Importing and exporting existing Google Cloud resources by name

This page describes the config-connector export command and how to use it to export Google Cloud resources into Config Connector YAML files which you can subsequently import into Config Connector.

With config-connector export you can export an existing Google Cloud resource. When you pass a resource's full name to config-connector export, config-connector generates a YAML manifest that you can import into Config Connector.

Before you begin

Before you begin, install the config-connector tool.

Exporting example

In this example, you create a PubSubTopic with the gcloud command-line tool and then import it into Config Connector.

  1. Create a topic named sample-topic:

    gcloud pubsub topics create sample-topic
    

    You receive confirmation that the topic has been created.

    Created topic [projects/PROJECT_ID/topics/sample-topic].
    

    In the output, PROJECT_ID is replaced with your Google Cloud project.

  2. Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:

    TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")
    
  3. To identify a resource, config-connector export uses the full resource name. Save the resource name of the topic into an environment variable with the following command:

    TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"
    
  4. Export the topic with config-connector export by running the following command:

    config-connector export ${TOPIC_RESOURCE_NAME}
    

    The output is a Config Connector resource in YAML format.

    ---
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    metadata:
      annotations:
        cnrm.cloud.google.com/project-id: PROJECT_ID
      name: sample-topic
    ...
    

    In the output, PROJECT_ID is replaced with your Google Cloud project.

  5. You can pass this resource into Config Connector with kubectl apply -f -. To pass the resource directly, run the following command:

    config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f -  --namespace CC_NAMESPACE
    

    Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

    Config Connector acquires the resource.

  6. Confirm that Config Connector is managing the resource with kubectl describe:

    kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACE
    

    Replace CC_NAMESPACE with the namespace that Config Connector manages resources from.

Command-line options

The config-connector export command has the following options:

config-connector export RESOURCE_NAME \
    --output FILENAME \
    --oauth2-token TOKEN \
    --iam-format [policy | policymember | none] \
    --filter-deleted-iam-members [true | false] \
    --verbose
  • --output: An optional output file path that disables standard output. When a file, the result contains all the command output; when a directory, the directory contains a new file for each resource in the output.
  • --oauth2-token: An OAUTH2 token as the Google Cloud identity. By default, config-connector uses the Cloud SDK default credentials.
  • --iam-format: Specifies the kind of IAM resources output with your export. Options are policy (default), policymember, or none.
  • --filter-deleted-iam-members: Specifies whether to filter out deleted IAM principals. Options are true or false. The default value is false.
  • --verbose: Enables verbose logging.

What's next