show me how to enable a policy controller for a GKE cluster

To enable a policy controller for a GKE cluster, you first need to enable the Google Kubernetes Engine API, create a GKE cluster, and then activate the Policy Controller. The Pulumi GCP and Kubernetes SDKs can help us create this program.

Here's a simple Pulumi program that enables the Policy Controller on a GKE cluster:

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// Create a GCP provider
const gkeProvider = new gcp.Provider("google", {
  project: "your-project-id",
  region: "your-region"
});

// Create a GKE cluster
const cluster = new gcp.container.Cluster("gke-cluster", {
  initialNodeCount: 2,
  nodeConfig: {
    oauthScopes: [
      "https://www.googleapis.com/auth/compute",
      "https://www.googleapis.com/auth/devstorage.read_only",
      "https://www.googleapis.com/auth/logging.write",
      "https://www.googleapis.com/auth/monitoring"
    ],
    metadata: {
      disable-legacy-endpoints: "true"
    },
  },
  addonsConfig: {
    networkPolicyConfig: {
      disabled: false
    },
    configConnectorConfig: {
      enabled: true
    },
    policyControllerConfig: {
      enabled: true
    },
  },
}, { provider: gkeProvider });

pulumi.export("clusterName", cluster.name);

This program creates a GKE cluster with two nodes. Policy Controller and Config Connector are activated by enabling them in addonsConfig.

Remember to replace "your-project-id" and "your-region" with your Google Cloud Project ID and region. You'll also need to ensure that the Google Kubernetes Engine API is enabled in your GCP project.

See the @pulumi/gcp docs for more details, particularly container.Cluster.