In the topic about working with configs, you learned how to write configs in general. This topic covers more details about using Config Sync to configure clusters and cluster-scoped objects. You can also read about configuring namespaces and namespace-scoped objects.
All configs for clusters and cluster-scoped objects are located within the
cluster/ directory of the repo, which cannot
If you do not include a ClusterSelector in your repo, a
cluster/ applies to every cluster enrolled in
Limiting which clusters a config affects
Normally, Config Sync applies a config to each enrolled cluster. To limit which clusters a particular config affects based on each cluster's labels, use a ClusterSelector. A ClusterSelector narrows the pool of clusters a config applies to.
Configuring the cluster's labels
You can use a Cluster config to configure a cluster's labels and annotations. If you use ClusterSelectors, each cluster needs a set of labels that the ClusterSelector can select. While you can label clusters manually, we recommend you configure labels using a Cluster config.
Example ClusterRole config
This config creates a ClusterRole called
namespace-reader, which provides
the ability to read all
namespace objects in the cluster. A ClusterRole
config is often used together with a
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: namespace-reader rules: - apiGroups: [""] resources: ["namespaces"] verbs: ["get", "watch", "list"]
Example ClusterRoleBinding config
This config creates a ClusterRoleBinding called
namespace-readers. It grants
namespace-reader ClusterRole across all enrolled
kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: namespace-readers subjects: - kind: User name: firstname.lastname@example.org apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: namespace-reader apiGroup: rbac.authorization.k8s.io
- Learn about applying configs to a subset of clusters
- Learn more about configuring namespaces and namespace-scoped objects
- Try the quickstart