This page describes how Config Sync reads configs from a structured Git repository called the repo and applies the resulting configuration to your clusters automatically.
If you want more structural flexibility (for example, you want to create subfolders of resources) you can create a repo that does not follow this structure. For more information, see Creating an unstructured repo.
Prerequisites
- Be familiar with Git repositories and the
git
command-line interface. - Be familiar with the Kubernetes objects you want to configure and their required and optional fields.
Structure of the repo
Config Sync takes advantage of Git's filesystem-like structure, and uses it to determine which clusters or namespaces a config is relevant to.
namespaces/
The namespaces/
directory contains configs for namespaces and namespace-scoped
objects. The structure within namespaces/
is the mechanism that drives
namespace inheritance.
You can limit which namespaces can inherit a config, by using a
NamespaceSelector.
cluster/
The cluster/
directory contains configs that apply to entire clusters, rather
than to namespaces. By default, any config in the cluster/
directory applies
to every cluster enrolled in Config Sync. You can limit which
clusters a config can affect by using a
ClusterSelector.
clusterregistry/
The clusterregistry/
directory is optional, and contains configs for
ClusterSelectors.
ClusterSelectors limit which clusters a config applies to, and are referenced in
configs found in the cluster/
and namespaces/
directories.
system/
The system/
directory contains configs for the Operator. See
Installing Config Sync
for more information on configuring Config Sync.
Example repo
The example repo illustrates the structure of a repo.
Notice the nested abstract namespace directories online/
and
shipping-app-backend/
within namespaces/
. They are abstract namespace
directories because they do not directly contain a config for a namespace.
foo-corp
├── cluster
│ ├── namespace-reader-clusterrolebinding.yaml
│ ├── namespace-reader-clusterrole.yaml
│ ├── pod-creator-clusterrole.yaml
│ └── pod-security-policy.yaml
├── clusterregistry
│ ├── cluster-1.yaml
│ ├── cluster-2.yaml
│ ├── clusterselector-1.yaml
│ └── clusterselector-2.yaml
├── namespaces
│ ├── audit
│ │ └── namespace.yaml
│ ├── online
│ │ └── shipping-app-backend
│ │ ├── pod-creator-rolebinding.yaml
│ │ ├── quota.yaml
│ │ ├── shipping-dev
│ │ │ ├── job-creator-rolebinding.yaml
│ │ │ ├── job-creator-role.yaml
│ │ │ ├── namespace.yaml
│ │ │ └── quota.yaml
│ │ ├── shipping-prod
│ │ │ └── namespace.yaml
│ │ └── shipping-staging
│ │ └── namespace.yaml
│ ├── sre-rolebinding.yaml
│ ├── sre-supported-selector.yaml
│ └── viewers-rolebinding.yaml
└── system
└── hierarchy-config.yaml
What's next
- Learn more about using the repo
- Create a config
- Learn how to manage namespaces and namespace-scoped objects