One of the important consideration is how to structure your configurations that need to be applied to your clusters. The Config Sync component requires the structure for the configuration in the Git repository in a certain directory structure as shown below.
In order to understand the structure, let’s take an example of use case where you want to apply certain configurations and policies to specific clusters based on location (on-prem, US region or India region) and environment (dev, prod etc).
Firstly you would need to define namespaces on how you want to provide logical segregation of application/environments based on your requirements such as frontend, backend, development, auditor, viewer etc. The namespaces configurations are stored in namespaces directory.
Secondly you would need to identify the clusters where you need to apply certain configurations or policies. The configuration for selecting a particular cluster is stored in clusterregistry directory. You would typically apply a label to tag the required cluster (i.e. location:on-prem) and use the ClusterSelector configuration to select the clusters that match the label as shown in the figure above.
The ClusterSelector configuration is not active till you reference it in the required configuration, like assigning a specific role (or role bindings) to the required cluster or enforcing a policy for a specific cluster based on your requirements. All cluster specific configurations are kept in the cluster directory, including which needs to be applied to entire clusters.
The system folder hold system configurations which are used by ACM operators, like how to sync the repository and its version.
The above provides a logical way to organize your config repository. ACM also supports creating an unstructured repository that does not follow the structure. The unstructured repository is used where you are using third party tools like Helm and want to expand the Helm charts or maintain ad hoc deployment configurations.
We would go over the concepts in detail when we setup ACM for our application during the course of the book.