You can set deployment-level configurations for Policy Controller that override resource requirements and configure parameters for high availability.
To get a list of all configuration options, run
gcloud container fleet policycontroller deployment set --help
.
The commands on this page use the --all-memberships
flag to apply a configuration
to all clusters registered to a fleet. To apply a command to a single, registered
cluster instead, use --membership=MEMBERSHIP_NAME
,
replacing MEMBERSHIP_NAME
with the membership name of the
registered cluster.
Configure replica counts
You can configure your Policy Controller deployments for a
ReplicaSet
by setting a replica count.
To set a replica count, run the following command:
gcloud container fleet policycontroller deployment set DEPLOYMENT_TYPE replica-count QUANTITY \
--all-memberships
Replace the following:
DEPLOYMENT_TYPE
: the deployment type that you want to set a replica count for. The value is eithermutation
oradmission
.QUANTITY
: the number of replicas that you want to set, for example 3.
To remove a replica count, run the following command:
gcloud container fleet policycontroller deployment remove DEPLOYMENT_TYPE replica-count \
--all-memberships
Replace DEPLOYMENT_TYPE
with the deployment type that you're
removing the replicas from. This value is either mutation
or admission
.
Set resource requirements
You can specify limits and requests for memory and CPU.
Set memory limits and requests
To set a memory limit, run the following command:
gcloud container fleet policycontroller deployment set DEPLOYMENT_TYPE memory-limit QUANTITY \
--all-memberships
Replace the following:
DEPLOYMENT_TYPE
: the deployment type that you want to set a memory limit on. One of the following values:audit
,mutation
, oradmission
.QUANTITY
: the quantity that you want to set with a quantity suffix, for example 4Gi.
To set a memory request, run the following command:
gcloud container fleet policycontroller deployment set DEPLOYMENT_TYPE memory-request QUANTITY \
--all-memberships
Replace the following:
DEPLOYMENT_TYPE
: the deployment type that you want to set a memory request on. One of the following values:audit
,mutation
, oradmission
.QUANTITY
: the quantity that you want to set with a quantity suffix, for example 2Gi.
Set CPU limits and requests
To set a CPU limit, run the following command:
gcloud container fleet policycontroller deployment set DEPLOYMENT_TYPE cpu-limit QUANTITY \
--all-memberships
Replace the following:
DEPLOYMENT_TYPE
: the deployment type that you want to set a CPU limit on. One of the following values:audit
,mutation
, oradmission
.QUANTITY
: the CPU quantity that you want to set, for example 500m.
To set a CPU request, run the following command:
gcloud container fleet policycontroller deployment set DEPLOYMENT_TYPE cpu-request QUANTITY \
--all-memberships
Replace the following:
DEPLOYMENT_TYPE
: the deployment type that you want to set a CPU request on. One of the following values:audit
,mutation
, oradmission
.QUANTITY
: the quantity that you want to set, for example 250m.
Remove limits and requests
To remove a configuration, run the following command:
gcloud container fleet policycontroller deployment remove DEPLOYMENT_TYPE RESOURCE_TYPE \
--all-memberships
Replace the following:
DEPLOYMENT_TYPE
: the deployment type that you're removing the request or limit on. One of the following values:audit
,mutation
, oradmission
.RESOURCE_TYPE
: the resource type that you want to remove. One of the following values:memory-limit
,memory-request
,cpu-limit
,cpu-request
.
Configure tolerations
You can set tolerations on your Policy Controller deployments.
You can set a toleration with one of the following methods:
To set a toleration with a key, run the following command:
gcloud container fleet policycontroller deployment set admission toleration KEY \ --all-memberships
Replace
KEY
with your key value, for examplekey1
.To set a toleration with a key and value, run the following command:
gcloud container fleet policycontroller deployment set admission toleration KEY=VALUE \ --all-memberships
Replace the following:
KEY
: your key value, for examplekey1
.VALUE
: your key value, for examplevalue1
.
To set a toleration with a key and value, and the effect
NoSchedule
, run the following command:gcloud container fleet policycontroller deployment set admission toleration KEY=VALUE \ --all-memberships \ --effect=NoSchedule
Replace the following:
KEY
: your key value, for examplekey1
.VALUE
: your key value, for examplevalue1
.
If you need to edit a toleration, you must remove the existing toleration and then
set a new toleration with one of the previous commands. To remove a toleration,
run the previous command with remove
instead of set
, for example:
gcloud container fleet policycontroller deployment remove admission toleration KEY=VALUE \
--all-memberships
Configure affinity
You can set pod affinity on your Policy Controller deployments. The available settings are anti
(corresponding to anti-affinity) and none
(corresponding to no-affinity). For the admissions
deployment, anti
is the default. For all other deployments, none
is the default.
To set pod anti-affinity, run the following command:
gcloud container fleet policycontroller deployment set mutation pod-affinity anti \
--all-memberships
To remove pod affinity, run the following command:
gcloud container fleet policycontroller deployment set mutation pod-affinity none \
--all-memberships