Install Anthos Config Management

This page provides an overview of the different ways to install and configure Anthos Config Management's components: Config Sync, Policy Controller, and Config Controller.

Choose which Anthos Config Management components to use

Config Sync, Policy Controller, and Config Controller are designed to work together. However, you can install each as a standalone product or install a sub-set of components. For example, you might want to install only Config Sync to continuously sync your cluster configurations with a Git repository. Or you might want to install Config Controller to get the full benefit of a GitOps workflow because it also includes Policy Controller and Config Sync.

The following pages show you the different ways that you can set up and configure individual components:

The following quickstarts show you different ways to install Anthos Config Management components:

Anthos Config Management supported platforms and versions

Config Sync, Policy Controller, and Config Controller are available for Anthos. To learn more, see Pricing.

For Anthos Config Management versioning and upgrade compatibility information, see Anthos version and upgrade support.

Anthos Config Management role-based access controls (RBAC) and permissions

Anthos Config Management includes highly-privileged workloads. The following table lists permissions for these workloads:

Component Namespace Service Account Permissions Description
Config Management Operator config-management-system config-management-operator cluster-admin Config Management Operator installs the other components in this table. Some of those components require cluster-admin permissions, so Config Management Operator requires them as well.
Policy Controller gatekeeper-system See the Open Policy Agent Gatekeeper documentation for workload permissions.
Config Sync config-management-system See Config Sync permissions for required permissions.

Anthos Config Management resource requests

The following table lists Kubernetes resource requirements for Anthos Config Management components for each supported version.

1.16

Component CPU Memory
Config Management Operator 100 m 100 Mi
Policy Controller 100 m 256 Mi
Config Sync 330 m + 80 m * (number of RootSync and RepoSync objects) 850 Mi + 600 Mi * (number of RootSync and RepoSync objects)

1.15

Component CPU Memory
Config Management Operator 100 m 100 Mi
Policy Controller 100 m 256 Mi
Config Sync 330 m + 80 m * (number of RootSync and RepoSync objects) 850 Mi + 600 Mi * (number of RootSync and RepoSync objects)

1.14

Component CPU Memory
Config Management Operator 100 m 100 Mi
Policy Controller 100 m 256 Mi
Config Sync 330 m + 80 m * (number of RootSync and RepoSync objects) 850 Mi + 600 Mi * (number of RootSync and RepoSync objects)

For a breakdown of Config Sync resource requests by component, see Resource requests in the Config Sync installation page.

What's next