How to check if PoDSecurityPolicy is enabled on a GKE cluster or not ? Using gcloud container clusters describe <clustername>, I could not find anything.
If I enable it on a cluster where this plugin is already enabled, it displays that the plugin has been enabled so there is no way actually to know that if plugin is already enabled on a cluster
$ gcloud beta container clusters update mycluster --enable-pod-security-policy --zone us-east1-c
Updating podsecpolicy-poc...done.
Updated [https://container.googleapis.com/v1beta1/projects/<project>/zones/us-east1-c/clusters/mycluster].
Since PodSecurityPolicy is still a beta feature in GKE, it can only be accessed by GKE beta API. To check if PodSecurityPolicy controller is enabled on your GKE cluster, run:
$ gcloud beta container clusters describe <cluster-name> --zone=<zone> --format json | jq '.podSecurityPolicyConfig'
Sample command with its result:
$ gcloud beta container clusters describe my-gke-cluster --zone=europe-west4-c --format json | jq '.podSecurityPolicyConfig'
{
"enabled": true
}
When PodSecurityPolicy is not enabled on GKE cluster, the above query returns:
null
as there is no podSecurityPolicyConfig section available. You can also serch for it with grep. If PodSecurityPolicy is enabled, the result will look as follows:
$ gcloud beta container clusters describe my-gke-cluster --zone=europe-west4-c | grep -iA 1 podsecuritypolicy
podSecurityPolicyConfig:
enabled: true
If it is not, you won't find this section at all.