ -705,6 +706,35 @@ REQUIRED FLAGS
--location us-central1-a \
--node-locations us-central1-a,us-central1-b
ClusterDNS
--cluster-dns=CLUSTER_DNS
DNS provider to use for this cluster. CLUSTER_DNS must be one of:
clouddns
Selects Cloud DNS as the DNS provider for the cluster.
default
Selects the default DNS provider (kube-dns) for the cluster.
kubedns
Selects Kube DNS as the DNS provider for the cluster.
--cluster-dns-domain=CLUSTER_DNS_DOMAIN
DNS domain for this cluster. The default value is cluster.local.
This is configurable when --cluster-dns=clouddns and
--cluster-dns-scope=vpc are set. The value must be a valid DNS
subdomain as defined in RFC 1123.
--cluster-dns-scope=CLUSTER_DNS_SCOPE
DNS scope for the Cloud DNS zone created - valid only with
--cluster-dns=clouddns. Defaults to cluster.
CLUSTER_DNS_SCOPE must be one of:
cluster
Configures the Cloud DNS zone to be private to the cluster.
vpc
Configures the Cloud DNS zone to be private to the VPC Network.
Flags for Binary Authorization:
--binauthz-policy-bindings=[name=BINAUTHZ_POLICY,...]
@ -716,8 +746,8 @@ REQUIRED FLAGS
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE
Enable Binary Authorization for this cluster.
BINAUTHZ_EVALUATION_MODE must be one of: DISABLED, MONITORING,
MONITORING_AND_PROJECT_SINGLETON_POLICY_ENFORCE, POLICY_BINDINGS,
BINAUTHZ_EVALUATION_MODE must be one of: DISABLED,
POLICY_BINDINGS,
POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE,
PROJECT_SINGLETON_POLICY_ENFORCE.
@ -863,35 +893,6 @@ REQUIRED FLAGS
$ gcloud beta container clusters update example-cluster \
--resource-usage-bigquery-dataset=example_bigquery_dataset_name
ClusterDNS
--cluster-dns=CLUSTER_DNS
DNS provider to use for this cluster. CLUSTER_DNS must be one of:
clouddns
Selects Cloud DNS as the DNS provider for the cluster.
default
Selects the default DNS provider (kube-dns) for the cluster.
kubedns
Selects Kube DNS as the DNS provider for the cluster.
--cluster-dns-domain=CLUSTER_DNS_DOMAIN
DNS domain for this cluster. The default value is cluster.local.
This is configurable when --cluster-dns=clouddns and
--cluster-dns-scope=vpc are set. The value must be a valid DNS
subdomain as defined in RFC 1123.
--cluster-dns-scope=CLUSTER_DNS_SCOPE
DNS scope for the Cloud DNS zone created - valid only with
--cluster-dns=clouddns. Defaults to cluster.
CLUSTER_DNS_SCOPE must be one of:
cluster
Configures the Cloud DNS zone to be private to the cluster.
vpc
Configures the Cloud DNS zone to be private to the VPC Network.
--dataplane-v2-observability-mode=DATAPLANE_V2_OBSERVABILITY_MODE
Select Advanced Datapath Observability mode for the cluster. Defaults
to DISABLED.

View file

@ -3,10 +3,7 @@ NAME
SYNOPSIS
gcloud beta container fleet create [--async] [--display-name=DISPLAY_NAME]
[--labels=[KEY=VALUE,...]]
[--security-posture=SECURITY_POSTURE
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
[GCLOUD_WIDE_FLAG ...]
[--labels=[KEY=VALUE,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) This command can fail for the following reasons:
@ -39,26 +36,6 @@ FLAGS
contain only hyphens (-), underscores (_), lowercase characters, and
numbers.
Default cluster configurations to apply across the fleet.
Security posture config.
--security-posture=SECURITY_POSTURE
To apply basic security posture to the clusters of the fleet,
$ gcloud beta container fleet create --security-posture=basic
SECURITY_POSTURE must be one of: disabled, basic, enterprise.
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
To apply basic vulnerability scanning to the clusters of the fleet,
$ gcloud beta container fleet create \
--workload-vulnerability-scanning=disabled
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, basic,
enterprise.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -4,10 +4,10 @@ NAME
SYNOPSIS
gcloud beta container fleet memberships generate-gateway-rbac
[--anthos-support] [--apply] [--context=CONTEXT]
[--kubeconfig=KUBECONFIG] [--membership=MEMBERSHIP]
(--anthos-support | --groups=GROUPS | --users=USERS) [--apply]
[--context=CONTEXT] [--kubeconfig=KUBECONFIG] [--membership=MEMBERSHIP]
[--rbac-output-file=RBAC_OUTPUT_FILE] [--revoke] [--role=ROLE]
[--users=USERS] [GCLOUD_WIDE_FLAG ...]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) gcloud beta container fleet memberships generate-gateway-rbac
@ -85,11 +85,31 @@ EXAMPLES
--role=clusterrole/cluster-admin --context=my-cluster-context \
--kubeconfig=/home/user/custom_kubeconfig --apply
FLAGS
--anthos-support
If specified, this command will generate RBAC policy file for anthos
support.
The groups can be provided as a Google identity (only email) or an external
identity (starting with "principalSet://iam.googleapis.com"):
$ gcloud beta container fleet memberships generate-gateway-rbac \
--membership=my-cluster \
--groups=group@example.com,principalSet://iam.googleapis.com/\
locations/global/workforcePools/pool/group/ExampleGroup \
--role=clusterrole/cluster-admin --context=my-cluster-context \
--kubeconfig=/home/user/custom_kubeconfig --apply
REQUIRED FLAGS
Exactly one of these must be specified:
--anthos-support
If specified, this command will generate RBAC policy file for anthos
support.
--groups=GROUPS
Group email address or third-party IAM group principal.
--users=USERS
User's email address, service account email address, or third-party
IAM subject principal.
OPTIONAL FLAGS
--apply
If specified, this command will generate RBAC policy and apply to the
specified cluster.
@ -120,9 +140,6 @@ FLAGS
--role=ROLE
Namespace scoped role or cluster role.
--users=USERS
User's email address or service account email address.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -4,10 +4,7 @@ NAME
SYNOPSIS
gcloud beta container fleet update [--async] [--display-name=DISPLAY_NAME]
[--update-labels=[KEY=VALUE,...]]
[--clear-labels | --remove-labels=[KEY,...]]
[--security-posture=SECURITY_POSTURE
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
[GCLOUD_WIDE_FLAG ...]
[--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) This command can fail for the following reasons:
@ -61,26 +58,6 @@ FLAGS
silently ignored. If --update-labels is also specified then
--update-labels is applied first.
Default cluster configurations to apply across the fleet.
Security posture config.
--security-posture=SECURITY_POSTURE
To apply basic security posture to the clusters of the fleet,
$ gcloud beta container fleet update --security-posture=basic
SECURITY_POSTURE must be one of: disabled, basic, enterprise.
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
To apply basic vulnerability scanning to the clusters of the fleet,
$ gcloud beta container fleet update \
--workload-vulnerability-scanning=disabled
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, basic,
enterprise.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -3,10 +3,7 @@ NAME
SYNOPSIS
gcloud beta container hub create [--async] [--display-name=DISPLAY_NAME]
[--labels=[KEY=VALUE,...]]
[--security-posture=SECURITY_POSTURE
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
[GCLOUD_WIDE_FLAG ...]
[--labels=[KEY=VALUE,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) This command can fail for the following reasons:
@ -39,26 +36,6 @@ FLAGS
contain only hyphens (-), underscores (_), lowercase characters, and
numbers.
Default cluster configurations to apply across the fleet.
Security posture config.
--security-posture=SECURITY_POSTURE
To apply basic security posture to the clusters of the fleet,
$ gcloud beta container hub create --security-posture=basic
SECURITY_POSTURE must be one of: disabled, basic, enterprise.
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
To apply basic vulnerability scanning to the clusters of the fleet,
$ gcloud beta container hub create \
--workload-vulnerability-scanning=disabled
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, basic,
enterprise.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -4,10 +4,10 @@ NAME
SYNOPSIS
gcloud beta container hub memberships generate-gateway-rbac
[--anthos-support] [--apply] [--context=CONTEXT]
[--kubeconfig=KUBECONFIG] [--membership=MEMBERSHIP]
(--anthos-support | --groups=GROUPS | --users=USERS) [--apply]
[--context=CONTEXT] [--kubeconfig=KUBECONFIG] [--membership=MEMBERSHIP]
[--rbac-output-file=RBAC_OUTPUT_FILE] [--revoke] [--role=ROLE]
[--users=USERS] [GCLOUD_WIDE_FLAG ...]
[GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) gcloud beta container hub memberships generate-gateway-rbac
@ -85,11 +85,31 @@ EXAMPLES
--role=clusterrole/cluster-admin --context=my-cluster-context \
--kubeconfig=/home/user/custom_kubeconfig --apply
FLAGS
--anthos-support
If specified, this command will generate RBAC policy file for anthos
support.
The groups can be provided as a Google identity (only email) or an external
identity (starting with "principalSet://iam.googleapis.com"):
$ gcloud beta container hub memberships generate-gateway-rbac \
--membership=my-cluster \
--groups=group@example.com,principalSet://iam.googleapis.com/\
locations/global/workforcePools/pool/group/ExampleGroup \
--role=clusterrole/cluster-admin --context=my-cluster-context \
--kubeconfig=/home/user/custom_kubeconfig --apply
REQUIRED FLAGS
Exactly one of these must be specified:
--anthos-support
If specified, this command will generate RBAC policy file for anthos
support.
--groups=GROUPS
Group email address or third-party IAM group principal.
--users=USERS
User's email address, service account email address, or third-party
IAM subject principal.
OPTIONAL FLAGS
--apply
If specified, this command will generate RBAC policy and apply to the
specified cluster.
@ -120,9 +140,6 @@ FLAGS
--role=ROLE
Namespace scoped role or cluster role.
--users=USERS
User's email address or service account email address.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,

View file

@ -4,10 +4,7 @@ NAME
SYNOPSIS
gcloud beta container hub update [--async] [--display-name=DISPLAY_NAME]
[--update-labels=[KEY=VALUE,...]]
[--clear-labels | --remove-labels=[KEY,...]]
[--security-posture=SECURITY_POSTURE
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING]
[GCLOUD_WIDE_FLAG ...]
[--clear-labels | --remove-labels=[KEY,...]] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
(BETA) This command can fail for the following reasons:
@ -61,26 +58,6 @@ FLAGS
silently ignored. If --update-labels is also specified then
--update-labels is applied first.
Default cluster configurations to apply across the fleet.
Security posture config.
--security-posture=SECURITY_POSTURE
To apply basic security posture to the clusters of the fleet,
$ gcloud beta container hub update --security-posture=basic
SECURITY_POSTURE must be one of: disabled, basic, enterprise.
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING
To apply basic vulnerability scanning to the clusters of the fleet,
$ gcloud beta container hub update \
--workload-vulnerability-scanning=disabled
WORKLOAD_VULNERABILITY_SCANNING must be one of: disabled, basic,
enterprise.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,