Importing and exporting existing Google Cloud resources by name

This topic describes the config-connector export command and how to use it to export Google Cloud resources into Config Connector YAML files which you can subsequently import into Config Connector.

Overview

With config-connector export you can export an existing Google Cloud resource. When you pass a resource's full name to config-connector export, config-connector generates a YAML manifest that you can import into Config Connector.

Before you begin

  1. Install config-connector

Quick Start

In this quick start guide, you create a PubSubTopic with gcloud and then import it into Config Connector.

  1. Create a topic named sample-topic with gcloud:

    gcloud pubsub topics create sample-topic
    

    You receive confirmation that the topic has been created.

    Created topic [projects/project-id/topics/sample-topic].
    

    In the output, project-id will be replaced with your Google Cloud project.

  2. Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:

    TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")
    
  3. To identify a resource, config-connector export uses the full resource name. Save the resource name of the topic into an environment variable with the following command:

    TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"
    
  4. Export the topic with config-connector export by running the following command:

    config-connector export ${TOPIC_RESOURCE_NAME}
    

    The output is a Config Connector resource in YAML format.

    ---
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    metadata:
      annotations:
        cnrm.cloud.google.com/project-id: project_id
      name: sample-topic
    ...
    

    In the output, project-id will be replaced with your with your Google Cloud project.

  5. You can pass this resource into Config Connector with kubectl apply -f -. To pass the resource directly, run the following command:

    config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f -  --namespace CC_NAMESPACE
    

    Replace CC_NAMESPACE with the namespace Config Connector manages resources from.

    Config Connector acquires the resource.

  6. Confirm that Config Connector is managing the resource with kubectl describe

    kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACE
    

    Replace CC_NAMESPACE with the namespace Config Connector manages resources from.

Command line options

The config-connector export command has the following options:

config-connector [--output FILENAME] [--oauth2-token TOKEN]
    [--iam-format policy | policymember | none] --verbose
  • --iam-format: Specifies the kind of IAM resources output with your export. Options are policy (default), policymember, or none.
  • --output: an optional output file path, disables standard output, when a file the result will contain all of the command output, when a directory, the directory will contain a new file for each resource in the output.
  • --oauth2-token: An OAUTH2 token as the Google Cloud identity. By default, config-connector uses the Cloud SDK default credentials.
  • --verbose: Enable verbose logging.

What's next