Stay organized with collections
Save and categorize content based on your preferences.
Resources
Config Connector includes a collection of
Custom Resource Definitions
(CRDs). Each CRD allows you to configure a Google Cloud
resource from Kubernetes. Config Connector also allows you to leverage a number
of Kubernetes features for managing Google Cloud resources.
This page introduces you to how Config Connector uses Kubernetes objects and
their metadata.
Kubernetes objects and Config Connector resources
For example, when you create a
Kubernetes Object
of kind: SQLInstance, Config Connector creates a Cloud SQL Instance.
This section describes how Config Connector extends object types.
The spec field contains all the fields that define an object's desired
state, with the exception of Labels. The subfields of a spec
refer to the associated Google Cloud resource. When you change a
subfield, the Google Cloud resource's value is
eventually consistent with your intended value.
An example of a writable field is databaseVersion in a SQLInstance
resource.
Status
The status field is read-only and contains the current state of your object.
Config Connector periodically reads information on your Google Cloud
resource and updates the status. You can check a resource's error messages
or readiness by looking at the Status.Condition.
An example read-only status field is the connectionName of a
SQLInstance resource.
Object metadata
Each Config Connector resource includes a
metadata
field. This section describes how Config Connector uses subfields within
metadata.
Name
The name of a Config Connector resource. It should follow the
naming convention
of a Kubernetes object name. It is used by default as the name of the
corresponding Google Cloud resource. If the resourceID field is
supported in the Config Connector resource, you can specify a different
name, which follows the naming convention of the Google Cloud
resource, for the corresponding Google Cloud resource in the
spec.resourceID field. For more information, see
Managing resources with the resourceID field.
Namespace
The namespace you create a Config Connector resource in determines the
project that contains the Google Cloud resource. For more on
namespaces, see
Kubernetes Namespaces and Google Cloud Projects.
Labels
Labels in the metadata field of a Config Connector resource are also added
to the associated Google Cloud resource.
In addition, Config Connector adds a system label named managed-by-cnrm
with a value of true to your Google Cloud resources.
Annotations
Config Connector can take additional actions on your resources that are
not defined in the spec. These actions are defined in subfields of
metadata.annotations. Annotation values must be a string.
The types of annotations Config Connector supports
are described in annotations.
Folders and hierarchical resources
In addition to managing resources in Google Cloud products,
Config Connector supports creating and managing resources within
Google Cloud Folders and Organizations.
For more information, see Namespaces and projects.
Config Connector uses a ready condition in
status.condition for two purposes:
indicating when a resource is ready. When a resource is reconciled and
ready, its status.condition.status will be set to True. To check when
a resource is ready, see Waiting for resources to be ready
displaying additional error or information. The ready
condition has Message and Reason fields which provide additional
information on the resource's status.
Events
Important status changes for Config Connector resources are visible as
Kubernetes events. For more information, see
Viewing events.
Declarative configuration and eventual consistency
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eConfig Connector allows the configuration of Google Cloud resources using Kubernetes Custom Resource Definitions (CRDs), extending Kubernetes capabilities.\u003c/p\u003e\n"],["\u003cp\u003eEach Config Connector resource includes a \u003ccode\u003espec\u003c/code\u003e field, defining the desired state of the object, and a read-only \u003ccode\u003estatus\u003c/code\u003e field, reflecting the current state as observed in Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eConfig Connector resources utilize Kubernetes object metadata, including names, namespaces, and labels, with labels being mirrored to the associated Google Cloud resource.\u003c/p\u003e\n"],["\u003cp\u003eConfig Connector supports \u003ccode\u003emetadata.annotations\u003c/code\u003e, which allows users to define actions not within \u003ccode\u003espec\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eConfig connector displays error information and if the resource is ready through \u003ccode\u003estatus.condition\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Resources\n=========\n\n*** ** * ** ***\n\nConfig Connector includes a collection of\n[Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)\n(CRDs). Each CRD allows you to configure a Google Cloud\nresource from Kubernetes. Config Connector also allows you to leverage a number\nof Kubernetes features for managing Google Cloud resources.\n\nThis page introduces you to how Config Connector uses Kubernetes objects and\ntheir metadata.\n\nKubernetes objects and Config Connector resources\n-------------------------------------------------\n\nFor example, when you create a\n[Kubernetes Object](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/)\nof `kind: SQLInstance`, Config Connector creates a Cloud SQL Instance.\nThis section describes how Config Connector extends object types.\n\n### Spec and Status\n\nEach Config Connector resource is a\n[Kubernetes object](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/)\nwith a\n[`Spec` and a `Status`](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#object-spec-and-status).\n\nSpec\n: The `spec` field contains all the fields that define an object's desired\n state, with the exception of [`Labels`](#labels). The subfields of a `spec`\n refer to the associated Google Cloud resource. When you change a\n subfield, the Google Cloud resource's value is\n [eventually consistent](#declarative_configuration_and_eventual_consistency) with your intended value.\n: An example of a writable field is `databaseVersion` in a SQLInstance\n resource.\n\nStatus\n: The `status` field is read-only and contains the current state of your object.\n Config Connector periodically reads information on your Google Cloud\n resource and updates the `status`. You can check a resource's error messages\n or readiness by looking at the [`Status.Condition`](#status_condition).\n: An example read-only `status` field is the `connectionName` of a\n SQLInstance resource.\n\nObject metadata\n---------------\n\nEach Config Connector resource includes a\n[metadata](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#attaching-metadata-to-objects)\nfield. This section describes how Config Connector uses subfields within\nmetadata.\n\nName\n: The name of a Config Connector resource. It should follow the\n [naming convention](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names)\n of a Kubernetes object name. It is used by default as the name of the\n corresponding Google Cloud resource. If the `resourceID` field is\n supported in the Config Connector resource, you can specify a different\n name, which follows the naming convention of the Google Cloud\n resource, for the corresponding Google Cloud resource in the\n `spec.resourceID` field. For more information, see\n [Managing resources with the `resourceID` field](/config-connector/docs/how-to/managing-resources-with-resource-ids).\n\nNamespace\n: The namespace you create a Config Connector resource in determines the\n project that contains the Google Cloud resource. For more on\n namespaces, see\n [Kubernetes Namespaces and Google Cloud Projects](/config-connector/docs/concepts/namespaces-and-projects).\n\nLabels\n: Labels in the metadata field of a Config Connector resource are also added\n to the associated Google Cloud resource.\n: In addition, Config Connector adds a system label named `managed-by-cnrm`\n with a value of `true` to your Google Cloud resources.\n\nAnnotations\n: Config Connector can take additional actions on your resources that are\n not defined in the `spec`. These actions are defined in subfields of\n `metadata.annotations`. Annotation values *must* be a string.\n The types of annotations Config Connector supports\n are described in [annotations](/config-connector/docs/reference/annotations).\n\nFolders and hierarchical resources\n----------------------------------\n\nIn addition to managing resources in Google Cloud products,\nConfig Connector supports creating and managing resources within\nGoogle Cloud [Folders and Organizations](/resource-manager/docs/creating-managing-folders).\nFor more information, see [Namespaces and projects](/config-connector/docs/concepts/namespaces-and-projects).\n\nUsing RBAC for Access Control\n-----------------------------\n\nKubernetes\n[Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\n(RBAC) secures your resources. You can control creation of Google Cloud\nresources by assigning RBAC permissions. For more information, see\n[Securing access to resources](/config-connector/docs/how-to/securing-access-to-resources).\n\nStatus Condition\n----------------\n\nConfig Connector uses a ready condition in\n[`status.condition`](https://dev.to/maelvls/what-the-heck-are-kubernetes-conditions-for-4je7) for two purposes:\n\n- indicating when a resource is ready. When a resource is reconciled and ready, its `status.condition.status` will be set to `True`. To check when a resource is ready, see [Waiting for resources to be ready](/config-connector/docs/how-to/monitoring-your-resources#waiting_for_resources_to_be_ready)\n- displaying additional error or information. The ready condition has `Message` and `Reason` fields which provide additional information on the resource's status.\n\nEvents\n------\n\nImportant status changes for Config Connector resources are visible as\nKubernetes events. For more information, see\n[Viewing events](/config-connector/docs/how-to/monitoring-your-resources#viewing_events_for_a_single_resource).\n\nDeclarative configuration and eventual consistency\n--------------------------------------------------\n\nSee [Reconciliation](/config-connector/docs/concepts/reconciliation).\n\nWhat's next\n-----------\n\n- [Get started with Config Connector](/config-connector/docs/how-to/getting-started)\n- Learn about the [Resources](/config-connector/docs/reference/resources) that Config Connector configures."]]
