Importing and exporting existing Google Cloud resources by name
This page describes the config-connector export
command and how to use it to
export Google Cloud resources into Config Connector YAML files
which you can subsequently import into Config Connector.
With config-connector export
you can export an existing Google Cloud
resource. When you pass a
resource's full name
to config-connector export
, config-connector
generates a YAML manifest that
you can import into Config Connector.
If the Google Cloud resource that you want to import into Config Connector already exists with the same name, then Config Connector takes control of the resource and manages it with the YAML that you provide. Config Connector doesn't throw an error in this situation unless the provided YAML contains changes to immutable fields or has other issues in the configuration.
Before you begin
Before you begin,
install the config-connector
tool.
Exporting example
In this example, you create a PubSubTopic with the Google Cloud CLI and then import it into Config Connector.
Create a topic named
sample-topic
:gcloud pubsub topics create sample-topic
You receive confirmation that the topic has been created.
Created topic [projects/PROJECT_ID/topics/sample-topic].
In the output,
PROJECT_ID
is replaced with your Google Cloud project.Get the topic's Google Cloud resource ID and save it into an environment variable with the following command:
TOPIC_RESOURCE_ID=$(gcloud pubsub topics describe sample-topic --format "value(name)")
To identify a resource,
config-connector export
uses the full resource name. Save the resource name of the topic into an environment variable with the following command:TOPIC_RESOURCE_NAME="//pubsub.googleapis.com/${TOPIC_RESOURCE_ID}"
Export the topic with
config-connector export
by running the following command:config-connector export ${TOPIC_RESOURCE_NAME}
The output is a Config Connector resource in YAML format.
--- apiVersion: pubsub.cnrm.cloud.google.com/v1beta1 kind: PubSubTopic metadata: annotations: cnrm.cloud.google.com/project-id: PROJECT_ID name: sample-topic ...
In the output,
PROJECT_ID
is replaced with your Google Cloud project.You can pass this resource into Config Connector with
kubectl apply -f -
. To pass the resource directly, run the following command:config-connector export ${TOPIC_RESOURCE_NAME} | kubectl apply -f - --namespace CC_NAMESPACE
Replace
CC_NAMESPACE
with the namespace that Config Connector manages resources from.Config Connector acquires the resource.
Confirm that Config Connector is managing the resource with
kubectl describe
:kubectl describe pubsubtopic sample-topic --namespace CC_NAMESPACE
Replace
CC_NAMESPACE
with the namespace that Config Connector manages resources from.
Supported resources
You can print the list of resources for the config-connector
tool along with resource name formats by running the following command:
config-connector print-resources
Command-line options
The config-connector export
command has the following options:
config-connector export RESOURCE_NAME \
--output FILENAME \
--oauth2-token TOKEN \
--iam-format [policy | policymember | none] \
--filter-deleted-iam-members [true | false] \
--verbose
--output
: An optional output file path that disables standard output. When a file, the result contains all the command output; when a directory, the directory contains a new file for each resource in the output.--oauth2-token
: An OAUTH2 token as the Google Cloud identity. By default,config-connector
uses the Google Cloud CLI default credentials.--iam-format
: Specifies the kind of IAM resources output with your export. Options arepolicy
(default),policymember
, ornone
.--filter-deleted-iam-members
: Specifies whether to filter out deleted IAM principals. Options aretrue
orfalse
. The default value isfalse
.--verbose
: Enables verbose logging.
What's next
- Read about how Config Connector acquires existing Google Cloud resources.
- Learn about the resources that Config Connector supports.