Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Escolher um tipo de instalação
A página oferece uma vista geral das diferentes opções de instalação que pode usar ao instalar o Config Connector.
Pode instalar o Config Connector de uma das três formas seguintes:
Config Controller:
O Config Controller é um serviço alojado que inclui o Config Connector. A versão do Config Connector no Config Controller é gerida pela Google e atualizada automaticamente de forma regular à medida que as versões se qualificam.
O Config Controller é um plano de controlo centralizado e designado que oferece uma forma mais segura de gerir Google Cloud recursos. Para mais informações, consulte o artigo
Início rápido: faça a gestão de recursos com o Config Controller
ou Configure o Config Controller.
Suplemento do Config Connector do GKE:
O suplemento do Config Connector permite-lhe instalar o Config Connector durante a criação do cluster.
O suplemento Config Connector só está disponível em clusters GKE Standard e não no Autopilot.
A versão do Config Connector instalada através do suplemento do Config Connector está frequentemente atrasada até 12 meses ou mais. Para mais informações, consulte o artigo
Atualizações do suplemento Config Connector.
Se quiser reduzir o custo operacional da gestão de um cluster padrão do GKE,
considere usar o Config Controller.
Existem muitos fatores a ter em conta quando seleciona um método de instalação. A tabela seguinte apresenta algumas considerações de nível superior:
Métodos de instalação
Vantagens
Desvantagens
Configuração do comando
• Não é necessária instalação.
• Atualizações automáticas de versões.
• Inclui componentes GitOps pré-criados: Config Sync.
• Gerido e suportado por Google Cloud.
• Restrição em cargas de trabalho personalizadas.
• Taxa de gestão e cluster.
Instalação manual
• Totalmente personalizável.
• Horário de atualização da versão flexível.
• Pode ser executado com qualquer carga de trabalho personalizada no mesmo cluster.
• Custo operacional.
Suplemento GKE Config Connector
• Um atraso significativo em relação à versão mais recente do Config Connector.
Autenticação
Se quiser instalar o Config Connector em clusters do GKE, use a
Federação do Workload Identity para o GKE.
A federação de identidades da carga de trabalho para o GKE permite-lhe configurar uma conta de serviço do Kubernetes
para se fazer passar por contas de serviço da gestão de identidade e de acesso (IAM) para aceder a Google Cloud
serviços. O Config Connector usa essa conta de serviço do Kubernetes no cluster para criar novos recursos. O Config Connector só pode criar recursos com as funções que concede à conta de serviço do IAM.
Pode optar por gerir recursos com uma única conta de serviço ou várias contas de serviço. Se quiser usar várias contas de serviço, tem de instalar o Config Connector no modo de espaço de nomes.
Para mais informações sobre a utilização de contas de serviço da IAM com o Config Connector,
consulte o artigo Controlo de acesso com a IAM.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-08-21 UTC."],[[["\u003cp\u003eConfig Connector can be installed in three ways: through Config Controller, manual installation, or as a GKE Config Connector add-on.\u003c/p\u003e\n"],["\u003cp\u003eConfig Controller offers a managed service with automatic updates and built-in GitOps features, but with some restrictions on custom workloads.\u003c/p\u003e\n"],["\u003cp\u003eManual installation provides full customization and flexible version updates but comes with increased operational costs.\u003c/p\u003e\n"],["\u003cp\u003eThe GKE Config Connector add-on is available only on GKE Standard clusters and typically has significant version lag.\u003c/p\u003e\n"],["\u003cp\u003eAuthentication for Config Connector on GKE clusters utilizes Workload Identity Federation, while other deployment options may require Cloud Identity and IAM service account keys, which pose security risks if not properly managed.\u003c/p\u003e\n"]]],[],null,["# Choosing an installation type\n=============================\n\n*** ** * ** ***\n\nThe page provides you with an overview of the different installations options\nyou can use when installing Config Connector.\n\nYou can install Config Connector in one of three ways:\n\n- **[Config Controller](/anthos-config-management/docs/concepts/config-controller-overview)** :\n Config Controller is a hosted service that includes Config Connector. The Config Connector version\n in Config Controller is managed by Google and automatically updated regularly as versions qualify.\n Config Controller is a centralized and designated control\n plane which provides a more secure way to manage Google Cloud resources. For more information, see\n [Quickstart: Manage resources with Config Controller](/anthos-config-management/docs/tutorials/manage-resources-config-controller)\n or [Set up Config Controller](/anthos-config-management/docs/how-to/config-controller-setup).\n\n- **[Manual installation](/config-connector/docs/how-to/install-manually)** :\n To manually install Config Connector, you need to download and use a\n [Kubernetes Operator](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/).\n Manual installation gives you flexibility on the version you want to apply and when to upgrade.\n If you want to\n [install Config Connector on other Kubernetes distributions](/config-connector/docs/how-to/install-other-kubernetes),\n you need to use a manual installation.\n\n- **[GKE Config Connector add-on](/config-connector/docs/how-to/install-upgrade-uninstall)** :\n The Config Connector add-on lets you install Config Connector during cluster creation.\n The Config Connector add-on is available on only GKE Standard\n clusters, and not [Autopilot](/kubernetes-engine/docs/concepts/autopilot-overview#add-ons).\n The version of Config Connector installed through the Config Connector add-on is often behind by up to 12 months or more. For more information, see\n [Config Connector add-on upgrades](/config-connector/docs/how-to/install-upgrade-uninstall#how-gcp-upgrades-add-on).\n If you want to reduce the operational cost of managing a GKE Standard cluster,\n consider using [Config Controller](/anthos-config-management/docs/concepts/config-controller-overview).\n\nThere are many factors to consider when selecting an installation method. The following table outlines some high-level considerations:\n\nAuthentication\n--------------\n\nIf you want to install Config Connector on GKE clusters, use\n[Workload Identity Federation for GKE](/kubernetes-engine/docs/concepts/workload-identity).\nWorkload Identity Federation for GKE lets you configure a Kubernetes ServiceAccount\nto impersonate Identity and Access Management (IAM) service accounts to access Google Cloud\nservices. Config Connector uses that Kubernetes ServiceAccount\nwithin your cluster to create new resources. Config Connector can only create\nresources with the roles that you grant the IAM service account.\n\nIf you want to install Config Connector on other\n[deployment options](/anthos/deployment-options), such as on-premises or\nmulti-cloud options, use [Cloud Identity](/identity/docs/overview) to\ncreate an account and then use IAM to\n[create a service account key and import the key's credentials as a Secret to your clusters](/iam/docs/keys-create-delete).\n| **Note:** Service account keys are a security risk if not managed correctly. You should [choose a more secure alternative to service account keys](/docs/authentication#auth-decision-tree) whenever possible. If you must authenticate with a service account key, you are responsible for the security of the private key and for other operations described by [Best practices for managing service account keys](/iam/docs/best-practices-for-managing-service-account-keys). If you are prevented from creating a service account key, service account key creation might be disabled for your organization. For more information, see [Managing secure-by-default organization resources](/resource-manager/docs/secure-by-default-organizations).\n|\n|\n| If you acquired the service account key from an external source, you must validate it before use.\n| For more information, see [Security requirements for externally sourced credentials](/docs/authentication/external/externally-sourced-credentials).\n\nManaging resources with service accounts\n----------------------------------------\n\nYou can choose to manage resources with a single service account, or multiple\nservice accounts. If you want to use multiple service accounts, you must\n[install Config Connector in namespaced mode](/config-connector/docs/how-to/install-namespaced).\nFor more information about using IAM service accounts with Config Connector,\nsee [Access control with IAM](/config-connector/docs/how-to/configure-iam-permissions).\n\nWhat's next\n-----------\n\n- Learn how to [manage Google Cloud resources with Config Controller](/anthos-config-management/docs/tutorials/manage-resources-config-controller).\n- Learn how to [manually install Config Connector](/config-connector/docs/how-to/install-manually).\n- Learn how to [install Config Connector as a GKE add-on](/config-connector/docs/how-to/install-upgrade-uninstall).\n- Learn how to [install Config Connector on other Kubernetes distributions](/config-connector/docs/how-to/install-other-kubernetes)."]]