> ## Documentation Index
> Fetch the complete documentation index at: https://doc.lucidworks.com/llms.txt
> Use this file to discover all available pages before exploring further.

# ConfigSync deployment

export const LwTemplate = ({title = "Key questions to get you started", icon = "sparkles", cta = "Powered by Agent Studio", linkHref = "https://lucidworks.com/demo/?utm_source=docs&utm_medium=referral&utm_campaign=docs_cta_ai"}) => {
  const [isLoaded, setIsLoaded] = useState(false);
  useEffect(() => {
    const timer = setTimeout(() => {
      setIsLoaded(true);
    }, 500);
    return () => clearTimeout(timer);
  }, []);
  return <div className="lw-template-container">
      <Card title={title} icon={icon}>
        {isLoaded && <span dangerouslySetInnerHTML={{
    __html: `<lw-template id="a029c1a9-28be-427e-b0e1-5d918920246a"></lw-template
            >`
  }} />}
        <Link href={linkHref} className="agent-studio-link text-left text-gray-600 gap-2 dark:text-gray-400 text-sm font-medium flex flex-row items-center hover:text-primary dark:hover:text-primary-light group-hover:text-primary group-hover:dark:text-primary-light">Powered by Lucidworks Agent Studio</Link>
      </Card>
    </div>;
};

[old doc.lw link]: https//doc.lucidworks.com/fusion/5.9/5gj79e

[localhost link]: http://localhost:3000/docs/5/fusion/operations/config-sync/deployment

[mintlify link]: https://doc.lucidworks.com/docs/5/fusion/operations/config-sync/deployment

ConfigSync is disabled by default because it requires preparation of a GitHub repository.
This topic provides an overview of the deployment process.

<LwTemplate />

## 1. Prepare a GitHub repository

The `config-sync` service uses a GitHub repository to store the configuration files.

See **Set up a GitHub repo for ConfigSync** to learn how to prepare a repository for use with ConfigSync.

<Accordion title="Set up a GitHub repo for ConfigSync">
  [ConfigSync](/docs/5/fusion/operations/config-sync/overview) uses a GitHub repository to store the configuration files.
  The repository should be created independently and shared with the ConfigSync service via the Helm chart values.
  This document describes the process of setting up a GitHub repository for Fusion config files.

  {/* //== Disclaimer */}

  {/* //This process is a subject to change mainly because it proposes to use github deploy keys stored directly in github config repo. */}

  {/* //Going forward we’ll have a better process for secrets management (e.g. workload identity + secrets csi driver for GKE). */}

  ## Create a new repository

  Create a new repository in the github organization where the ConfigSync should store the config files.

  ## Create a deploy key

  Create a deploy key for the new repository.
  The deploy key should have write access to the repository.
  See the [GitHub documentation](https://docs.github.com/en/authentication/connecting-to-github-with-ssh/managing-deploy-keys#set-up-deploy-keys) for instructions.

  ## Add the deploy key and repository information to the ConfigSync values

  ### Option 1: Add the deploy key in the Helm chart

  ```yaml theme={"dark"}
  fusion-config-sync:
    # other values
    sshKey: <base64-encoded-private-key>
    cfg:
      github:
        repo: <repository-url> # use the ssh url e.g. git@github.com:OWNER/REPO.git
        branch: <customer-branch> # you can leave it as is
        mainBranch: <main-branch> # most probably it's `main`
  ```

  <Tip>
    If outbound port 22 is blocked, you can use SSH over HTTPS with a URL like `ssh://git@ssh.github.com:443/OWNER/REPO.git`.
    See the [GitHub documentation](https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port) for details.
    You still need a deploy key for this option.

    If port 443 is also blocked, you can use HTTPS with a [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).
  </Tip>

  To encode the private key to base64 you can use the following command:

  ```bash theme={"dark"}
  cat ~/.ssh/id_rsa | base64
  ```

  ### Option 2: Add the deploy key as an external secret

  Alternatively, you can store the deploy key as an external secret and reference it in the ConfigSync values.

  #### Create a secret with the deploy key:

  ```yaml theme={"dark"}
  apiVersion: v1
  kind: Secret
  metadata:
    name: config-sync-ssh
  type: Opaque
  data:
    config: SG9zdCAqCiAgU3RyaWN0SG9zdEtleUNoZWNraW5nIG5v
    id_rsa: <base64-encoded-private-key>
  ```

  To encode the private key to base64 you can use the following command:

  ```bash theme={"dark"}
  cat ~/.ssh/id_rsa | base64
  ```

  #### Update the ConfigSync values to reference the secret with the deploy key:

  ```yaml theme={"dark"}
  fusion-config-sync:
    # other values
    sshKey: null
    additionalVolumeMounts:
      - name: config-sync-ssh-key
        mountPath: /root/.ssh
        readOnly: true
    additionalVolumes:
      - name: config-sync-ssh-key
        secret:
          secretName: config-sync-ssh
          defaultMode: 256
  ```

  ## Additional configuration

  `github.*` settings control the remote GitHub repo, branch, and path within the repo.

  ```yaml theme={"dark"}
  github connection properties, common for pub/sub modes

  cfg:
    github:
      repo: https://github.com/lucidworks/cloud-config-sync.git # git repo, mandatory
      branch: dev # git branch, mandatory
      mainBranch: main # main branch, mandatory
      dir: "/tmp/config-sync-repo" # repo dir, default "/tmp/config-sync-repo"
      path: / # configs path in the repo dir, default "/"
      username: "fusion-config-sync" # git user name, default "fusion-config-sync"
      email: "fusion-config-sync@lucidworks.com" # git user email, mandatory, default "fusion-config-sync@lucidworks.com"
  ```

  ## Update the ConfigSync deployment

  Update the ConfigSync deployment with the new values.
</Accordion>

[Repo organization](/docs/5/fusion/operations/config-sync/repo-org) explains what you’ll find in the repository when ConfigSync is enabled.

## 2. Enable ConfigSync

**To enable ConfigSync, you need to update your Helm chart configuration.**
See **Enable ConfigSync** for instructions.

<Accordion title="Enable ConfigSync">
  To enable [ConfigSync](/docs/5/fusion/operations/config-sync/overview), add the `config-sync` values to your Helm chart configuration, similar to the example below:

  ```yaml theme={"dark"}
  fusion-config-sync:
    enabled: true
    # other config-sync specific values
    sshKey: <base64-encoded-private-key>
    cfg:
      github:
        repo: <repository-url> # use the ssh url e.g. git@github.com:my-fusion/config-sync-repo.git
        branch: <customer-branch> # you can leave it as is
        mainBranch: <main-branch> # most probably it's `main`
  ```

  <Tip>
    If outbound port 22 is blocked, you can use SSH over HTTPS with a URL like `ssh://git@ssh.github.com:443/OWNER/REPO.git`.
    See the [GitHub documentation](https://docs.github.com/en/authentication/troubleshooting-ssh/using-ssh-over-the-https-port) for details.
    You still need a deploy key for this option.

    If port 443 is also blocked, you can use HTTPS with a [Personal Access Token (PAT)](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).
  </Tip>

  Next, you can configure the ConfigSync mode to select Publisher mode, Subscriber mode, or Pub/Sub mode.

  For additional options, see the [ConfigSync configuration reference](/docs/5/fusion/operations/config-sync/settings).
</Accordion>

## 3. Configure the synchronization mode

You can select [Publisher](/docs/5/fusion/operations/config-sync/modes/publisher-mode), [Subscriber](/docs/5/fusion/operations/config-sync/modes/subscriber-mode), or [PubSub](/docs/5/fusion/operations/config-sync/modes/pubsub-mode) mode.
See **Configure the ConfigSync mode** for instructions.

<Accordion title="Configure the ConfigSync mode">
  [ConfigSync](/docs/5/fusion/operations/config-sync/overview) can operate in different modes:

  * [Publisher mode](/docs/5/fusion/operations/config-sync/modes/publisher-mode): Monitors Fusion for changes and pushes them to a GitHub repository.
  * [Subscriber mode](/docs/5/fusion/operations/config-sync/modes/subscriber-mode): Polls a GitHub repository for changes and applies them to Fusion.
  * [Pub/Sub mode](/docs/5/fusion/operations/config-sync/modes/pubsub-mode): Combines the features of both Publisher and Subscriber modes.

  You can configure the synchronization mode by adding the appropriate profile to the `sync` configuration in the `fusion-config-sync` section of the Helm chart configuration, as shown below.

  * Publisher mode:

    ```yaml theme={"dark"}
    fusion-config-sync:
      springProfilesOverride: "kubernetes,jwt,fusion,pub"
    ```
  * Subscriber mode:

    ```yaml theme={"dark"}
    fusion-config-sync:
      springProfilesOverride: "kubernetes,jwt,fusion,sub"
    ```
  * PubSub mode:

    ```yaml theme={"dark"}
    fusion-config-sync:
      springProfilesOverride: "kubernetes,jwt,fusion,pub,sub"
    ```

  For additional options, see [Filters](/docs/5/fusion/operations/config-sync/filters/overview) and the [ConfigSync configuration reference](/docs/5/fusion/operations/config-sync/settings).
</Accordion>

## Additional configuration options

For additional configuration options, see the [ConfigSync configuration reference](/docs/5/fusion/operations/config-sync/settings).

## Disable ConfigSync

<Accordion title="Disable ConfigSync">
  To disable ConfigSync, set the `enabled` flag to `false` in your Helm chart configuration:

  ```yaml theme={"dark"}
  fusion-config-sync:
    enabled: false
  ```
</Accordion>