Anthos Config Management

Automate policy and security at scale for Kubernetes clusters on-premises, on GKE, and on other public clouds.

Man in front of laptop with lines connecting to gears, security lock, and data dashboard

Overview

As companies expand the number of development and production clusters they use, creating and enforcing consistent configurations and security policies across a growing environment becomes difficult and creates friction. Anthos Config Management enables platform operators to automatically deploy shared environment configurations and enforce approved security policies across Kubernetes clusters on-premises, on GKE, and in other public cloud platforms. It also lets platform admins configure Google Cloud services using the same resource model.
Blue circle icon with a stack of documents, the Kubernetes product icon, and a checkmark in foreground

Secure and compliant

Anthos Config Management allows platform operators to reduce security risks by defining a fully customized set of governance controls and ensuring they are consistently applied across environments. Anthos Config Management also continuously monitors environments to ensure their desired configuration is in place and no violations of governance controls are present. 

Blue circle icon with blue security shield with person icon on it

Simplified and automated

Anthos Config Management gives your platform operators the tools they need to define, store, change, deploy, and enforce configuration and usage policies without deep Kubernetes expert skills and without having to build their own tools/templates from scratch using open source components.

Blue circle icon with cluster of connected nodes

Consistent and scalable

Anthos Configuration Management  ties together environments and provides an auditable, version-controlled system for managing the fleet-wide configuration that underpins a modern application platform. This enables multiple teams to innovate quickly within secure and properly configured environments provided at scale by the platform administrator.

Features

Policy Controller

Policy Controller enables the enforcement of fully programmable policies for your clusters. These policies act as "guardrails" and prevent any changes to the configuration of the Kubernetes API from violating security, operational, or compliance controls. 

Config Controller

Config Controller is a hosted service which brings you Config Connector, Config Sync, and Policy Controller for you and is available in Preview. Config Controller lets you manage more than 120 Google Cloud resources the same way you manage other Kubernetes resources, with continuous monitoring and self-healing.

Define configs

Take advantage of a Git repository to create a common configuration that can be applied to the Kubernetes clusters in your fleet. You can manage configuration for any Kubernetes API, including policies for the Istio service mesh, resource quotas, and access control policies.

Enforce configs

Roll out configs to clusters all over the globe, ensuring that your desired state is quickly reflected and actively maintained. Policy Controller comes with a full library of pre-built policies for common security and compliance controls.

Validation

Prevent pushing bad configurations with built-in validators that review every line of code for valid syntax and conformance with custom policies—before it gets to your repository.

Common configuration formats

Easily migrate existing definitions with native Kubernetes configuration formats, such as YAML or JSON, to store your multi-cluster policies.

Bring the power of source control to config management

Stage your configuration changes in separate branches, collaborate on code reviews, and easily revert clusters to their last healthy state.

Customize environments

Flexibly configure different policies for groups of clusters or namespaces. For example, you can apply different quota levels to staging versus production resources.

Apply custom rules

Write and apply custom rules not covered by native Kubernetes configuration objects to meet your organization’s unique security and compliance requirements. Custom rules allow you to inspect updates to your Anthos infrastructure and reject changes that don’t comply with your policies.

Active monitoring and auditing

Prevent configuration drift with continuous monitoring of your cluster state, using the declarative model to apply policies that enforce compliance. Continuously audit your Anthos environment to identify clusters that don’t follow your organization’s custom rules.

A single place for resource configuration

Manage the configuration of Google Cloud resources and services, like Cloud Storage or Identity and Access Management, from within Anthos Config Management through its Config Connector integration.

Pre-built policies

Policy Controller brings a ready-to-use library of pre-built policies for the most common security and compliance controls. You can establish a secure baseline easily without deep expertise and Anthos Config Management applies these policies across platforms.

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Need help getting started?
Work with a trusted partner
Continue browsing