Question 1

How to install GKE Policy Automation on a Mac?

Accepted Answer

Download the binary tarball from the GitHub releases page, extract it, and run the executable. Alternatively, use the Docker image or install via Krew plugin for kubectl integration.

Question 2

What IAM roles are needed for GKE Policy Automation?

Accepted Answer

The minimum role is 'roles/container.clusterViewer' on cluster projects. Additional roles may be required for outputs like Pub/Sub or Security Command Center, as detailed in the authentication guide.

Question 3

How to add custom policies to GKE Policy Automation?

Accepted Answer

Specify a custom Git repository using the '--git-policy-repo' flag or config file. Policies must be written in RegO and placed in the designated directory, following the policy authoring guide for structure.

Question 4

GKE Policy Automation vs Kubernetes-native tools like OPA Gatekeeper?

Accepted Answer

GKE Policy Automation is tailored for GKE with built-in best practices and scalability checks, while OPA Gatekeeper is a generic policy engine for any Kubernetes cluster. Choose based on need for GKE-specific features versus broader platform support.

Question 5

How to set up automated checks with Cloud Scheduler?

Accepted Answer

Use the provided Terraform solution in the repository to deploy Cloud Scheduler and Cloud Run jobs. This automates periodic evaluations by scheduling the tool to run at defined intervals without managing infrastructure.

Question 6

Can GKE Policy Automation work without Google Cloud Monitoring?

Accepted Answer

For scalability checks, it requires metrics from Cloud Monitoring or a self-managed Prometheus setup. Best practices checks can use GKE API directly, but full functionality depends on GCP services.

Question 7

How to output results to Slack?

Accepted Answer

The tool doesn't have direct Slack output. Publish results to Pub/Sub and use a Cloud Function or similar service to forward messages to Slack, integrating it into your notification pipeline.

GKE Policy Automation

What is GKE Policy Automation?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions