Config Sync lets cluster operators and platform administrators deploy consistent configurations and policies across multiple clusters. This simplifies and automates configuration and policy management at scale.
Start using Config Sync
Follow the installation guide to install OSS Config Sync. If you are using GKE or Anthos, you can also install Config Sync through the Google Cloud GUI or Google Cloud CLI.
Start contributing to Config Sync
We welcome contributions to Config Sync from the community. Take a look at our contribution guide to get started.
add watch for privateCertSecret
This updates the watch function to map changes to the user-managed secret in the RepoSync namespace to the upserted secret in the config-management-system namespace. This ensures the secret is kept up to date if the user updates the secret.
Change is based on https://github.com/GoogleContainerTools/kpt-config-sync/pull/11
upsert privateCertSecret from RepoSync
This follows the pattern of the user-provided secrets for git credentials, where the user is expected to create the RepoSync secret in the same namespace as the RepoSync. The secrets are then upserted to the config-management-system namespace by the Reconciler. This is to support use cases where the RepoSync user does not have access to the c-m-s namespace.
Send correct number of declared_resources
Fix metrics validation
Fix metrics validation
Cleanup logs & errors in reconciler-manager
run tidy as part of presubmit check
The license script runs tidy with -compat=1.17 flag, which results in a different set of modules from what is currently committed to the repo. This adds license as a presubmit check to ensure the command does not result in a dirty repo.
add terraform config for dev/ci clusters
This terraform config is intended to automate the provisioning of test infra resources needed to run the e2e tests. It can be used for the use case of our prow periodic jobs as well as development workflows.
Make client-side timeout when talking to API Server configurable
We have a few hundreds of CRDs in our clusters, and are seeing Config Sync reconciliation fail with API Server timeouts due to the client-side timeout parameter being too aggressive.
This makes the client-side timeout for API server requests configurable under
.spec.override(next to things like
statusMode; if you'd like it to be somewhere else, feel free to recommend something and I'll adjust the PR). I tried to mimic patterns already in use for other parameters, both in implementation and tests (but oh, god, does this test suite need some work...!) so I hope it looks OK.
I added two new tests for the actual expansion of config into environment variables, because I realized that all the tests of the public API that already existed were using the production implementation also to create the expected results, which in practice means that a bug there would never be exposed by the tests. There's room to add a lot more test cases in these two, to ensure that the set of expected env vars in the all the other tests match the intention. I'll leave that work for someone else 😅
A couple of questions:
make generate; are there any other code-generation commands I should run?
Add GCP+GKE metric attributes
For more details, see the docs: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/processor/resourcedetectionprocessor
Clean up scheme usage and type conversion
Filter some metrics by pod name for testing
Add Config Sync resource related attributes to GCM
This change converts the non-k8s-pod typed resource attributes added in this PR that are related to Config Sync resources into metric labels.
Adding these labels at reconciler level requires the shared Otel Collector to remove them from all metrics before exporting to internal(Monarch) pipeline.
This change also adds memory_limiter processor as a recommended way to control the intervals and memory that Otel Collector operates on.
Labels are viewable in
groupbydrop down list and can be selected to aggregate metrics.http://screen/ZtkKWoEx6bxnyiZ
Prometheus pipeline remain functioning http://screen/4tS9qSfoaFLSvAA
[WIP] Add test for GIT_SSL_CAINFO env var removal
This confirms that the new SSA used to update the reconciler Deployment correctly deletes the GIT_SSL_CAINFO env var (as long as no one else has modified it).
Improve rendering status e2e validation
Switch to new googlecloud exporter config with e2e test
Test looks for RPC errors in
otel-collectordeployment log, which catches any failure the collector has when exporting metrics.
Tested [pass] with legacy feature flag on
"--feature-gates=-exporter.googlecloud.OTLPDirect"Tested [fail] without legacy feature flag so that Otel Collector generates large amounts of error.