Resources

Config Connector includes a collection of Custom Resource Definitions (CRDs). Each CRD allows you to configure a single Google Cloud resource. These resources persist in your cluster as custom Kubernetes resources.

For example, the Config Connector resource type named PubSubTopic maps to a Pub/Sub Topic resource. Each Config Connector resource is a Kubernetes Object. This page describes how Config Connector uses those object types.

Additionally, Config Connector allows you to leverage a number of Kubernetes features for managing Google Cloud resources.

Kubernetes Objects and Config Connector resources

Each Config Connector resource is a Kubernetes Object with a Spec and a Status.

Spec
The Spec field contains all the fields that define an object's desired state, with the exception of Labels. The subfields of Spec refer to the associated Google Cloud resource. When you change a subfield, the value of the Google Cloud resource's associated field is eventually consistent with your intended value.
An example of a writable field is databaseVersion in a SQLInstance resource.
Status
The Status field is read-only and contains the current state of your object. Config Connector periodically reads information on your Google Cloud resource and updates the Status.
An example of a read-only Status field is the connectionName of a SQLInstance resource.

Object metadata

Each Config Connector resource includes a standard Kubernetes metadata field with the fields name, namespace, and labels. This section describes these fields.

Names
Creating a Config Connector resource creates a Google Cloud resource with the same name.
Namespace
The namespace you create a Config Connector resource in determines the project that contains the Google Cloud resource. For more on namespaces, see Kubernetes Namespaces and Google Cloud Projects.
Labels
Labels in the metadata field of a Config Connector resource are also added to the associated Google Cloud resource.
In addition, Config Connector adds a system label named managed-by-cnrm with a value of true to your Google Cloud resources.

Using RBAC for Access Control

Kubernetes Role Based Access Control (RBAC) secures your resources. You can control creation of Google Cloud resources by assigning RBAC permissions. For more information, see Securing access to resources.

Events

Important status changes for Config Connector resources are visible as Kubernetes events. For more information, see Viewing events.

Declarative configuration and eventual consistency

With declarative configuration, you define the desired state of the system. The system then works constantly to remain as close as possible to this state. See Declarative management of Kubernetes objects using configuration files for more information.

You can create and update resources in any order, regardless of dependency relationships. GKE moves your declared configuration towards eventual consistency with the desired state.

For example, if you create a PubSubSubscription before the corresponding PubSubTopic, Config Connector waits until the topic is created before creating the associated subscription.

The duration your Config Connector installation remains inconsistent depends on the count and types of resources under management. Changes to a GKE cluster are typically executed in seconds. However, the time to create associated Google Cloud resources can vary based upon the type of resource. For example, a single PubSubTopic takes seconds to create. Google Cloud resources that take longer to create will leave take longer to reach consistency. For example, when creating an SQLInstance and an SQLDatabase, the system is inconsistent for a period of minutes while the database is created.

GKE and Config Connector reconcile each resource with every update or every 10 minutes. When there is an error in reconciling, Config Connector retries every 30 seconds with exponential backoff. You can view any errors in the Events of a given resource.

What's next

이 페이지가 도움이 되었나요? 평가를 부탁드립니다.

다음에 대한 의견 보내기...

Config Connector Documentation