Getting started with Config Connector


This guide shows the basics of Config Connector resource management by teaching you how to:

  • Enable a Google Cloud API.
  • Create and manage a Cloud Storage bucket.

Before you begin

To complete the exercises on this page:

  • Install Config Connector by completing all the steps in Installing with the GKE add-on.

  • Configure Config Connector to use a default project.

  • Config Connector uses the Resource Manager API to enable service APIs. To perform these steps, you need to enable the Resource Manager API. You can enable this API with the following `gcloud` command.
    gcloud services enable cloudresourcemanager.googleapis.com

Discovering available Google Cloud resources

To see what kinds of Google Cloud resources you can create with Config Connector, run:

kubectl get crds --selector cnrm.cloud.google.com/managed-by-kcc=true

The output is a list of all the resources your version of Config Connector can create and manage.

For example, you can view the API description for the StorageBuckets resource with kubectl describe:

kubectl describe crd storagebuckets.storage.cnrm.cloud.google.com

You can also see information on available resources in Config Connector resources.

Enable the Cloud Storage Service

You can use Config Connector to enable the Cloud Storage API by applying a YAML configuration to your cluster.

  1. Copy the following YAML into a file named enable-storage.yaml.

    apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
    kind: Service
    metadata:
      name: storage.googleapis.com
    
  2. Use kubectl apply to apply the configuration to your cluster. To enable the Cloud Storage API, run the following command:

    kubectl --namespace NAMESPACE apply -f enable-storage.yaml

    Replace NAMESPACE with the namespace Config Connector manages resources from.

Creating a Cloud Storage instance

Create a file named storage-bucket.yaml with the following contents:

  apiVersion: storage.cnrm.cloud.google.com/v1beta1
  kind: StorageBucket
  metadata:
    annotations:
      cnrm.cloud.google.com/project-id : PROJECT_ID
    name: BUCKET_NAME
  spec:
    lifecycleRule:
      - action:
          type: Delete
        condition:
          age: 7

Replace the following:

  • PROJECT_ID with your project ID.
  • BUCKET_NAME with the name of your bucket.

When you create a resource, Config Connector creates the resource if it doesn't already exist. If a Google Cloud resource already exists with the same name, then Config Connector acquires the resource and manages it. To learn more about acquiring an existing resource, see Managing and deleting resources.

Use the kubectl apply command to create resources. To create the Cloud Storage bucket, run the following command:

kubectl apply -f storage-bucket.yaml --namespace NAMESPACE

Replace NAMESPACE with the namespace Config Connector manages resources from.

Describing a resource

Use kubectl describe to get details on a resource.

For example, to view all your Cloud Storage buckets, run the following command:

kubectl describe storagebuckets

In this list, you should see the Cloud Storage bucket you created in the previous steps.

Verifying that a resource is ready

After you have created a Cloud Storage bucket, you can check its status.condition. For example, to check if your Cloud Storage bucket resource is ready, run the following command:

kubectl --namespace NAMESPACE wait --for=condition=READY storagebuckets BUCKET_NAME

Replace the following:

  • NAMESPACE with the namespace Config Connector manages resources from.
  • BUCKET_NAME with the name of your bucket.

Updating a resource

You can update metadata on your resources by updating your YAML file and re-applying it with kubectl. To update the metadata on the storage bucket you created earlier:

  1. Modify the metadata section of your storage-bucket.yaml file to add the force-destroy directive and a label with a value.

    apiVersion: storage.cnrm.cloud.google.com/v1beta1
    kind: StorageBucket
    metadata:
      annotations:
        cnrm.cloud.google.com/force-destroy: "true"
        cnrm.cloud.google.com/project-id : PROJECT_ID
      labels:
        label-one: "my_bucket" 
      name: BUCKET_NAME
    spec:
      lifecycleRule:
        - action:
            type: Delete
          condition:
            age: 7
    

    Replace the following:

    • PROJECT_ID with your project ID.
    • BUCKET_NAME with the name of your bucket.
  2. Use kubectl apply to update the resource. Run the following command:

    kubectl apply -f storage-bucket.yaml
  3. Check the Cloud Storage instance for the change in name.

    kubectl describe storagebuckets

    Your bucket should include the new label and annotation:

    ...
    Labels:       label-one=my_bucket
    Annotations:  cnrm.cloud.google.com/force-destroy: true
    ...
    

Deleting a resource

Use kubectl delete to delete resources. For example, to delete the StorageBucket you created earlier, run kubectl delete with your storage-bucket.yaml file:

kubectl delete -f storage-bucket.yaml

You receive confirmation that the resource was deleted.

storage.cnrm.cloud.google.com "BUCKET_NAME" deleted

By default, Config Connector deletes the StorageBucket resource. If you prefer to keep this resource, see the instructions in Managing and deleting resources.

What's next