Skip to content

Latest commit

 

History

History

samples

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
LICENSE
LICENSE
 
 
NOTICE
NOTICE
 
 
README.md
README.md
 
 
disable_kubernetes_dashboard.yaml
disable_kubernetes_dashboard.yaml
 
 
disable_legacy_abac.yaml
disable_legacy_abac.yaml
 
 
enable_cloud_logging.yaml
enable_cloud_logging.yaml
 
 
enable_cos_node_pools.yaml
enable_cos_node_pools.yaml
 
 
enable_cost_allocation.yaml
enable_cost_allocation.yaml
 
 
enable_gke_security_posture.yaml
enable_gke_security_posture.yaml
 
 
enable_shielded_nodes.yaml
enable_shielded_nodes.yaml
 
 
enforce_gke_auto_upgrade.yaml
enforce_gke_auto_upgrade.yaml
 
 
enforce_gke_release_channel.yaml
enforce_gke_release_channel.yaml
 
 
require_master_authorized_networks.yaml
require_master_authorized_networks.yaml
 
 
require_workload_identity.yaml
require_workload_identity.yaml
 
 

README.md

GKE Custom Org Policy

Description

The Google Cloud Organization Policy gives you centralized, programmatic control over your organization's resources. As the organization policy administrator, you can define an organization policy, which is a set of restrictions called constraints that apply to Google Cloud resources and descendants of those resources in the Google Cloud resource hierarchy. You can enforce organization policies at at the organization, folder, or project level.

Usage

Create a custom organization constraint:

gcloud org-policies set-custom-constraint gke_custom_constraint.yaml

Enforce the custom organization policy on project level:

name: projects/${PROJECT_ID}/policies/${CUSTOM_ORG_CONSTRAINT_NAME}
spec:
  rules:
  - enforce: true

gcloud org-policies set-policy gke_custom_org_policy.yaml

For more information visit:

https://cloud.google.com/kubernetes-engine/docs/how-to/custom-org-policies