Importing and exporting existing Google Cloud resources by name
This page describes the config-connector export command and how to use it to
export Google Cloud resources into Config Connector YAML files
which you can subsequently import into Config Connector.
With config-connector export you can export an existing Google Cloud
resource. When you pass a
resource's full name
to config-connector export, config-connector generates a YAML manifest that
you can import into Config Connector.
If the Google Cloud resource that you want to import into Config Connector already exists with the same name, then Config Connector takes control of the resource and manages it with the YAML that you provide. Config Connector doesn't throw an error in this situation unless the provided YAML contains changes to immutable fields or has other issues in the configuration.
Before you begin
Before you begin,
install the config-connector tool.
Exporting example
In this example, you create a PubSubTopic with the Google Cloud CLI and then import it into Config Connector.
Create a topic named
sample-topic:gcloud pubsub topics create sample-topicYou receive confirmation that the topic has been created.
Created topic [projects/PROJECT_ID/topics/sample-topic].In the output,
PROJECT_IDis replaced with your Google Cloud project.Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:
TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")To identify a resource,
config-connector exportuses the full resource name. Save the resource name of the topic into an environment variable with the following command:TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"Export the topic with
config-connector exportby running the following command:config-connector export ${TOPIC_RESOURCE_NAME}The output is a Config Connector resource in YAML format.
--- apiVersion: pubsub.cnrm.cloud.google.com/v1beta1 kind: PubSubTopic metadata: annotations: cnrm.cloud.google.com/project-id: PROJECT_ID name: sample-topic ...In the output,
PROJECT_IDis replaced with your Google Cloud project.You can pass this resource into Config Connector with
kubectl apply -f -. To pass the resource directly, run the following command:config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f - --namespace CC_NAMESPACEReplace
CC_NAMESPACEwith the namespace that Config Connector manages resources from.Config Connector acquires the resource.
Confirm that Config Connector is managing the resource with
kubectl describe:kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACEReplace
CC_NAMESPACEwith the namespace that Config Connector manages resources from.
Supported resources
You can print the list of resources for the config-connector tool along with resource name formats by running the following command:
config-connector print-resourcesCommand-line options
The config-connector export command has the following options:
config-connector export RESOURCE_NAME \
--output FILENAME \
--oauth2-token TOKEN \
--iam-format [policy | policymember | none] \
--filter-deleted-iam-members [true | false] \
--verbose
--output: An optional output file path that disables standard output. When a file, the result contains all the command output; when a directory, the directory contains a new file for each resource in the output.--oauth2-token: An OAUTH2 token as the Google Cloud identity. By default,config-connectoruses the Google Cloud CLI default credentials.--iam-format: Specifies the kind of IAM resources output with your export. Options arepolicy(default),policymember, ornone.--filter-deleted-iam-members: Specifies whether to filter out deleted IAM principals. Options aretrueorfalse. The default value isfalse.--verbose: Enables verbose logging.
What's next
- Read about how Config Connector acquires existing Google Cloud resources.
- Learn about the resources that Config Connector supports.