1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-18 14:56:05 +00:00

gcloud: Wed Nov 19 10:58:36 UTC 2025

This commit is contained in:
Automated 2025-11-19 10:58:36 +00:00
parent e1ec13485a
commit 7b14250313
392 changed files with 17141 additions and 774 deletions

View file

@ -26,6 +26,7 @@ SYNOPSIS
[--enable-blue-green-upgrade] [--enable-confidential-nodes]
[--enable-confidential-storage] [--enable-gvnic]
[--enable-image-streaming] [--enable-insecure-kubelet-readonly-port]
[--enable-kernel-module-signature-enforcement]
[--enable-nested-virtualization] [--enable-private-nodes]
[--enable-queued-provisioning] [--enable-surge-upgrade] [--flex-start]
[--image-type=IMAGE_TYPE] [--labels=[KEY=VALUE,...]]
@ -308,6 +309,19 @@ FLAGS
To disable the readonly port on a cluster or node-pool set the flag to
--no-enable-insecure-kubelet-readonly-port.
--enable-kernel-module-signature-enforcement
Enforces that kernel modules are signed on all nodes in the node pool.
This setting overrides the cluster-level setting. For example, if the
cluster disables enforcement, you can enable enforcement only for a
specific node pool. When the policy is modified on an existing node
pool, nodes will be immediately recreated to use the new policy. Use
--no-enable-kernel-module-signature-enforcement to disable.
Examples:
$ gcloud container node-pools create node-pool-1 \
--enable-kernel-module-signature-enforcement
--enable-nested-virtualization
Enables the use of nested virtualization on the node pool. Defaults to
false. Can only be enabled on UBUNTU_CONTAINERD base image or

View file

@ -13,6 +13,7 @@ SYNOPSIS
| --containerd-config-from-file=PATH_TO_FILE
| --enable-confidential-nodes | --enable-gvnic
| --enable-image-streaming | --enable-insecure-kubelet-readonly-port
| --enable-kernel-module-signature-enforcement
| --enable-private-nodes | --enable-queued-provisioning
| --flex-start | --labels=[KEY=VALUE,...]
| --logging-variant=LOGGING_VARIANT
@ -137,6 +138,19 @@ REQUIRED FLAGS
To disable the readonly port on a cluster or node-pool set the flag
to --no-enable-insecure-kubelet-readonly-port.
--enable-kernel-module-signature-enforcement
Enforces that kernel modules are signed on all nodes in the node
pool. This setting overrides the cluster-level setting. For example,
if the cluster disables enforcement, you can enable enforcement only
for a specific node pool. When the policy is modified on an existing
node pool, nodes will be immediately recreated to use the new policy.
Use --no-enable-kernel-module-signature-enforcement to disable.
Examples:
$ gcloud container node-pools update node-pool-1 \
--enable-kernel-module-signature-enforcement
--enable-private-nodes
Enables provisioning nodes with private IP addresses only.