- NAME
-
- gcloud container hub update - update a fleet
- SYNOPSIS
-
-
gcloud container hub update[--async] [--display-name=DISPLAY_NAME] [--update-labels=[KEY=VALUE, …]] [--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE--binauthz-policy-bindings=[name=BINAUTHZ_POLICY]--security-posture=SECURITY_POSTURE--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING] [--clear-labels|--remove-labels=[KEY, …]] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
- This command can fail for the following reasons:
- The project specified does not exist.
- The project specified already has a fleet.
- The active account does not have permission to access the given project.
- EXAMPLES
- To update the display name of the fleet in project
example-foo-bar-1toupdated-name, run:gcloud container hub update --display-name = updated-name --project = example-foo-bar-1 - FLAGS
-
-
--async - Return immediately, without waiting for the operation in progress to complete.
-
--display-name=DISPLAY_NAME - Display name of the fleet to be created (optional). 4-30 characters, alphanumeric and [ '"!-] only.
-
--update-labels=[KEY=VALUE,…] - List of label KEY=VALUE pairs to update. If a label exists, its value is
modified. Otherwise, a new label is created.
Keys must start with a lowercase character and contain only hyphens (
-), underscores (_), lowercase characters, and numbers. Values must contain only hyphens (-), underscores (_), lowercase characters, and numbers. - Default cluster configurations to apply across the fleet.
- Binary Authorization config.
-
--binauthz-evaluation-mode=BINAUTHZ_EVALUATION_MODE - Configure binary authorization mode for clusters to onboard the fleet,
gcloud container hub update --binauthz-evaluation-mode = policy-bindingsBINAUTHZ_EVALUATION_MODEmust be one of:disabled,policy-bindings. -
--binauthz-policy-bindings=[name=BINAUTHZ_POLICY] - The relative resource name of the Binary Authorization policy to audit and/or
enforce. GKE policies have the following format:
projects/{project_number}/platforms/gke/policies/{policy_id}. - Security posture config.
-
--security-posture=SECURITY_POSTURE - To apply standard security posture to clusters in the fleet,
gcloud container hub update --security-posture = standardSECURITY_POSTUREmust be one of:disabled,standard,enterprise. -
--workload-vulnerability-scanning=WORKLOAD_VULNERABILITY_SCANNING - To apply standard vulnerability scanning to clusters in the fleet,
gcloud container hub update --workload-vulnerability-scanning = standardWORKLOAD_VULNERABILITY_SCANNINGmust be one of:disabled,standard,enterprise. - At most one of these can be specified:
-
--clear-labels - Remove all labels. If
--update-labelsis also specified then--clear-labelsis applied first.For example, to remove all labels:
gcloud container hub update --clear-labelsTo remove all existing labels and create two new labels,
foobazgcloud container hub update --clear-labels --update-labels foo = bar,baz = qux -
--remove-labels=[KEY,…] - List of label keys to remove. If a label does not exist it is silently ignored.
If
--update-labelsis also specified then--update-labelsis applied first.
-
-
- GCLOUD WIDE FLAGS
- These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
- These variants are also available:
gcloud alpha container hub updategcloud beta container hub update
gcloud container hub update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License , and code samples are licensed under the Apache 2.0 License . For details, see the Google Developers Site Policies . Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-05-27 UTC.
