Anthos Application Configuration

This project is intended to simplify the management of microservices on top of the Google Anthos platform. This is implemented using a single Kubernetes Custom Resource Definition (CRD) that provides high-level configuration options. The associated controller translates these high level policies into low-level kubernetes/istio resources, actively watching for and correcting configuration drift.

Target Audience

This CRD was built with a multi-team organizational structure in mind:

• The developer team
• The platform team

The platform team would have the permissions necessary to make changes to the application configuration CRD (typically applied via Anthos Config Management). This allows for centralized management of policies related to service authentication and authorization, secret injection, egress policies, required labels, etc. that improve the security of the entire system by promoting a system focused on least-privilege interactions.

The developer team then independently deploy their applications that operate within the agreed upon guardrails.

High Level Diagram