This page shows you how to disable Policy Controller. If you want to uninstall Policy Controller instead of temporarily disabling it, see Uninstalling Policy Controller.
If Policy Controller is causing issues in your cluster, you can temporarily disable the webhook.
gcloud Policy Controller
To suspend Policy Controller, run the following command:
gcloud container fleet policycontroller suspend \
--memberships=MEMBERSHIP_NAME
Replace MEMBERSHIP_NAME with the membership name of
the registered cluster to disable Policy Controller on. You can specify multiple
memberships separated by a comma.
gcloud ConfigManagement
To suspend Policy Controller, run the following command:
kubectl edit validatingwebhookconfigurations.admissionregistration.k8s.io gatekeeper-validating-webhook-configuration
Delete the webhooks field and everything underneath it and remove the
policycontroller.configmanagement.gke.io/managed-by-operator label if it
exists.
You can then re-enable Policy Controller. This will cause the operator to regenerate the webhook configuration, which will reconfigure the API server to use Policy Controller as an admission webhook.
gcloud Policy Controller
To re-enable Policy Controller, run the following command:
gcloud container fleet policycontroller enable \
--memberships=MEMBERSHIP_NAME
gcloud ConfigManagement
To re-enable Policy Controller, run the following command:
kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io gatekeeper-validating-webhook-configuration