This repo contains assets to run an Anthos Config Management (ACM) workshop.
The workshop shows how to use Anthos Config Management to manage multiple Kubernetes clusters in different environments (GCP, other clouds, on-prem) in order to:
- Centrally configure and manage 'landing-zones' for multiple application deployment teams
- Implement pull request flows to request and approve changes
- Enforce security guardrails through Policy Controller constraints (based on OPA Gatekeeper)
The person running the workshop impersonates the 'platform team' and the 'security team' defining managed clusters configurations and security policies (quotas, rbac, network policies, etc...) and, in addition to that, will use two distinct Google accounts to impersonate 2 different application delivery teams deploying workloads in their assigned 'landing zones' defined as namespaces named application1 and application2.
Managed clusters will sync their configuration using Anthos Config Management Config Sync and security policies will be enforced with Anthos Config Management Policy Controller based on OPA Gatekeeper.
This workshop has been run as a talk named Using Source Code Management Patterns to Configure & Secure Kubernetes Clusters in the following events: