Organization-scoped resources

Config Connector can manage your resources at the project, folder, or organization level. In order for Config Connector to determine where to create your resources, it checks for an annotation is on your resource. If there is no annotation applied to the resource, Config Connector will check to see if the namespace has a targeted-scope annotation.

Annotate namespace configuration

To set a default organization ID for newly created resources, annotate your namespace. Make sure that none of the resources have this annotation explicitly set in its configuration. To annotate the namespace via command line, run the following command, replacing [NAMESPACE_NAME] with your Namespace name and [ORGANIZATION_ID] with your Google Cloud organization ID:

kubectl annotate namespace [NAMESPACE_NAME] cnrm.cloud.google.com/organization-id=[ORGANIZATION_ID]

Alternatively, you can apply a YAML manifest describing containing the annotation. Copy the YAML below into a file and edit the values of [ORGANIZATION_ID] and [NAMESPACE_NAME], then apply the file to your cluster.

apiVersion: v1
kind: Namespace
metadata:
  annotations:
    cnrm.cloud.google.com/organization-id: [ORGANIZATION_ID]
  name: [NAMESPACE_NAME]

Annotate resource configuration

To explicitly set the organization ID at the resource-level, add this annotation directly to the resource configuration:

...
metadata:
  annotations:
    cnrm.cloud.google.com/organization-id: [ORGANIZATION_ID]
...

Here is an example of what a resource's YAML will look like with this annotation in it

apiVersion: foo.cnrm.cloud.google.com/v1beta1
kind: FooBar
metadata:
  annotations:
    cnrm.cloud.google.com/organization-id: [ORGANIZATION_ID]
  name: foobarname