ConfigManagement fields
This page explains the different fields that you can set in your
ConfigManagement object. You can use this object when you are configuring
the different components of
Anthos Config Management using kubectl
commands.
Configuration for the Git repository
If you are using a ConfigManagement object to configure your Git repository,
we recommend that you
migrate your ConfigManagement object.
Migrating from a ConfigManagement object to a RootSync object enables the
RootSync and RepoSync APIs. These APIs give you the
ability to adopt additional features such as syncing to multiple repositories and
syncing Kustomize and Helm configurations.
| Key | Description |
|---|---|
spec.git.gcpServiceAccountEmail |
The Google Cloud service account used to annotate the RootSync or
RepoSync controller's Kubernetes Service Account. This field is only used
when spec.git.secretType is gcpserviceaccount. |
spec.git.syncRepo |
The URL of the Git repository to use as the source of truth. Required. |
spec.git.syncBranch |
The branch of the repository to sync from. Default: master. |
spec.git.policyDir |
The path in the Git repository to the root directory that contains the configuration that you want to sync. Default: the root directory of the repository. |
spec.git.syncWait |
The time duration between consecutive syncs. Default: 15s. |
spec.git.syncRev |
Git revision (tag or hash) to check out. Default HEAD. |
spec.git.secretType |
The type of secret configured for access to the Git repository. One of
ssh, cookiefile, token,
gcenode, gcpserviceaccount, or
none. Required. |
spec.sourceFormat |
The format of your Git repository. Can be
unstructured
or hierarchy.
Default: hierarchy. |
Proxy configuration for the Git repository
If your organization's security policies require you to route traffic through
an HTTP(S) proxy, you can use the proxy's URI to configure
Config Sync to communicate with your Git host. Proxy is only supported when
using an authorization type of cookiefile, none, or token.
| Key | Description |
|---|---|
spec.git.proxy.httpProxy |
Defines an HTTP_PROXY environment variable used to access the Git repository. |
spec.git.proxy.httpsProxy |
Defines an HTTPS_PROXY environment variable used to access the Git repository. |
If both the httpProxy and httpsProxy fields are specified, httpProxy is ignored.
Configuration for behavior of the ConfigManagement object
| Key | Description |
|---|---|
spec.clusterName |
The user-defined name for the cluster used by ClusterSelectors to group clusters together. Unique within an Config Sync installation. You cannot configure this field in the console. |
Configuration for integrations
These fields enable integration with different Anthos Config Management components.
| Key | Description |
|---|---|
spec.policyController.enabled |
If true, enables
Policy Controller.
Defaults to false. |
spec.policyController.templateLibraryInstalled |
If true, installs the constraint template library. Defaults
to true. |
spec.enableMultiRepo |
If true, enables the RootSync and RepoSync APIs. These APIs
provide you with additional Config Sync features, such as
syncing from multiple repositories.
and syncing Kustomize and Helm configurations.
Defaults to false. |
spec.enableLegacyFields |
If true, enables the use of deprecated
spec.git fields in the ConfigManagement while
still using multi-repo mode. Setting this field automatically generates a
RootSync resource on the cluster. |
spec.preventDrift |
If true, enables the Config Sync admission webhook to
prevent drifts
by rejecting conflicting changes from being pushed to live
clusters. Defaults to false.
Config Sync always remediates drifts no matter the value of this field.
This field is supported in Anthos Config Management version 1.10.0 and later. |
Example ConfigManagement object
apiVersion: configmanagement.gke.io/v1
kind: ConfigManagement
metadata:
name: config-management
spec:
clusterName: my-cluster
enableMultiRepo: true