Giters

nabdtran / csmr-demo

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Config Sync Demo

Prerequisite

Either install 1.7.0 release of Anthos Config Management and Config Sync Operator, or install standalone Config Sync Operator.

Configuration

This demonstrates how you can leverage Config Sync multi-repo mode to sync Kubernetes configurations from a git repository to a cluster.

The example contains ClusterRole, CustomResourceDefinition, Rolebinding, Namespace, and RepoSync.

First, create a files with a ConfigManagement custom resource:

# config-management.yaml
apiVersion: configmanagement.gke.io/v1
kind: ConfigManagement
metadata:
  name: config-management
spec:
  # Enable multi-repo mode to use new features
  enableMultiRepo: true

Wait for the RootSync and RepoSync CRDs to be available:

until kubectl get customresourcedefinitions rootsyncs.configsync.gke.io reposyncs.configsync.gke.io; \
do date; sleep 1; echo ""; done

Then create a files with a RootSync custom resource:

# root-sync.yaml
# If you are using a Config Sync version earlier than 1.7,
# use: apiVersion: configsync.gke.io/v1alpha1
apiVersion: configsync.gke.io/v1beta1
kind: RootSync
metadata:
  name: root-sync
  namespace: config-management-system
spec:
  sourceFormat: unstructured
  git:
    # If you fork this repo, change the url to point to your fork
    repo: https://github.com/janetkuo/csmr-demo.git
    branch: main
    dir: "root"
    # We recommend securing your source repository.
    # Other supported auth: `ssh`, `cookiefile`, `token`, `gcenode`.
    auth: none
    # Refer to a Secret you create to hold the private key, cookiefile, or token.
    # secretRef:
    #   name: SECRET_NAME

Then, apply them to the cluster:

kubectl -f config-management.yaml
kubectl -f root-sync.yaml

Root configs

To verify resources in the "root" directory has been synced to the cluster:

nomos status
kubectl get -f root-sync.yaml -w
kubectl describe -f root-sync.yaml
kubectl get resourcegroups -n config-management-system
kubectl get <resources specified in the "root" directory>

Namespace configs

The configs in the "root" directory contains a gamestore namespace and a RepoSync resource in the gamestore namespace, referencing the "gamestore" directory in this git repository.

To verify resources in the "gamestore" directory has been synced to the cluster:

nomos status
kubectl get reposync.configsync.gke.io/repo-sync -n gamestore -w
kubectl describe reposync.configsync.gke.io/repo-sync -n gamestore
kubectl get resourcegroups -n gamestore
kubectl get <resources specified in the "gamestore" directory>

Conflict changes

Try to change the value of configmap/store-inventory annotation marketplace.com/comments in the cluster:

kubectl edit configmaps store-inventory -n gamestore

The request should be rejected by the admission webhook.

Valid changes

Try to change the same annotation in your git repository, the change can be synced to the cluster.

Note that you need to update RepoSync resource in your git repository to point to your own fork if you want to make changes in git.

About