ConfigManagement fields

This page explains the different fields that you can set in your ConfigManagement object. You can use this object when you are configuring the different components of Anthos Config Management using kubectl commands.

Configuration for the Git repository

If you are using a ConfigManagement object to configure your Git repository, we recommend that you migrate your ConfigManagement object. Migrating from a ConfigManagement object to a RootSync object enables the RootSync and RepoSync APIs. These APIs give you the ability to adopt additional features such as syncing to multiple repositories and syncing Kustomize and Helm configurations.

Key Description
spec.git.gcpServiceAccountEmail The Google Cloud service account used to annotate the RootSync or RepoSync controller's Kubernetes Service Account. This field is only used when spec.git.secretType is gcpserviceaccount.
spec.git.syncRepo The URL of the Git repository to use as the source of truth. Required.
spec.git.syncBranch The branch of the repository to sync from. Default: master.
spec.git.policyDir The path in the Git repository to the root directory that contains the configuration that you want to sync. Default: the root directory of the repository.
spec.git.syncWait The time duration between consecutive syncs. Default: 15s.
spec.git.syncRev Git revision (tag or hash) to check out. Default HEAD.
spec.git.secretType The type of secret configured for access to the Git repository. One of ssh, cookiefile, token, gcenode, gcpserviceaccount, or none. Required.
spec.sourceFormat The format of your Git repository. Can be unstructured or hierarchy. Default: hierarchy.

Proxy configuration for the Git repository

If your organization's security policies require you to route traffic through an HTTP(S) proxy, you can use the proxy's URI to configure Config Sync to communicate with your Git host. Proxy is only supported when using an authorization type of cookiefile, none, or token.

Key Description
spec.git.proxy.httpProxy Defines an HTTP_PROXY environment variable used to access the Git repository.
spec.git.proxy.httpsProxy Defines an HTTPS_PROXY environment variable used to access the Git repository.

If both the httpProxy and httpsProxy fields are specified, httpProxy is ignored.

Configuration for behavior of the ConfigManagement object

Key Description
spec.clusterName The user-defined name for the cluster used by ClusterSelectors to group clusters together. Unique within an Config Sync installation. You cannot configure this field in the console.

Configuration for integrations

These fields enable integration with different Anthos Config Management components.

Key Description
spec.policyController.enabled If true, enables Policy Controller. Defaults to false.
spec.policyController.templateLibraryInstalled If true, installs the constraint template library. Defaults to true.
spec.enableMultiRepo If true, enables the RootSync and RepoSync APIs. These APIs provide you with additional Config Sync features, such as syncing from multiple repositories. and syncing Kustomize and Helm configurations. Defaults to false.
spec.enableLegacyFields If true, enables the use of deprecated spec.git fields in the ConfigManagement while still using multi-repo mode. Setting this field automatically generates a RootSync resource on the cluster.
spec.preventDrift If true, enables the Config Sync admission webhook to prevent drifts by rejecting conflicting changes from being pushed to live clusters. Defaults to false. Config Sync always remediates drifts no matter the value of this field. This field is supported in Anthos Config Management version 1.10.0 and later.

Example ConfigManagement object

kind: ConfigManagement
  name: config-management
  clusterName: my-cluster
  enableMultiRepo: true