Creating resource references

A resource can reference other resources. These references can be dependencies, for example, a firewall rule cannot exist without a network, or they can link independent resources together, for example, a Project can be associated with a Billing Account. Config Connector defines these relationships through resource references. This topic explains how to create resources with references.

Specifying resource references

You specify resource references in the resource's spec. The field's name is the resource's short name followed by Ref. For example:

  • The reference to a PubSubTopic named topic is topicRef.
  • The reference to a StorageBucket named bucket is bucketRef.

The reference is an object with a single field (name). The resource in resourceRef is replaced with the reference's name.

The YAML below describes a Pub/Sub PubSubSubscription that references a PubSubTopic named myTopic.

apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: pubsubsubscription-referencing-topic
spec:
  topicRef:
    name: myTopic

Pub/Sub Example

Create a PubSubTopic

In this example, you create a PubSubSubscription that depends on a PubSubTopic.

  1. Copy the following into a file named pubsub-topic.yaml, replacing [TOPIC_NAME] with your desired PubSubTopic name:
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
  name: [TOPIC_NAME]

For example, the YAML to create a topic named myTopic is:

apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubTopic
metadata:
  name: myTopic
  1. Create the PubSubTopic with the apply command, replacing [NAMESPACE_NAME] with your Namespace:
kubectl --namespace [NAMESPACE_NAME] apply -f pubsub-topic.yaml

Create a PubSubSubscription

  1. Copy the following into a file named pubsub-subscription.yaml, replacing [TOPIC_NAME] with the PubSubTopic name you used in step 1:
apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: pubsubsubscription-referencing-topic
spec:
  topicRef:
    name: [TOPIC_NAME]

For example, the YAML referencing the topic myTopic you created earlier is:

apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
kind: PubSubSubscription
metadata:
  name: pubsubsubscription-referencing-topic
spec:
  topicRef:
    name: myTopic
  1. Create the PubSubSubscription with kubectl apply, replacing [NAMESPACE_NAME] with the same Namespace name you used in step 2:
kubectl --namespace [NAMESPACE_NAME] apply -f pubsub-subscription.yaml 

External references

Config Connector can reference resources that it does not manage. These are known as External References. For example, the ComputeURLMap below references a BackendService named test-backendservice.

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeURLMap
metadata:
  name: test-urlmap
spec:
  location: global
  defaultService:
    backendServiceRef:
      external: https://www.googleapis.com/compute/v1/projects/[PROJECT_ID]/global/backendServices/test-backendservice

The format of values accepted by external depends on the resource. Consult the documentation for particular resources in the Resource reference. You can find out what values external accepts by reading the descriptions of the resource's external fields.

External references for IAMPolicy and IAMPolicyMember

IAMPolicy and IAMPolicyMember also supports External References. For example, the IAMPolicyMember below references a Project with the project ID test-project.

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: test-iampolicymember
spec:
  member: serviceAccount:test-serviceaccount@test-project.iam.gserviceaccount.com
  role: roles/storage.admin
  resourceRef:
    apiVersion: resourcemanager.cnrm.cloud.google.com/v1beta1
    kind: Project
    external: projects/test-project

Consult the documentation for the resource you wish to reference in the Resource reference. You can find out what format external accepts by looking for the "IAM External Reference Format" property of that resource.

What's next?

Review the Resource reference to learn about the resources Config Connector supports.

See how you can use a resource reference to a Secret in your Config Connector cluster.