Stay organized with collections
Save and categorize content based on your preferences.
Install Config Sync and Policy Controller
Config Sync and Policy Controller enforce a common configuration across your
entire infrastructure. You define configurations, such as custom security policies.
These configurations are stored in a version-controlled source of truth, such as a Git repository.
Config Sync and Policy Controller then ensure that your infrastructure aligns with these configurations.
Before you begin
If you host your Config Sync source of truth at a location
that's inaccessible from your Azure Virtual Network (VNet), you must open outbound access to your
source of truth host from your
node pool security group.
The following list contains default ports based on your authentication
method.
To enable Config Sync to sync Kubernetes configuration
files from a source of truth, follow the
installation instructions in the
Config Sync
documentation.
To enable Policy Controller to audit and enforce admission control policies,
follow the installation instructions in the
Policy Controller
documentation.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Install Config Sync and Policy Controller\n=========================================\n\nConfig Sync and Policy Controller enforce a common configuration across your\nentire infrastructure. You define configurations, such as custom security policies.\nThese configurations are stored in a version-controlled source of truth, such as a Git repository.\nConfig Sync and Policy Controller then ensure that your infrastructure aligns with these configurations.\n\nBefore you begin\n----------------\n\nIf you host your Config Sync source of truth at a location\nthat's inaccessible from your Azure Virtual Network (VNet), you must open outbound access to your\nsource of truth host from your\n[node pool security group](/kubernetes-engine/multi-cloud/docs/azure/reference/security-groups#node_pool_security_groups).\nThe following list contains default ports based on your authentication\nmethod.\n\nFor more information about modifying Azure security groups, see [Azure network security groups](https://docs.microsoft.com/azure/virtual-network/network-security-groups-overview) and [Azure application security groups](https://docs.microsoft.com/azure/virtual-network/application-security-groups).\n\nInstallation instructions\n-------------------------\n\nTo enable Config Sync to sync Kubernetes configuration\nfiles from a source of truth, follow the\ninstallation instructions in the\n[Config Sync](/anthos-config-management/docs/how-to/installing-config-sync)\ndocumentation.\n\nTo enable Policy Controller to audit and enforce admission control policies,\nfollow the installation instructions in the\n[Policy Controller](/anthos-config-management/docs/how-to/installing-policy-controller)\ndocumentation.\n\nWhat's next?\n------------\n\n- Learn about adding [Configs](/anthos-config-management/docs/concepts/configs)\n to a source of truth.\n\n- Check the\n [examples GitHub repository](https://github.com/GoogleCloudPlatform/anthos-config-management-samples)."]]
