Policy Controller, Config Sync and Config Controller overview

Policy Controller, Config Sync, and Config Controller help continuously protect and configure your Google Cloud and Kubernetes resources as shown in the following diagram:

An overview of how Policy Controller, Config Sync, and Config Controller work together

Policy Controller, Config Sync, and Config Controller are available with a Google Kubernetes Engine (GKE) Enterprise edition license.

Policy Controller: Policy Controller enables the enforcement of fully programmable policies that represent constraints on the desired state. These policies act as "guardrails" and prevent configurations from violating security and compliance controls. You can use these policies to actively block non-compliant API requests, or simply to audit the configuration of your clusters and report violations. Policy Controller is built from the Open Policy Agent Gatekeeper project and comes with a full library of pre-built policies for common security and compliance controls.
Config Sync: Config Sync continuously reconciles your clusters to a central set of configurations that are stored in one or more Git repositories. This GitOps methodology lets you apply configuration consistently across clusters and environments with an auditable, transactional, and version-controlled deployment process.
Config Controller: Config Controller is a hosted service to provision and orchestrate Google Kubernetes Engine (GKE) Enterprise edition and Google Cloud resources. Config Controller offers an API endpoint that can provision, actuate, and orchestrate Google Cloud resources. Config Controller is a managed version of Config Connector.

What's next

Learn more about Policy Controller, Config Sync, and Config Controller.
Learn how to set up Config Controller.