Config Connector includes a collection of Custom Resource Definitions (CRDs). Each CRD allows you to configure a Google Cloud resource from Kubernetes. Config Connector also allows you to leverage a number of Kubernetes features for managing Google Cloud resources.
This page introduces you to how Config Connector uses Kubernetes objects and their metadata.
Kubernetes objects and Config Connector resources
For example, when you create a
kind: SQLInstance, Config Connector creates a Cloud SQL Instance.
This section describes how Config Connector extends object types.
Spec and Status
Each Config Connector resource is a
Spec and a
specfield contains all the fields that define an object's desired state, with the exception of
Labels. The subfields of a
specrefer to the associated Google Cloud resource. When you change a subfield, the Google Cloud resource's value is eventually consistent with your intended value.
- An example of a writable field is
databaseVersionin a SQLInstance resource.
statusfield is read-only and contains the current state of your object. Config Connector periodically reads information on your Google Cloud resource and updates the
status. You can check a resource's error messages or readiness by looking at the
- An example read-only
statusfield is the
connectionNameof a SQLInstance resource.
Each Config Connector resource includes a metadata field. This section describes how Config Connector uses subfields within metadata.
- The name of a Config Connector resource. It should follow the
of a Kubernetes object name. It is used by default as the name of the
corresponding Google Cloud resource. If the
resourceIDfield is supported in the Config Connector resource, you can specify a different name, which follows the naming convention of the Google Cloud resource, for the corresponding Google Cloud resource in the
spec.resourceIDfield. For more information, see Managing resources with the
- The namespace you create a Config Connector resource in determines the project that contains the Google Cloud resource. For more on namespaces, see Kubernetes Namespaces and Google Cloud Projects.
- Labels in the metadata field of a Config Connector resource are also added to the associated Google Cloud resource.
- In addition, Config Connector adds a system label named
managed-by-cnrmwith a value of
trueto your Google Cloud resources.
- Config Connector can take additional actions on your resources that are
not defined in the
spec. These actions are defined in subfields of
metadata.annotations. Annotation values must be a string. The types of annotations Config Connector supports are described in annotations.
Folders and hierarchical resources
In addition to managing resources in Google Cloud products, Config Connector supports creating and managing resources within Google Cloud Folders and Organizations. For more information, see Namespaces and projects.
Using RBAC for Access Control
Kubernetes Role Based Access Control (RBAC) secures your resources. You can control creation of Google Cloud resources by assigning RBAC permissions. For more information, see Securing access to resources.
Config Connector uses a ready condition in
status.condition for two purposes:
- indicating when a resource is ready. When a resource is reconciled and
status.condition.statuswill be set to
True. To check when a resource is ready, see Waiting for resources to be ready
- displaying additional error or information. The ready
Reasonfields which provide additional information on the resource's status.
Important status changes for Config Connector resources are visible as Kubernetes events. For more information, see Viewing events.
Declarative configuration and eventual consistency
- Get started with Config Connector
- Learn about the Resources that Config Connector configures.