Stop Policy Controller

This page shows you how to disable Policy Controller. If you want to uninstall Policy Controller instead of temporarily disabling it, see Uninstalling Policy Controller.

If Policy Controller is causing issues in your cluster, you can temporarily disable the webhook.

gcloud Policy Controller

To suspend Policy Controller, run the following command:

gcloud container fleet policycontroller suspend \
    --memberships=MEMBERSHIP_NAME

Replace MEMBERSHIP_NAME with the membership name of the registered cluster to disable Policy Controller on. You can specify multiple memberships separated by a comma.

gcloud ConfigManagement

To suspend Policy Controller, run the following command:

kubectl edit validatingwebhookconfigurations.admissionregistration.k8s.io gatekeeper-validating-webhook-configuration

Delete the webhooks field and everything underneath it and remove the policycontroller.configmanagement.gke.io/managed-by-operator label if it exists.

You can then re-enable Policy Controller. This will cause the operator to regenerate the webhook configuration, which will reconfigure the API server to use Policy Controller as an admission webhook.

gcloud Policy Controller

To re-enable Policy Controller, run the following command:

gcloud container fleet policycontroller enable \
  --memberships=MEMBERSHIP_NAME

gcloud ConfigManagement

To re-enable Policy Controller, run the following command:

kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io gatekeeper-validating-webhook-configuration

What's next