Config Sync
1. Config Sync
Config Sync enables cluster operators and platform administrators to deploy consistent configurations and policies directly from a Git repo. This concept is called configuration as code. Let's explore the benefits of Config Sync. Auditability-- every change is in Git and correlates with a specific commit. Reversibility-- Config Sync keeps a record of changes so you can roll back to a previous state. Transactional-- changes can be grouped and applied at once. And self-healing-- Config Sync guards from drift and ensures that the declaration in the repository matches the cluster. Config Sync ensures consistent configurations and policies across clusters and namespaces, simplifying multi-tenancy. A central administrator oversees infrastructure and policies. And application operators manage deployments within their namespaces. Before we transition and examine the Config Sync architecture, let's explore a use case. Meet Olivia. Olivia has just been given a new role as platform administrator. Her first task is to ensure that all platform infrastructure across all teams is compliant with government requirements. Part of Olivia's responsibility is to administer project clusters, which are essential infrastructure elements. Olivia starts by configuring a Git repo to store the configs so that all clusters can sync with the central repository. Then she creates a config management . yaml file that will be applied to all clusters. This file tells GKE which clusters to operate on and provides information about the Git repository, including which brand and folder to sync from. The config management operator creates pods in the config management namespace. These pods ensure that the desired state of the cluster matches the actual state. The infrastructure defined in the repo contains instructions for creating, testing, and development namespaces. A member of Olivia's team was inspecting the configuration file and accidentally deleted one of the namespaces. Luckily, Config Sync recognizes that the actual and desired state are out of sync within a few seconds of the deletion and creates a new version of the deleted namespace to restore the actual infrastructure with the declarative configuration. Config Sync combines a GitOps approach with Git storage and versioning. Any changes will be automatically synced to the cluster for consistency. Next, let's explore the Config Sync architecture. Config Sync consists of multiple deployments, each with specific roles and container configurations. Components like Config Management Operator, Reconciler Manager, and OpenTelemetry Collector are deployed during Config Sync installation. Config Management Operator and Objects, they manage Config Sync components and require cluster admin permissions. Reconciler Manager and Reconcilers, they create and manage reconcilers for RootSync and RepoSync objects, ensuring synchronization. Reconciler Containers, they include Reconciler, OTel Agent and Sync Containers, such as git-sync, helm-sync, and oci-sync containers, with an optional hydration controller and GCE node askpass sidecar containers. Resource-group controller and ResourceGroup objects, they monitor and update the status of synced objects within each RootSync or RepoSync. Admission webhook, it enforces drift prevention by intercepting and validating configuration changes. RootSync and RepoSync object, they define the source of truth and scope for synchronization, cluster wide or namespace specific. Fleet Service and RootSync Objects, they manage the initial RootSync object and allow for additional RootSync or RepoSync objects. The Config Sync dashboard in GKE provides a centralized view of your configuration deployments. The Config Sync dashboard provides sync status, error identification, and visualizations of resource changes across clusters. This provides insight into drift detection and policy enforcement and simplifies multi-cluster configuration management, ensuring consistency and compliance.2. Let's practice!
Create Your Free Account
or
By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.