You're viewing documentation for Anthos Config Management 1.3. This version has reached end of life and is no longer supported. View the latest documentation.

Repo overview

This page describes how Anthos Config Management reads configs from a Git repository called the repo and applies the resulting configuration to your clusters automatically.

Prerequisites

  • Be familiar with Git repositories and the git command-line interface.
  • Be familiar with the Kubernetes objects you want to configure and their required and optional fields.

Structure of the repo

Anthos Config Management takes advantage of Git's filesystem-like structure, and uses it to determine which clusters or namespaces a config is relevant to.

namespaces/

The namespaces/ directory contains configs for namespaces and namespace-scoped objects. The structure within namespaces/ is the mechanism that drives namespace inheritance. See that topic for details.

cluster/

The cluster/ directory contains configs that apply to entire clusters, rather than to namespaces. By default, any config in the cluster/ directory applies to every cluster enrolled in Anthos Config Management. You can limit which clusters a config can affect by using a ClusterSelector.

clusterregistry/

The clusterregistry/ directory is optional, and contains configs for ClusterSelectors. ClusterSelectors limit which clusters a config applies to, and are referenced in configs found in the cluster/ and namespaces/ directories.

system/

The system/ directory contains configs for the Operator. See Installing Anthos Config Management for more information on configuring Anthos Config Management.

Example repo

The example repo illustrates the structure of a repo.

Notice the nested abstract namespace directories online/ and shipping-app-backend/ within namespaces/. They are abstract namespace directories because they do not directly contain a config for a namespace.

foo-corp
├── cluster
│   ├── namespace-reader-clusterrolebinding.yaml
│   ├── namespace-reader-clusterrole.yaml
│   ├── pod-creator-clusterrole.yaml
│   └── pod-security-policy.yaml
├── clusterregistry
│   ├── cluster-1.yaml
│   ├── cluster-2.yaml
│   ├── clusterselector-1.yaml
│   └── clusterselector-2.yaml
├── namespaces
│   ├── audit
│   │   └── namespace.yaml
│   ├── online
│   │   └── shipping-app-backend
│   │       ├── pod-creator-rolebinding.yaml
│   │       ├── quota.yaml
│   │       ├── shipping-dev
│   │       │   ├── job-creator-rolebinding.yaml
│   │       │   ├── job-creator-role.yaml
│   │       │   ├── namespace.yaml
│   │       │   └── quota.yaml
│   │       ├── shipping-prod
│   │       │   └── namespace.yaml
│   │       └── shipping-staging
│   │           └── namespace.yaml
│   ├── sre-rolebinding.yaml
│   ├── sre-supported-selector.yaml
│   └── viewers-rolebinding.yaml
└── system
    └── hierarchy-config.yaml

What's next