Managing Clusters and Security Policies with Anthos Config Management

Alan Leal
Calendar icon
February 25, 2020

Although we saw many changes in the cloud in 2019, one of the most buzzed about was Google Anthos, a multi-cloud, hybrid application platform. Anthos marks Google’s first official release in the enterprise space and it stands out as one of the first multi-cloud platforms from a mainstream public cloud provider.

This innovative and modern application platform provides a seamless convergence of both efficiency and security, allowing businesses to build consistency between cloud and on-premise environments. Although the benefits are vast, security can be challenging when working across a rapidly changing hybrid container environment. Enter: Anthos Config Management.

We have put together some of the biggest benefits of this new platform as well as some ways that businesses can manage clusters and security policies with Anthos Config Management.

What technology powers Anthos?

At the core of Anthos is one of the most popular open-source projects, Kubernetes, which is another big reason why this platform is so exciting. Built on the solid foundation of Google Kubernetes Engine (GKE), customers are able to use this control plane to manage the infrastructure that is distributed across on-premise data centers as well as today’s major cloud providers such as Google Cloud, Amazon Web Services and Azure. Customers can deploy this on any compatible VSphere-based infrastructure and Google will treat it as a logical extension of GKE.

While this takes away some headaches, customers will still have to deal with multiple Kubernetes deployments running across a variety of environments, something that can quickly become overwhelming and unmanageable. Anthos Config Management is the answer to these problems, providing a version-controlled, secure, central repository of all things related to configuration and policy. All of this can run within your current git source code repository.

Features of Anthos Config Management

Anthos Config Management is a key component of Anthos. Some of the major abilities that Config Management provides include:

Define and enforce policies across hybrid Kubernetes deployments

Utilizing a central Git repository to manage access-control policies, Config Management is able to continuously check cluster states and applies the desired state enforcing policies. This includes almost all configurable Kubernetes settings such as RBAC, resource quotas, and namespaces in all of your clusters both on-premises and in the cloud.

  • Define configs: Create a common configuration that can be applied to the Kubernetes clusters in your fleet
  • Enforce configs: Roll out configs to clusters all over the globe, ensuring that your desired state is reflected and actively maintained

Automate policy and security at scale for Kubernetes deployments

Config Management allows you to not only create a common configuration across all of your infrastructures, but it also gives you the ability to customize policies and apply them both to clusters both on-premise and the cloud. It evaluates all changes and then rolls them out to all Kubernetes clusters so your preferred state is always reflected.

  • Customize environments: Flexibly configure different policies for groups of clusters or namespaces
  • Apply custom rules: Write and apply custom rules to native Kubernetes configuration objects to meet your organization’s unique security and compliance requirements. Inspect updates to your Anthos infrastructure and reject out of compliance changes.

Introduce security safeguards

Security is one of the most important aspects of any type of cloud or on-premise environment, especially when adding new employees or team members. Anthos Config Management helps to create a consistent environment that offers security by default for developers, applying desired cluster configurations to get new teams up and running quickly. Last but not least, ACM helps prevent serious errors that can result from accidental mistakes. For example, an admin decides to permanently delete a development environment because he thinks it is not connected to a live production environment, and in the process ends up deleting a vital production instance.

  • Validation: Prevent pushing bad configurations with built-in validators that review every line of code before it gets to your repository
  • Source Control: Stage your configuration changes in separate branches, collaborate on code reviews, and easily revert clusters to their last healthy state
  • Code Review: With ACM, review configurations using the built-in code review process that exists within Git.

Maintain control over cluster sprawl

As Kubernetes deployments continue to grow and teams add more clusters, the new overhead in managing a separate set of configurations becomes an issue. With Config Management, there is one centralized place for multi-cluster management, providing a platform that scales as your use cases do.

  • Active monitoring: Prevent configuration drift with continuous monitoring of your cluster state, using the declarative model to apply policies that enforce compliance
  • Auditing: continuously audits your Anthos environment to identify clusters that don’t follow your organization’s custom rules


As business applications of Google Anthos continue to expand, the necessity for a strong configuration management tool will only continue to become more apparent. Organizations will find that it’s finally time to upgrade applications to modern architecture and let go of the fear of security and compliance concerns by relying on a service provider that can assist with all of this and more.

Google Anthos for the enterprise

Techolution is a next gen digital transformation consultancy and the world’s leading experts in hybrid cloud, including Anthos. Partnering with you, we’ll show you how to harness the power of Google Anthos so you can manage all of your applications from a single point of command and simplify the process of deploying and enforcing compliance measures across your cluster environment.

Interested in learning more about Google Anthos and how it could transform your business? Consult with us today.