Organization-scoped resources

Config Connector can manage your resources at the project, folder, or organization level. In order for Config Connector to determine where to create your resources, it checks for an annotation is on your resource. If there is no annotation applied to the resource, Config Connector will check to see if the namespace has a targeted-scope annotation.

Annotate namespace configuration

To set a default organization ID for newly created resources, annotate your namespace. Make sure that none of the resources have this annotation explicitly set in its configuration. To annotate the namespace using command line, run the following command:

kubectl annotate namespace NAMESPACE_NAME cnrm.cloud.google.com/organization-id=ORGANIZATION_ID

Replace the following:

  • NAMESPACE_NAME: your namespace name
  • ORGANIZATION_ID: your Google Cloud organization ID

Alternatively, you can apply a YAML manifest describing containing the annotation. Copy the YAML below into a file:

apiVersion: v1
kind: Namespace
metadata:
  annotations:
    cnrm.cloud.google.com/organization-id: ORGANIZATION_ID
  name: NAMESPACE_NAME

Replace the following:

  • ORGANIZATION_ID: your Google Cloud organization ID
  • NAMESPACE_NAME: your namespace name

After you have created the file, apply it to your cluster.

Annotate resource configuration

To explicitly set the organization ID at the resource-level, add this annotation directly to the resource configuration:

...
metadata:
  annotations:
    cnrm.cloud.google.com/organization-id: ORGANIZATION_ID
...

Here is an example of what a resource's YAML will look like with this annotation in it

apiVersion: foo.cnrm.cloud.google.com/v1beta1
kind: FooBar
metadata:
  annotations:
    cnrm.cloud.google.com/organization-id: ORGANIZATION_ID
  name: foobarname