Project-scoped resources

Config Connector can manage your resources at the project, folder, or organization level. In order for Config Connector to determine where to create your resources, it checks for an annotation on your resource. If there is no annotation applied to the resource, Config Connector checks to see if the namespace has a targeted-scope annotation.

Annotate namespace configuration

To set a default project ID for newly created resources, annotate your namespace. Make sure that none of the resources have this annotation explicitly set in its configuration. To annotate the namespace using command line, run the following command:

kubectl annotate namespace NAMESPACE_NAME cnrm.cloud.google.com/project-id=PROJECT_ID

Replace the following:

  • NAMESPACE_NAME: your namespace name
  • PROJECT_ID: your Google Cloud project ID

Alternatively, you can apply a YAML manifest describing containing the annotation. Copy the YAML below into a file:

apiVersion: v1
kind: Namespace
metadata:
  annotations:
    cnrm.cloud.google.com/project-id: PROJECT_ID
  name: NAMESPACE_NAME

Replace the following:

  • PROJECT_ID: your Google Cloud project ID
  • NAMESPACE_NAME: your namespace name

After you have created the file, apply it to your cluster.

Annotate resource configuration

To explicitly set the project ID at the resource-level, add this annotation directly to the resource configuration:

...
metadata:
  annotations:
    cnrm.cloud.google.com/project-id: PROJECT_ID
...

Here is an example of what a FooBar resource's YAML looks like with this annotation in it

apiVersion: foo.cnrm.cloud.google.com/v1beta1
kind: FooBar
metadata:
  annotations:
    cnrm.cloud.google.com/project-id: PROJECT_ID
  name: foobarname

Using the namespace name as the project ID

If neither the resource nor the namespace specifies a project ID, then Config Connector uses the namespace's name as the project ID.