This page describes how Anthos Config Management reads configs from a Git repository called the repo and applies the resulting configuration to your clusters automatically.
Prerequisites
- Be familiar with Git repositories and the
git
command-line interface. - Be familiar with the Kubernetes objects you want to configure and their required and optional fields.
Structure of the repo
Anthos Config Management takes advantage of Git's filesystem-like structure, and uses it to determine which clusters or namespaces a config is relevant to.
namespaces/
The namespaces/
directory contains configs for namespaces and namespace-scoped
objects. The structure within namespaces/
is the mechanism that drives
namespace inheritance.
See that topic for details.
cluster/
The cluster/
directory contains configs that apply to entire clusters, rather
than to namespaces. By default, any config in the cluster/
directory applies
to every cluster enrolled in Anthos Config Management. You can limit which
clusters a config can affect by using a
ClusterSelector.
clusterregistry/
The clusterregistry/
directory is optional, and contains configs for
ClusterSelectors.
ClusterSelectors limit which clusters a config applies to, and are referenced in
configs found in the cluster/
and namespaces/
directories.
system/
The system/
directory contains configs for the Operator. See
Installing Anthos Config Management
for more information on configuring Anthos Config Management.
Example repo
The example repo illustrates the structure of a repo.
Notice the nested abstract namespace directories online/
and
shipping-app-backend/
within namespaces/
. They are abstract namespace
directories because they do not directly contain a config for a namespace.
foo-corp
├── cluster
│ ├── namespace-reader-clusterrolebinding.yaml
│ ├── namespace-reader-clusterrole.yaml
│ ├── pod-creator-clusterrole.yaml
│ └── pod-security-policy.yaml
├── clusterregistry
│ ├── cluster-1.yaml
│ ├── cluster-2.yaml
│ ├── clusterselector-1.yaml
│ └── clusterselector-2.yaml
├── namespaces
│ ├── audit
│ │ └── namespace.yaml
│ ├── online
│ │ └── shipping-app-backend
│ │ ├── pod-creator-rolebinding.yaml
│ │ ├── quota.yaml
│ │ ├── shipping-dev
│ │ │ ├── job-creator-rolebinding.yaml
│ │ │ ├── job-creator-role.yaml
│ │ │ ├── namespace.yaml
│ │ │ └── quota.yaml
│ │ ├── shipping-prod
│ │ │ └── namespace.yaml
│ │ └── shipping-staging
│ │ └── namespace.yaml
│ ├── sre-rolebinding.yaml
│ ├── sre-supported-selector.yaml
│ └── viewers-rolebinding.yaml
└── system
└── hierarchy-config.yaml
What's next
- Learn more about using the repo
- Create a config
- Learn how to manage namespaces and namespace-scoped objects
- Create a constraint