Config Controller overview

Config Controller is a hosted service to provision and orchestrate Anthos and Google Cloud resources. It offers an API endpoint that can provision, actuate, and orchestrate Google Cloud resources as part of Anthos Config Management.

Config Controller leverages Config Connector, which maps resources using the Kubernetes Resource Model (KRM) to their Google Cloud counterparts by making the necessary Google Cloud API calls. It also includes Config Sync that connects to a Git repository, making configuration changes as easy as git push. Finally, it comes with Policy Controller, which lets you author custom policies to enforce the security and compliance of your resource configurations. You can see how Config Controller works in the following diagram:

image

Config Controller lets you define and operate with a simple, declarative configuration in Kubernetes style. This configuration approach provides a number of benefits:

  • Simplify management: Leverage the tools and workflows for Kubernetes to manage Anthos and Google Cloud resources.
  • Declare desired state: Focus on what your resources look like rather than the specifics of how they are created.
  • Automatically detect and repair drift: Continuously monitor your infrastructure for drift from the desired state and enable automatic repairs.
  • Consistency with GitOps: Collaborate with your colleagues on potential changes and preview modifications before they are made.
  • Enforce policy guardrails: Enforce policies earlier in the development cycle and detect violations before they are deployed.
  • Audit continuously: Maintain an audit trail of all changes which can be used to understand the provenance of infrastructure.
  • Codifying best practices: Codify common patterns as blueprints that can be rolled out across your organization.
  • Increase velocity: Improve the safety and velocity of your cloud adoption journey by reusing existing best practices.

Managing Anthos and Google Cloud with your Kubernetes tools

Config Controller offers an API endpoint that works with existing Kubernetes tools to manage Anthos and Google Cloud resources. If you are already familiar with running workloads in Kubernetes, you can leverage your tooling, pipelines, and knowledge to manage Anthos and Google Cloud resources. You can even use Config Controller to create Google Kubernetes Engine (GKE) clusters using kubectl.

Focus on what you want, Config Controller takes care of the rest

Config Controller is powered by a Kubernetes API server that takes your configurations written in KRM. In this model, you can entirely focus on what your resources will look like rather than the specifics of how they are created. Config Controller reconciles resources to your desired state, and continuously monitors them for drift detection and automatic repairs. Because Config Controller is managed by Google, you get these benefits out of the box.

Consistency with GitOps

Config Controller comes with Config Sync that connects to a Git repository. Config Sync continuously reconciles the state of Config Controller with files stored in one or more Git repositories. This GitOps strategy lets you manage and deploy common configurations with a process that is auditable, transactional, reviewable, and version-controlled. It also enables collaboration with your colleagues on potential changes, and lets you preview modifications before they are made.

Policy guardrails and auditing

Config Controller comes with Policy Controller, which lets you create custom policies to enforce the security and compliance of your resource configurations. You can use these policies to actively block non-compliant API requests, or simply to audit the configuration of your resources and report violations.

What's next