This documentation is for the most recent version of GKE on Azure, released in November 2021. See the Release notes for more information.

Install Config Sync and Policy Controller

Config Sync and Policy Controller enforce a common configuration across your entire infrastructure. You define configurations, such as custom security policies. These configurations are stored in a version-controlled source of truth, such as a Git repository. Config Sync and Policy Controller then ensure that your infrastructure aligns with these configurations.

Before you begin

If you host your Config Sync source of truth at a location that's inaccessible from your Azure Virtual Network (VNet), you must open outbound access to your source of truth host from your node pool security group. The following list contains default ports based on your authentication method.

Authentication method	Port
Access to Git with SSH key pair	22
Access to Git with Cookiefile	443
Access to Git or Helm with Personal access token	443
Access to Git with Google Cloud service account	443
Access to OCI or Helm with `gcenode`	443
Access to OCI or Helm with `gcpserviceaccount` and Workload Identity Federation for GKE	443

For more information about modifying Azure security groups, see Azure network security groups and Azure application security groups.

Installation instructions

To enable Config Sync to sync Kubernetes configuration files from a source of truth, follow the installation instructions in the Config Sync documentation.

To enable Policy Controller to audit and enforce admission control policies, follow the installation instructions in the Policy Controller documentation.

What's next?

Learn about adding Configs to a source of truth.
Check the examples GitHub repository.