This page describes the config-connector export
command and how to use it to
export Google Cloud resources into Config Connector YAML files
which you can subsequently import into Config Connector.
With config-connector export
you can export an existing Google Cloud
resource. When you pass a
resource's full name
to config-connector export
, config-connector
generates a YAML manifest that
you can import into Config Connector.
Before you begin
Before you begin,
install the config-connector
tool.
Exporting example
In this example, you create a PubSubTopic with the gcloud
command-line tool and then
import it into Config Connector.
Create a topic named
sample-topic
:gcloud pubsub topics create sample-topic
You receive confirmation that the topic has been created.
Created topic [projects/PROJECT_ID/topics/sample-topic].
In the output,
PROJECT_ID
is replaced with your Google Cloud project.Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:
TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")
To identify a resource,
config-connector export
uses the full resource name. Save the resource name of the topic into an environment variable with the following command:TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"
Export the topic with
config-connector export
by running the following command:config-connector export ${TOPIC_RESOURCE_NAME}
The output is a Config Connector resource in YAML format.
--- apiVersion: pubsub.cnrm.cloud.google.com/v1beta1 kind: PubSubTopic metadata: annotations: cnrm.cloud.google.com/project-id: PROJECT_ID name: sample-topic ...
In the output,
PROJECT_ID
is replaced with your Google Cloud project.You can pass this resource into Config Connector with
kubectl apply -f -
. To pass the resource directly, run the following command:config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f - --namespace CC_NAMESPACE
Replace
CC_NAMESPACE
with the namespace that Config Connector manages resources from.Config Connector acquires the resource.
Confirm that Config Connector is managing the resource with
kubectl describe
:kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACE
Replace
CC_NAMESPACE
with the namespace that Config Connector manages resources from.
Command-line options
The config-connector export
command has the following options:
config-connector export RESOURCE_NAME \
--output FILENAME \
--oauth2-token TOKEN \
--iam-format [policy | policymember | none] \
--verbose
--output
: An optional output file path that disables standard output. When a file, the result contains all the command output; when a directory, the directory contains a new file for each resource in the output.--oauth2-token
: An OAUTH2 token as the Google Cloud identity. By default,config-connector
uses the Cloud SDK default credentials.--iam-format
: Specifies the kind of IAM resources output with your export. Options arepolicy
(default),policymember
, ornone
.--verbose
: Enables verbose logging.
What's next
- Read about how Config Connector acquires existing Google Cloud resources