Using the Config Sync repo

Config Sync uses a Git repository for storage and version control, and takes actions based on its contents. In Config Sync, this repository is called the repo.

This page shows you how to initialize the repo and configure the Config Sync Operator to read from it. You can find out more about the repo's structure and layout.

Initializing the repo

You can initialize the repo using the nomos init command, or you can create the directory structure manually. Empty directories cannot be committed to a Git repository. You can use the nomos vet command to verify your repo's structure, even if you created the repo manually.

Configuring the Config Sync Operator to read from the repo

You configure the location of the repo when you install Config Sync, and you can edit its configuration later in the Operator's configuration file. In addition to the location of the repo, you can specify a Git branch and a subdirectory to watch, if the Git repository has contents other than configs.

After updating the configuration file, you apply it to the cluster using the kubectl apply command. Config Sync does not manage the configuration of the Operator itself.

You can grant people access to a given product team's deployment repo. However, you should be aware that when you are granting a person access to a deployment repo, that person is also granted the same RBAC as the reconciler running for that repo.

To configure authentication and authorization between Config Sync and the repo, see the installation step about configuring the git-creds Secret.

What's next