Stay organized with collections
Save and categorize content based on your preferences.
This page explains the different fields that you can set in your
ConfigManagement object. You can use this object when you are configuring
Config Sync using kubectl commands. You might also use these fields
if you're managing Policy Controller with a ConfigManagement
object instead of the Policy Controller gcloud commands.
If true, enables the Config Sync admission webhook to
prevent drifts
by rejecting conflicting changes from being pushed to live
clusters. Defaults to false.
Config Sync always remediates drifts no matter the value of this field.
If true, enables the use of deprecated
spec.git fields in the ConfigManagement while
still using multi-repo mode. Setting this field automatically generates a
RootSync resource on the cluster.
If true, installs a
library
of constraint templates for common policy types. Defaults to true.
spec.policyController.referentialRulesEnabled
If true, enables support for referential constraints. Be
sure that you understand the
caveats about eventual consistency.
Defaults to false.
spec.policyController.auditIntervalSeconds
Period in seconds between consecutive audits of constraint violations.
Set to 0 to disable auditing. Default: 60.
spec.policyController.logDeniesEnabled
If true, logs all denies and dry run failures. Defaults to
false.
spec.policyController.mutation.enabled
If true, enables support for
mutations. Defaults to
false.
spec.policyController.exemptableNamespaces
A list of namespaces to remove from Policy Controller admission
webhook enforcement. Any violations are still reported in audit.
Defaults to an empty list.
spec.policyController.monitoring.backends
A list of monitoring backends for Policy Controller to export
metrics to. Default: [cloudmonitoring, prometheus].
Configuration for behavior of the ConfigManagement object
Key
Description
spec.clusterName
The user-defined name for the cluster used by
ClusterSelectors to
group clusters together. Unique within an Config Sync
installation. You cannot configure this field in the Google Cloud console.
The Google Cloud service account used to annotate the RootSync or
RepoSync controller's Kubernetes Service Account. This field is only used
when spec.git.secretType is gcpserviceaccount.
spec.git.syncRepo
The URL of the Git repository to use as the source of truth. Required.
spec.git.syncBranch
The branch of the repository to sync from. Default: master.
spec.git.policyDir
The path in the Git repository to the root directory that contains the
configuration that you want to sync. Default: the root directory of the
repository.
spec.git.syncWait
The time duration between consecutive syncs. Default: 15s.
spec.git.syncRev
Git revision (tag or hash) to check out. Default HEAD.
spec.git.secretType
The type of secret configured for access to the Git repository. One of
ssh, cookiefile, token,
gcenode, gcpserviceaccount, or
none. Required.
spec.sourceFormat
The format of your Git repository. Can be
unstructured
or hierarchy.
Default: hierarchy.
Proxy configuration for the Git repository
If your organization's security policies require you to route traffic through
an HTTP(S) proxy, you can use the proxy's URI to configure
Config Sync to communicate with your Git host. Proxy is only supported when
using an authorization type of cookiefile, none, or token.
Key
Description
spec.git.proxy.httpProxy
Defines an HTTP_PROXY environment variable used to access the Git repository.
spec.git.proxy.httpsProxy
Defines an HTTPS_PROXY environment variable used to access the Git repository.
If both the httpProxy and httpsProxy fields are specified, httpProxy is ignored.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-26 UTC."],[],[]]