IssueTracker

This will create a public issue which anybody can view and comment on.

Please provide as much information as possible. At least, this should include a description of your issue and steps to reproduce the problem. If possible please provide a summary of what steps or workarounds you have already tried, and any docs or articles you found (un)helpful.

Problem you have encountered:

Google Cloud recently sent out an advisory to customers about disabling kubelet read-only port. That advisory also mentions "you can implement a custom org policy to prevent future use of this port on new and existing clusters. The customer is using IaC for configuring everything in his organisation.

For customers, using Google Cloud's recommended way for deploying their infrastructure called "FAST Framework", it is not allowing them to make the changes through "FAST Framework" because it does not support configuring custom policies.

What you expected to happen:

Adding the git FR for the reference shared by the customer for more details:

https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/discussions/2845#discussioncomment-11983687

[FR]: Custom organization policies #2845

Steps to reproduce: This can be done using Gcloud CLI and the Google Cloud Console but not through using "FAST Framework".

Other information (workarounds you have tried, documentation consulted, etc):

A Google Kubernetes Engine (GKE) advisory instructed customers to disable the insecure kubelet readonly port (10255) using a custom organization policy. However, the necessary insecureKubeletReadonlyPortEnabled field was missing from the policy's CEL definition. The fix was eventually rolled out, but customers using the "FAST Framework" still require alternative solutions.

Team kindly assist on the customer requirement or provide any feasible solution for better customer experience.

Thank you.