Container Security Day: Building trust in your software supply chain. Register now and join us live on July 29th.

Anthos Config Management

Automate policy and security at scale for your hybrid and multi-cloud Kubernetes deployments.

View documentation for this product.

Man in front of laptop with lines connecting to gears, security lock, and data dashboard


Enabling rapid and secure application development can be challenging for administrators working across a hybrid and multi-cloud container environment. With Anthos Config Management, you can create a common configuration across all your infrastructure, including custom policies, and apply it both on-premises and across clouds. Anthos Config Management evaluates changes and rolls them out to all Kubernetes clusters so that your desired state is always reflected.
Blue circle icon with a stack of documents, the Kubernetes product icon, and a checkmark in foreground

Define and enforce policies across Kubernetes deployments

A central Git repository manages access-control policies like RBAC, resource quotas, and namespaces, both on-premises and in the cloud. Anthos Config Management is declarative; it continuously checks cluster state and applies the desired state to enforce policies.

Blue circle icon with blue security shield with person icon on it

Put security guardrails in place

Administrators need to create a consistent environment that offers security by default for developers. With Anthos Config Management, you can enable new teams to get started quickly, knowing that the desired cluster configurations have been applied.

Blue circle icon with cluster of connected nodes

Maintain control over cluster sprawl

As Kubernetes deployments grow, teams are adding more clusters for use cases like high availability, global coverage, and edge computing. But each new cluster means new overhead in managing a separate set of configurations. Anthos Config Management solves this problem by delivering a single, centralized place for multi-cluster management.


Define configs

Take advantage of a Git repository to create a common configuration that can be applied to the Kubernetes clusters in your fleet. You can manage configuration for any Kubernetes API, including policies for the Istio service mesh, resource quotas, and access control policies.

Enforce configs

Roll out configs to clusters all over the globe, ensuring that your desired state is quickly reflected and actively maintained.


Prevent pushing bad configurations with built-in validators that review every line of code for valid syntax and conformance with custom policies—before it gets to your repository.

Common configuration formats

Easily migrate existing definitions with native Kubernetes configuration formats, such as YAML or JSON, to store your multi-cluster policies.

Bring the power of source control to config management

Stage your configuration changes in separate branches, collaborate on code reviews, and easily revert clusters to their last healthy state.

Customize environments

Flexibly configure different policies for groups of clusters or namespaces. For example, you can apply different quota levels to staging versus production resources.

Apply custom rules

Write and apply custom rules not covered by native Kubernetes configuration objects to meet your organization’s unique security and compliance requirements. Custom rules allow you to inspect updates to your Anthos infrastructure and reject changes that don’t comply with your policies.

Active monitoring and auditing

Prevent configuration drift with continuous monitoring of your cluster state, using the declarative model to apply policies that enforce compliance. Continuously audit your Anthos environment to identify clusters that don’t follow your organization’s custom rules.

A single place for resource configuration

Manage the configuration of Google Cloud resources and services, like Cloud Storage or Identity and Access Management, from within Anthos Config Management through its Config Connector integration.

Learn more about Anthos

Take the next step

Start building on Google Cloud with $300 in free credits and 20+ always free products.

Need help getting started?
Work with a trusted partner
Continue browsing