You're viewing documentation for Anthos Config Management 1.3. You can continue using this version, or use the current version.

Repo overview

This page describes how Anthos Config Management reads configs from a Git repository called the repo and applies the resulting configuration to your clusters automatically.

Prerequisites

  • Be familiar with Git repositories and the git command-line interface.
  • Be familiar with the Kubernetes objects you want to configure and their required and optional fields.

Structure of the repo

Anthos Config Management takes advantage of Git's filesystem-like structure, and uses it to determine which clusters or namespaces a config is relevant to.

namespaces/

The namespaces/ directory contains configs for namespaces and namespace-scoped objects. The structure within namespaces/ is the mechanism that drives namespace inheritance. See that topic for details.

cluster/

The cluster/ directory contains configs that apply to entire clusters, rather than to namespaces. By default, any config in the cluster/ directory applies to every cluster enrolled in Anthos Config Management. You can limit which clusters a config can affect by using a ClusterSelector.

clusterregistry/

The clusterregistry/ directory is optional, and contains configs for ClusterSelectors. ClusterSelectors limit which clusters a config applies to, and are referenced in configs found in the cluster/ and namespaces/ directories.

system/

The system/ directory contains configs for the Operator. See Installing Anthos Config Management for more information on configuring Anthos Config Management.

Example repo

The example repo illustrates the structure of a repo.

Notice the nested abstract namespace directories online/ and shipping-app-backend/ within namespaces/. They are abstract namespace directories because they do not directly contain a config for a namespace.

foo-corp
├── cluster
│   ├── namespace-reader-clusterrolebinding.yaml
│   ├── namespace-reader-clusterrole.yaml
│   ├── pod-creator-clusterrole.yaml
│   └── pod-security-policy.yaml
├── clusterregistry
│   ├── cluster-1.yaml
│   ├── cluster-2.yaml
│   ├── clusterselector-1.yaml
│   └── clusterselector-2.yaml
├── namespaces
│   ├── audit
│   │   └── namespace.yaml
│   ├── online
│   │   └── shipping-app-backend
│   │       ├── pod-creator-rolebinding.yaml
│   │       ├── quota.yaml
│   │       ├── shipping-dev
│   │       │   ├── job-creator-rolebinding.yaml
│   │       │   ├── job-creator-role.yaml
│   │       │   ├── namespace.yaml
│   │       │   └── quota.yaml
│   │       ├── shipping-prod
│   │       │   └── namespace.yaml
│   │       └── shipping-staging
│   │           └── namespace.yaml
│   ├── sre-rolebinding.yaml
│   ├── sre-supported-selector.yaml
│   └── viewers-rolebinding.yaml
└── system
    └── hierarchy-config.yaml

What's next