Config Sync overview
This page provides an overview of Config Sync, the GitOps service includedwith Google Kubernetes Engine.
AdoptingGitOps as a universal best practice helpsorganizations manage Kubernetes configuration at scale. By using a centralsource of truth like a Git repository, you can improve stability, consistency,and security.
Key Term:GitOps is an approach to managing infrastructure and applicationconfiguration by using a version control system like Git as the single source oftruth.Config Sync helps you implement GitOps by automating the synchronization ofyour configuration and policies across any number of clusters. Automatic syncing lets youmanage fleets of clusters centrally, prevent configuration drift,and empower both platform and application teams.
This page is for Operators who want toimplementGitOps tools to centralize configuration management for their teams.To learn more about common roles andexample tasks that we reference in Google Cloud content, seeCommon GKE user roles and tasks.
Pricing
For information about pricing, seeGKE pricing.
Why choose Config Sync for GitOps on GKE?
Although all GitOps tools provide benefits like improved stability and consistency,Config Sync provides a set of unique advantages:
Integration with GKE and other Google Cloudproducts: Config Sync is compatible with the Google Cloud console,Terraform, or Google Cloud CLI. Config Sync extends the functionality ofGKE and works well with services like Policy Controller,Workload Identity Federation for GKE, and Cloud Monitoring. The built-in integrationhelps you set up GitOps and eases the maintenance burden required foropen-source alternatives.
Built-in observability: Config Sync includes a dashboard in theGoogle Cloud console that requires no extra setup. You can view the sync statusof all your clusters and configs from a central location, or use theGoogle Cloud CLI to check for reconciliation issues.
Scalable multi-cluster and multi-team management: Config Sync isdesigned for both centralized platform administration and delegatedapplication management. Its architecture is tested to be horizontally andvertically scalable, letting you manage clusters at scale and empower yourapplication teams to safely manage their own environments.
How Config Sync works
Config Sync continuously monitors a central source of truth andautomatically reconciles the state of your clusters to match it. You can use aGit repository, OCI image, or Helm chart as your source of truth.
The following diagram shows an overview of how a platform administrator canmanage central policies while three application operators manage their ownnamespace configurations. The namespaces all have the same admin configuration,but each namespace has a different application configuration.
Configuring clusters
Config Sync lets you create a common set of configuration and policies, suchasPolicy Controller constraints, and consistently apply them acrossregistered and connected clusters from a single source of truth.
Instead of repeatedly running thekubectl apply command manually, you canorchestrate configuration changes across fleets of clusters.
Configuring namespaces
You can use Config Sync to provision and manage Kubernetes namespaces withnamespace-scoped policies, such asRBAC roles. These policies can help youimplement and managemulti-tenancy within your clusters, lettingapplication teams to manage their own configurations safely.
What's next
- Quickstart: Sync from a Git repository
- Install Config Sync with default settings
- Review GitOps best practices
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-19 UTC.