Anthos Config Management overview

Anthos Config Management provides you with a suite of components. These components work together to help you ensure consistency for your configurations and policies across multi-cluster and hybrid Kubernetes environments. You can use each of the components included in Anthos Config Management independently, but the components are designed to work together.

Anthos Config Management provides a common, hosted interface for you to install, upgrade, and manage the set up of these on-cluster components as part of Google Cloud. By using the Connect Agent, you can associate clusters from multiple different environments, whether they are on-premises or in other public cloud providers. You can then use the Anthos Config Management service to manage your configurations and view a common dashboard that reports on the status of your clusters.

Anthos Config Management components

The following sections describe the different Anthos Config Management components.

Config Sync

Config Sync continuously reconciles the state of your clusters with a central set of configurations stored in one or more Git repositories. This feature lets you manage common configurations with an auditable, transactional, and version-controlled deployment process that can span hybrid or multi-cloud environments.

Learn how to Install Config Sync.

Policy Controller

Policy Controller enables the enforcement of fully programmable policies. You can use these policies to actively block non-compliant API requests, or simply to audit the configuration of your clusters and report violations. Policy Controller is based on the open source Open Policy Agent Gatekeeper project and comes with a full library of pre-built policies for common security and compliance controls.

Learn how to Install Policy Controller.

Binary Authorization

Binary Authorization is a deploy-time security control that ensures only trusted container images are deployed on your clusters. With Binary Authorization, you can require that images are signed by trusted authorities during the development process and then enforce signature validation when deploying. By enforcing validation, you can gain tighter control over your container environment by ensuring that only verified images are integrated into the build-and-release process.

Learn how to Install Binary Authorization.

Hierarchy Controller

Hierarchy Controller lets you create hierarchical namespaces. Hierarchical namespaces provide you with a mechanism to manage multiple namespaces from a common parent namespace for the purposes of delegated control or policy enforcement. Hierarchy Controller is based on the Hierarchical Namespace Controller (HNC), an open source project.

Learn how to Install Hierarchy Controller.

What's next