Config Sync and Policy Controller enforce a common configuration across your entire infrastructure. You define configurations, such as custom security policies. These configurations are stored in a version-controlled source of truth, such as a Git repository. Config Sync and Policy Controller then ensure that your infrastructure aligns with these configurations.
Before you begin
If you host your Config Sync source of truth at a location that's inaccessible from your AWS VPC , you must open outbound access to your source of truth host from your node pool security group. The following list contains default ports based on your authentication method.
Authentication method | Port |
---|---|
Access to Git with SSH key pair | 22 |
Access to Git with Cookiefile | 443 |
Access to Git or Helm with Personal access token | 443 |
Access to Git with Google Cloud service account | 443 |
Access to OCI or Helm with gcenode |
443 |
Access to OCI or Helm with gcpserviceaccount and Workload Identity Federation for GKE |
443 |
Installation instructions
To enable Config Sync to sync Kubernetes configuration files from a source of truth, follow the installation instructions in the Config Sync documentation.
To enable Policy Controller to audit and enforce admission control policies, follow the installation instructions in the Policy Controller documentation.
What's next?
Learn about adding Configs to a source of truth.
Check the examples GitHub repository.