Config Connector release notes

This page documents production updates to Config Connector. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly.

October 16, 2024

Config Connector version 1.124.0 is now available.

The direct resource development guide is now available for contributors

To improve the Config Connector resource development process, we have a new development guide to contributing resources to Config Connector with the direct reconciliation process. This new approach makes contributing more reliable and consistent with Kubernetes development practices. For more information, read the new Direct resource development guide.

RedisCluster is promoted from alpha to beta (Direct Reconciler).

CertificateManagerDNSAuthorization

Add the spec.Location field.

ComputeForwardingRule

Added spec.target.googleApisBundle field (allowed values are all-apis or vpc-sc). Note, when configuring this field, the resource will use direct reconciliation.

CertificateManagerDNSAuthorization is migrated from the Terraform-based to the new Direct controller to enhance reliability and performance. The resource CRD is unchanged.

New Alpha Resources (Direct Reconciler)

PrivilegedAccessManagerEntitlement
BigQueryAnalyticsHubDataExchange

September 23, 2024

Config Connector version 1.123.1 is now available.

Starting from this version, all new CustomResources (CRs) have the cnrm.cloud.google.com/state-into-spec annotation field default to absent. For more information about this behavior, see the spec fields documentation. The behavior of existing CRs is not impacted by this change.

You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on DataflowFlexTemplateJob resource to opt-in the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.

If you use the CloudIdentityGroup, CloudBuildTrigger and FirestoreIndex resources, do not use version 1.123.0, as it contains regression issues for these resources due to the state-into-spec setting.

BigQueryDataTransferConfig (v1alpha1) now uses direct reconciliation.

BigQueryConnectionConnection (v1alpha1) now uses direct reconciliation.

DataformRepository is promoted from alpha to beta.

Added FirestoreDatabase (v1alpha1). This uses direct reconciliation.

Config Connector switches between the Direct and TF-based reconcilers depending on the SQLInstances objects' use of the spec.cloneSource field

September 11, 2024

Config Connector version 1.122.0 is now available.

The state-into-spec field now defaults to Absent in all Config Controller clusters.

RedisCluster (Alpha) now uses direct reconciliation.

SQLInstance now uses direct reconciliation.

Added RedisCluster (Alpha) resource for service Redis.

ContainerCluster

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

ContainerNodePool

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

SQLInstance

Add the spec.cloneSource field to clone a SQLInstance.

RunJob

Add the spec.template.template.volumes[].cloudSqlInstance field to configure Cloud SQL instance.

August 05, 2024

Config Connector version 1.121.0 is now available.

The state-into-spec field now defaults to Absent in any new Config Controller clusters.

Starting in version 1.122, this will be the default for all Config Controller clusters.

Starting in version 1.123, this will be the default for all Config Connector clusters.

DataformRepository (Alpha) now uses direct reconciliation.

BigtableInstance

When autoscaling is enabled (spec.cluster[].autoscalingConfig.), does not use numNodes (spec.cluster[].numNodes=2) as that applies only to manual scaling.

BigQueryConnection

Added status.observedState field to store the output-only fields which are previously mistakenly defined in spec.

BigQueryTable

Added spec.requirePartitionFilter field. This release note was added on August 20.

July 09, 2024

Config Connector version 1.120.1 is now available.

IAM configuration can now be applied to PrivateCACAPool.

You can configure the ConfigConnector operator to roll back to install the v1.119.0 controllers by specifying spec.version: 1.119.0 in the ConfigConnectorContext CR (namespaced mode).

CloudBuildWorkerPool is promoted from alpha to beta.

CloudIDSEndpoint is promoted from alpha to beta.

ComputeMangedSSLCertificate is promoted from alpha to beta.

AlloyDBInstance

Added networkConfig field to support Public-IP feature.

MonitoringAlertPolicy

Added spec.severity field.

MonitoringDashboard

Added dashboardFilters support.
Added alertChart widgets.
Added collapsibleGroup widgets.
Added pieChart widgets.
Added sectionHeader widgets.
Added singleViewGroup widgets.
Added timeSeriesTable widgets.
Added blankView to scorecard widgets.
Added dataSets.targetAxis and y2Axis fields to xyChart widgets.
Added id field to all widgets.
Added prometheusQuery and outputFullDuration to timeSeriesQuery.
Added style fields to text widgets.
Added targetAxis field to thresholds.

StorageBucket

Added spec.softDeletePolicy field.
Added status.observedState.softDeletePolicy field.

June 18, 2024

Config Connector version 1.119.0 is now available.

Added options to customize resource reconciliation for ConfigConnector

Added a new ControllerReconciler CRD (v1alpha1). See example.
This feature lets you customize the client-side kube-apiserver request rate limit.

The Direct Controller is now the default reconciler

Initialize the Direct Controller registration
Set the default reconciler to Direct Controller if the ConfigConnector CRD does not have cnrm.cloud.google.com/tf2crd: "true" or cnrm.cloud.google.com/dcl2crd: "true" label.

Added CloudBuildWorkerPool (v1alpha1) resource for service cloudbuild

Added MonitoringDashboard (v1beta1) resource for service monitoring

Added ComputeServiceAttachment (v1beta1) resource for service compute

Added ComputeServiceAttachment as dependency of ComputeForwardingRule through spec.target.serviceAttachmentRef.

Added three output-only fields for ContainerCluster

Added status.observedState.masterAuth.clusterCaCertificate
Added status.observedState.privateClusterConfig.privateEndpoint
Added status.observedState.privateClusterConfig.publicEndpoint

June 04, 2024

Config Connector version 1.118.2 is now available.

LoggingLogMetric

Change .spec.projectRef.kind from required to be optional.
If this field is given, it has to be .spec.projectRef.kind: Project.

May 16, 2024

Config Connector version 1.118.1 is now available.

This release introduces the direct-reconciliation mechanism to reconcile Config Connector resources. The reconciliation makes API calls directly instead of going through a third-party library. Currently it only applies to LoggingLogMetric.

LoggingLogMetric now uses direct reconciliation.

Added support for ComputeNetworkFirewallPolicyRule resource (v1alpha1).

LoggingLogMetric

Added spec.loggingLogBucketRef field to support bucket reference.

SQLInstance avoids a bug causing repeated reconciliation when spec.settings.edition was configured with a non-empty value.

May 13, 2024

Config Connector version 1.117.0 is now available.

This release improves our support for VertexAI.

VertexAIDataSet is promoted from alpha to beta.

Output fields are now in status.observedState.
The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef

VertexAIIndex is promoted from alpha to beta.

Output fields are now in status.observedState.
Note that isCompleteOverwrite is currently not supported: it is not obviously compatible with declarative operation.

VertexAIEndpoint is promoted from alpha to beta.

Output fields are now in status.observedState.
The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef
The network is now specified using a reference: spec.networkRef

ComputeNetwork

The spec.enableUlaInternalIpv6 field is no longer immutable - it can now be changed without recreating the network.

April 17, 2024

Config Connector version 1.116.0 is now available.

An error treats merge as invalid value in cnrm.cloud.google.com/state-into-spec annotation in IAMPolicy, IAMPartialPolicy, IAMPolicyMember, and IAMAuditConfig resources. Upgrading Config Connector to 1.117 or newer versions can fix the issue.

This release includes enhanced support for DNSRecordSet, enabling advanced configurations such as geo-routing, primary/backup, and weighted round-robin load-balancing.

ContainerCluster

Added spec.nodeConfig.linuxNodeConfig.cgroupMode field.

ContainerNodePool

Added spec.nodeConfig.linuxNodeConfig.cgroupMode field.

DNSRecordSet

Added spec.routingPolicy.geo.healthCheckedTargets field.
Added spec.routingPolicy.primaryBackup field.
Added spec.routingPolicy.wrr field.

EventArcTrigger

Added spec.destination.httpEndpoint field.
Added spec.destination.networkConfig field.

LoggingLogBucket

Added spec.enableAnalytics field.

April 03, 2024

Config Connector version 1.115.0 is now available.

Improved support for AlloyDB, by adding new fields to AlloyDBCluster and AlloyDBInstance.

AlloyDBCluster

Added spec.clusterType field.
Added spec.deletionPolicy field.
Added spec.secondaryConfig field.

AlloyDBInstance

Added spec.instanceTypeRef field.

March 28, 2024

Config Connector version 1.114.1 is now available.

SQLInstance and ComputeBackendService now have additional safeguards against populating plain-text secrets back into the object.

Fixed resource deletion of AlloyDBInstance and EdgeContainerNodePool when their "parent objects" no longer exist.

Initial support (alpha stability) for pausing reconciliation, by setting spec.actuationMode: Paused in the ConfigConnectorContext.

Initial support (alpha stability) for defaulting state-into-spec to absent (the recommended setting), by setting spec.stateIntoSpec: Absent in the ConfigConnectorContext.

AccessContextManagerServicePerimeterResource is promoted from alpha to beta

Added support for ComputeNetworkFirewallPolicyAssociation (v1beta1) resource.

Added support for APIKeysKey (v1alpha1) resource.

BigQueryDataSet

Added access[].iamMember field.

ComputeAddress

Added status.observedState.address field.

ComputeTargetHttpsProxy

Added spec.certificateManagerCertificates field.

DNSRecordSet

Added spec.routingPolicy field.

GKEHubFeatureMembership

Added spec.policycontroller field.

February 14, 2024

Config Connector version 1.113.0 is now available.

Initial support for status.observedState in ContainerCluster, ContainerNodePool and RedisInstance.

To encourage use of cnrm.cloud.google.com/state-into-spec: absent, you can now use status.observedState in ContainerCluster, ContainerNodePool and RedisInstance. Some important resource information (such as the certificate for connecting to a GKE cluster) is currently only available in spec, and we recommend instead reading this resource information from observedState if available. More fields may be added to observedStatein the future.

Added support for ComputeNetworkFirewallPolicy (v1beta1) resource.

Added support for TagsLocationTagBinding (v1alpha1) resource.

Resource RunJob (CloudRun Job):

Added spec.template.vpcAccess.connectorRef field.

December 06, 2023

Config Connector version 1.112.0 is now available.

Added support for AlloyDBUser (v1beta1) resource.

Added support for EdgeContainerCluster (v1beta1) and EdgeContainerNodePool (v1beta1) resources.

Added support for EdgeNetworkNetwork (v1beta1) and EdgeNetworkSubnet (v1beta1) resources.

Resource BigtableAppProfile(v1beta1):

Added spec.standardIsolation field.

Fixed the SecretKeyRef in the Go client. (Issue #598.)

October 27, 2023

Config Connector version 1.111.0 is now available.

Added support for ContainerAttachedCluster (v1beta1) resource.

Added support for AlloyDBCluster (v1beta1) resource.

Added support for AlloyDBInstance (v1beta1) resource.

Added support for AlloyDBBackup (v1beta1) resource.

Added name validation for ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization CRDs.

Added validation for duplicate webhooks in spec.webhooks list of the customizable ControllerResource and NamespacedControllerResource CRDs.

Added errors on invalid webhook names into status of ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization custom resources.

Fixed an reconciliation issue in ComputeManagedSSLCert resource. Issue #107.

Fixed issue of the retrieved maxWorkers in DataflowFlexTemplateJob resource.

Graduated ValidatingWebhookConfigurationCustomization, MutatingWebhookConfigurationCustomization, ControllerResource and NamespacedControllerResource CRDs to v1beta1.

Fixed an issue in ComputeForwardingRule resource when used with PSC. Issue #763.

Resource AlloyDBCluster(v1beta1):

Added spec.networkConfig field.

Resource ComputeSubnetwork(v1beta1):

Added status.internalIpv6Prefix field.

Resource ComputeTargetHTTPSProxy(v1beta1):

Added spec.serverTlsPolicyRef field.

Resource ContainerCluster(v1beta1):

Added spec.nodeConfig.fastSocket field.

Resource ContainerNodePool(v1beta1):

Added spec.nodeConfig.fastSocket field.

Resource NetworkConnectivitySpoke(v1beta1):

Added spec.linkedVPCNetwork field.

Resource RunJob(v1beta1):

Added spec.template.template.vpcAccess.networkInterfaces field.

Resource RunService(v1beta1):

Added spec.template.vpcAccess.networkInterfaces field.

Resource SecretManagerSecretVersion(v1beta1):

Added spec.isSecretDataBase64 field.

September 29, 2023

Config Connector version 1.110.0 is now available.

Added MutatingWebhookConfigurationCustomization and ValidatingWebhookConfigurationCustomization to support the customization on webhook timeouts.

Added value validation for resource requests and limits in the customizable ControllerResource and NamespacedControllerResource CRDs.

Promoted CertificateManagerCertificate, CertificateManagerCertificateMap, CertificateManagerCertificateMapEntry and CertificateManagerDNSAuthorization from v1alpha1 to v1beta1.

Promoted RunService from alpha stability to stable stability.

Renamed field spec.template.containerConcurrency to spec.template.maxInstanceRequestConcurrency.
Fixed the IAM support by removing the support of "IAM conditions" on this resource.
Removed field status.resourceGeneration.

Resource BigQueryTable(v1beta1):

Added spec.tableConstraints field.
Added spec.materializedView.allowNonIncrementalDefinition field.

Resource ComputeInstance(v1beta1):

Added spec.networkInterface.items.internalIpv6PrefixLength field.
Added spec.networkInterface.items.ipv6Address field.

Resource ComputeInstanceTemplate(v1beta1):

Added spec.networkInterface.items.internalIpv6PrefixLength field.
Added spec.networkInterface.items.ipv6Address field.

Resource ContainerCluster(v1beta1):

Added spec.enableFqdnNetworkPolicy field.
Added spec.nodeConfig.confidentialNodes field.

Resource ContainerNodePool(v1beta1):

Added spec.nodeConfig.confidentialNodes field.

Resource DialogflowCXFlow(v1alpha1):

Added spec.eventHandlers.items.triggerFulfillment.conditionalCases field.
Added spec.eventHandlers.items.triggerFulfillment.setParameterActions field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.channel field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.conversationSuccess field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.liveAgentHandoff field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.outputAudioText field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.payload field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.playAudio field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.telephonyTransferCall field.
Added spec.transitionRoutes.items.triggerFulfillment.conditionalCases field.
Added spec.transitionRoutes.items.triggerFulfillment.setParameterActions field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.channel field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.conversationSuccess field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.liveAgentHandoff field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.outputAudioText field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.payload field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.playAudio field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.telephonyTransferCall field.

Resource DialogflowCXPage(v1alpha1):

Added spec.entryFulfillment.conditionalCases field.
Added spec.entryFulfillment.setParameterActions field.
Added spec.entryFulfillment.messages.items.channel field.
Added spec.entryFulfillment.messages.items.conversationSuccess field.
Added spec.entryFulfillment.messages.items.liveAgentHandoff field.
Added spec.entryFulfillment.messages.items.outputAudioText field.
Added spec.entryFulfillment.messages.items.payload field.
Added spec.entryFulfillment.messages.items.playAudio field.
Added spec.entryFulfillment.messages.items.telephonyTransferCall field.
Added spec.eventHandlers.items.triggerFulfillment.conditionalCases field.
Added spec.eventHandlers.items.triggerFulfillment.setParameterActions field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.channel field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.conversationSuccess field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.liveAgentHandoff field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.outputAudioText field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.payload field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.playAudio field.
Added spec.eventHandlers.items.triggerFulfillment.messages.items.telephonyTransferCall field.
Added spec.form.parameters.items.defaultValue field.
Added spec.form.parameters.items.fillBehavior.repromptEventHandlers field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.conditionalCases field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.setParameterActions field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.channel field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.conversationSuccess field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.liveAgentHandoff field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.outputAudioText field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.payload field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.playAudio field.
Added spec.form.parameters.items.fillBehavior.initialPromptFulfillment.messages.items.telephonyTransferCall field.
Added spec.transitionRoutes.items.triggerFulfillment.conditionalCases field.
Added spec.transitionRoutes.items.triggerFulfillment.setParameterActions field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.channel field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.conversationSuccess field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.liveAgentHandoff field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.outputAudioText field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.payload field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.playAudio field.
Added spec.transitionRoutes.items.triggerFulfillment.messages.items.telephonyTransferCall field.

Resource RunJob(v1beta1):

spec.template.template.volumes[].secret.items[].mode is now optional.

Resource SecretManagerSecret(v1beta1):

Added spec.replication.auto field.

Resource SecretManagerSecretVersion(v1beta1):

Added spec.deletionPolicy field.

Resource StorageBucket(v1beta1):

spec.autoclass.enabled is now mutable.

Resource VertexAIIndexEndpoint(v1alpha1):

Added spec.publicEndpointEnabled field.
Added status.publicEndpointDomainName field.

September 06, 2023

Config Connector version 1.109.0 is now available.

Added name validation for the customizable ControllerResource CRDs.

Field spec.containers is no longer required in the customizable ControllerResource CRDs.

Added support for CloudIOTDeviceRegistry (v1alpha1) resource.

Added support for ComputeRegionSSLPolicy (v1alpha1) resource.

Added support for VertexAIIndexEndpoint (v1alpha1) resource.

Resource BigtableGCPolicy(v1beta1):

Fixed a bug that generates unexpected diff when mode and gcRules are both specified.
Fixed a bug that generates unexpected diff when maxAge in gcRules is specified with units larger than hours.

Resource AlloyDBCluster(v1alpha1):

Added spec.continuousBackupConfig field.
Added spec.restoreBackupSource field.
Added spec.restoreContinuousBackupSource field.
Added status.continuousBackupInfo field.

Resource ArtifactRegistryRepository(v1beta1):

Added spec.cleanupPolicies field.
Added spec.cleanupPolicyDryRun field.

Resource BigQueryTable(v1beta1):

Added spec.maxStaleness field.
Added spec.externalDataConfiguration.fileSetSpecType field.

Resource CloudBuildTrigger(v1beta1):

Added spec.gitFileSource.bitbucketServerConfigRef field.
Added spec.sourceToBuild.bitbucketServerConfigRef field.

Resource CloudFunctions2Function(v1alpha1):

Added spec.kmsKeyName field.

Resource ComputeAddress(v1beta1):

Added spec.ipv6EndpointType field.

Resource ComputeBackendService(v1beta1):

Added spec.securityPolicy field.
Added spec.connectionTrackingPolicy.enableStrongAffinity field.

Resource ComputeInstance(v1beta1):

Added spec.networkInterface.items.ipv6AccessConfig.items.name field.
Added spec.scheduling.localSsdRecoveryTimeout field.

Resource ComputeInstanceTemplate(v1beta1):

Added spec.disk.items.provisionedIops field.
Added spec.networkInterface.items.ipv6AccessConfig.items.name field.
Added spec.scheduling.localSsdRecoveryTimeout field.

Resource ComputeSecurityPolicy(v1beta1):

Added spec.advancedOptionsConfig.userIpRequestHeaders field.

Resource ComputeTargetInstance(v1beta1):

Added spec.securityPolicyRef field.

Resource ComputeTargetPool(v1beta1):

Added spec.securityPolicyRef field.

Resource ContainerCluster(v1beta1):

Added spec.allowNetAdmin field.
Added spec.enableK8sBetaApis field.
Added spec.enableMultiNetworking field.
Added spec.ipAllocationPolicy.additionalPodRangesConfig field.
Added spec.monitoringConfig.advancedDatapathObservabilityConfig field.
Added spec.nodeConfig.hostMaintenancePolicy field.

Resource ContainerNodePool(v1beta1):

Added spec.networkConfig.additionalNodeNetworkConfigs field.
Added spec.networkConfig.additionalPodNetworkConfigs field.
Added spec.nodeConfig.hostMaintenancePolicy field.
Added spec.placementPolicy.policyNameRef field.

Resource DNSManagedZone(v1beta1):

Removed spec.privateVisibilityConfig.required field.

Resource EventarcTrigger(v1beta1):

Added spec.eventDataContentType field.

Resource FirebaseAndroidApp(v1alpha1):

Added spec.apiKeyId field.

Resource FirebaseWebApp(v1alpha1):

Added spec.apiKeyId field.

Resource HealthcareFHIRStore(v1alpha1):

Added spec.defaultSearchHandlingStrict field.
Added spec.notificationConfigs.items.sendPreviousResourceOnDelete field.
Added spec.streamConfigs.items.bigqueryDestination.schemaConfig.lastUpdatedPartitionConfig field.

Resource IAMWorkforcePoolProvider(v1beta1):

Added spec.oidc.clientSecret field.
Added spec.oidc.jwksJson field.
Added spec.oidc.webSsoConfig.additionalScopes field.
Added status.oidc field.

Resource MonitoringAlertPolicy(v1beta1):

Added spec.conditions.items.conditionPrometheusQueryLanguage field.

Resource PubSubSubscription(v1beta1):

Added spec.cloudStorageConfig field.
Added spec.pushConfig.noWrapper field.

Resource RunJob(v1beta1):

Added status.createTime field.
Added status.creator field.
Added status.deleteTime field.
Added status.expireTime field.
Added status.lastModifier field.
Added status.updateTime field.

Resource SecretManagerSecret(v1beta1):

Added spec.annotations field.
Added spec.versionAliases field.

Resource SpannerDatabase(v1beta1):

Added spec.enableDropProtection field.

Resource SQLInstance(v1beta1):

Added spec.settings.ipConfiguration.pscConfig field.
Added status.dnsName field.
Added status.pscServiceAttachmentLink field.

Resource WorkstationsWorkstationCluster(v1alpha1):

Added spec.privateClusterConfig.allowedProjects field.

Fixed spec.webhookConfig.secretRef field in CloudBuildTrigger.

August 21, 2023

Config Connector version 1.108.0 is now available.

Added support for customization on cnrm-unmanaged-detector pods resource requests/limits.

Added support for customization on cnrm-controller-manager pods resource requests/limits in namespaced mode.

Added support for BigQueryReservationCapacityCommitment resource(v1alpha1).

Resource BigQueryDataset(v1beta1):

Added spec.storageBillingModel field.

Resource BigQueryTable(v1beta1):

Added spec.externalDataConfiguration.jsonOptions field.
Added spec.externalDataConfiguration.metadataCacheMode field.
Added spec.externalDataConfiguration.objectMetadata field.
Added spec.externalDataConfiguration.parquetOptions field.

Resource BigtableTable(v1beta1):

Added spec.changeStreamRetention field.

Resource CertificateManagerCertificate(v1alpha1):

Added spec.managed.issuanceConfig field.

Resource CloudFunctions2Function(v1alpha1):

Added status.url field.

Resource ComputeDisk(v1beta1):

Added spec.enableConfidentialCompute field.
Added spec.provisionedThroughput field.

Resource ComputeExternalVPNGateway(v1beta1):

Added status.labelFingerprint field.

Resource ComputeForwardingRule(v1beta1):

Added spec.noAutomateDnsZone field.

Resource ComputeInstance(v1beta1):

Added spec.params field.
Added spec.bootDisk.initializeParams.resourceManagerTags field.

Resource ComputeInstanceTemplate(v1beta1):

Added spec.networkInterface.items.networkAttachment field.

Resource ComputeTargetHTTPProxy(v1beta1):

Added spec.httpKeepAliveTimeoutSec field.

Resource ComputeTargetHTTPSProxy(v1beta1):

Added spec.httpKeepAliveTimeoutSec field.

Resource ComputeURLMap(v1beta1):

Added spec.pathMatcher.items.routeRules.items.matchRules.items.pathTemplateMatch field.
Added spec.pathMatcher.items.routeRules.items.routeAction.urlRewrite.pathTemplateRewrite field.

Resource ContainerCluster(v1beta1):

Added spec.nodeConfig.guestAccelerator.items.gpuDriverInstallationConfig field.
Added spec.nodeConfig.soleTenantConfig field.
Added spec.securityPostureConfig field.

Resource ContainerNodePool(v1beta1):

Added spec.nodeConfig.guestAccelerator.items.gpuDriverInstallationConfig field.
Added spec.nodeConfig.soleTenantConfig field.
Added spec.placementPolicy.tpuTopology field.

Resource DataformRepository(v1alpha1):

Added spec.workspaceCompilationOverrides field.

Resource GKEBackupBackupPlan(v1alpha1):

Added status.state field.
Added status.stateReason field.

Resource HealthcareFHIRStore(v1alpha1):

Added spec.complexDataTypeReferenceParsing field.

Resource RedisInstance(v1beta1):

Added status.maintenanceSchedule field.

Resource RunJob(v1beta1):

Added spec.annotations field.
Added spec.template.annotations field.

Resource SQLInstance(v1beta1):

Added spec.settings.dataCacheConfig field.
Added spec.settings.edition field.

Resource VertexAIFeaturestoreEntityTypeFeature(v1alpha1):

Added status.region field.

Resource VertexAIIndex(v1alpha1):

Added spec.metadata.config.shardSize field.

August 01, 2023

Config Connector version 1.107.0 is now available.

Added support for customization on cnrm-webhook-manager pod replicas.

Optimized HPA rule for cnrm-webhook-manager with targetCPUUtilizationPercentage adjusted from 90 to 70.

Added GOMEMLIMIT environment variable (default value is set to 110MiB) to the webhook container in cnrm-webhook-manager. It sets a runtime memory limit for the webhook container, which helps in GC-related out-of-memory ("OOM") situations.

Resource DataflowFlexTemplateJob(v1beta1):

Added spec.additionalExperiments field.
Added spec.autoscalingAlgorithm field.
Added spec.enableStreamingEngine field.
Added spec.ipConfiguration field.
Added spec.kmsKeyNameRef field.
Added spec.launcherMachineType field.
Added spec.machineType field.
Added spec.maxWorkers field.
Added spec.networkRef field.
Added spec.numWorkers field.
Added spec.sdkContainerImage field.
Added spec.serviceAccountEmailRef field.
Added spec.stagingLocation field.
Added spec.subnetworkRef field.
Added spec.tempLocation field.
Added spec.transformNameMapping field.

Resource BigQueryDataset(v1beta1):

Added spec.access.routine field.

July 11, 2023

Config Connector version 1.106.0 is now available.

Added support for customization on cnrm-webhook-manager, cnrm-controller-manager, cnrm-resource-stats-recorder and cnrm-deletiondefenderpods resource requests/limits.

Added support for RunJob resource.

Optimized HPA rule for cnrm-webhook-manager with new memory targetAverageUtilization.

Added support for KMS key deletion when being orphaned.

Disabled abandon-on-uninstall webhook.

Resource VPCAccessConnector(v1beta1):

Added status.selfLink field.

Resource ComputeDisk(v1beta1):

Added spec.guestOsFeatures field.
Added spec.licenses field.

Resource ComputeImage(v1beta1):

Added spec.storageLocations field.

Resource DataflowFlexTemplateJob(v1beta1):

Added status.type field.

Resource DatastreamStream(v1alpha1):

Added spec.sourceConfig.mysqlSourceConfig.maxConcurrentBackfillTasks field.

Resource GKEHubFeature(v1beta1):

Added spec.spec.fleetobservability field.

Resource MonitoringAlertPolicy(v1beta1):

Added spec.alertStrategy.notificationChannelStrategy field.
Added spec.conditions.items.conditionThreshold.forecastOptions field.

Resource SQLInstance(v1beta1):

Added spec.settings.advancedMachineFeatures field.

Resource StorageTransferJob(v1beta1):

Added spec.transferSpec.awsS3DataSource.path field.

May 26, 2023

Config Connector version 1.105.0 is now available.

Resource AlloyDBBackup(v1alpha1):

Added spec.encryptionConfig field.
Added status.encryptionInfo field.

Resource AlloyDBCluster(v1alpha1):

Added spec.encryptionConfig field.
Added spec.automatedBackupPolicy.encryptionConfig field.
Added status.encryptionInfo field.

Resource BigQueryJob(v1beta1):

Added spec.load.parquetOptions field.

Resource CertificateManagerCertificate(v1alpha1):

Added spec.location field.

Resource CloudBuildTrigger(v1beta1):

Added spec.build.step.items.allowExitCodes field.
Added spec.build.step.items.allowFailure field.
Added spec.gitFileSource.repositoryRef field.
Added spec.sourceToBuild.repositoryRef field.

Resource ComputeBackendService(v1beta1):

Added spec.cdnPolicy.bypassCacheOnRequestHeaders field.

Resource ComputeDisk(v1beta1):

Added spec.asyncPrimaryDisk.diskRef field.

Resource ComputeForwardingRule(v1beta1):

Added spec.allowPscGlobalAccess field.
Added spec.sourceIpRanges field.
Added status.baseForwardingRule field.

Resource ComputeNetworkPeering(v1beta1):

Added spec.stackType field.

Resource ComputeResourcePolicy(v1beta1):

Added spec.diskConsistencyGroupPolicy field.

Resource ComputeRouterPeer(v1beta1):

Added spec.enableIpv6 field.
Added spec.ipv6NexthopAddress field.
Added spec.peerIpv6NexthopAddress field.

Resource ContainerCluster(v1beta1):

Added spec.addonsConfig.gcsFuseCsiDriverConfig field.

Resource VertexAIEndpoint(v1alpha1):

Added spec.region field.

Resource WorkflowsWorkflow(v1alpha1):

Added spec.cryptoKeyName field.

Resource WorkstationsWorkstationCluster(v1alpha1):

Added status.resourceConditions field.
Restructured status.conditions field to be consistent with status.conditions field of any Config Connector kind.

Fixed the issue that the SecretManagerSecretVersion resource stuck in DeleteFailed state when it's deleted after the referenced SecretManagerSecret is deleted.

May 09, 2023

Config Connector version 1.104.0 is now available.

Resource ComputeFirewallPolicyRule(v1beta1):

Added spec.match.destAddressGroups field.
Added spec.match.destFqdns field.
Added spec.match.destRegionCodes field.
Added spec.match.destThreatIntelligences field.
Added spec.match.srcAddressGroups field.
Added spec.match.srcFqdns field.
Added spec.match.srcRegionCodes field.
Added spec.match.srcThreatIntelligences field.

Resource IAMWorkforcePoolProvider(v1beta1):

Added spec.oidc.webSsoConfig field.

Config Connector CLI tool will now export cluster information for BigTableInstance.

Resources with a reconcile period of 0 will no longer attempt to reconcile when pods are recreated (#795).

April 26, 2023

Config Connector version 1.103.0 is now available.

Issue in resource PrivateCACAPool to support setting maxIssuerPathLength field as 0.

Added support for manual installation in GKE Autopilot.

Fixed set blockOwnerDeletion failures for OwnerReferencesPermissionEnforcement enabled clusters (#797).

Optimized ratelimiter for IAMPolicyMember controller to make sure new resources get reconciled timely.

Resource ArtifactRegistryRepository(v1beta1):

Added spec.dockerConfig field.

Resource BigQueryDataset(v1beta1):

Added spec.defaultCollation field.
Added spec.isCaseInsensitive field.

Resource ComputeInstance(v1beta1):

Added spec.scratchDisk.items.size field.

Resource ComputeInstanceTemplate(v1beta1):

Added status.selfLinkUnique field.

Resource ComputeNetwork(v1beta1):

Added spec.networkFirewallPolicyEnforcementOrder field.

Resource ComputeVPNGateway(v1beta1):

Added spec.stackType field.

Resource ContainerCluster(v1beta1):

Added spec.ipAllocationPolicy.podCidrOverprovisionConfig field.
Added spec.ipAllocationPolicy.stackType field.
Added spec.nodeConfig.advancedMachineFeatures field.
Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource ContainerNodePool(v1beta1):

Added spec.networkConfig.podCidrOverprovisionConfig field.
Added spec.nodeConfig.advancedMachineFeatures field.
Added spec.nodeConfig.ephemeralStorageLocalSsdConfig field.
Added spec.nodeConfig.localNvmeSsdBlockConfig field.

Resource PrivateCACAPool(v1beta1):

Added spec.issuancePolicy.baselineValues.caOptions.zeroMaxIssuerPathLength field.

Resource PrivateCACertificateAuthority(v1beta1):

Added spec.config.x509Config.caOptions.zeroMaxIssuerPathLength field.

Resource StorageTransferJob(v1beta1):

Added spec.transferSpec.objectConditions.lastModifiedBefore field.
Added spec.transferSpec.objectConditions.lastModifiedSince field.

Added 136 v1alpha1 Google Cloud resource CRDs. See Install instructions for more information.

March 30, 2023

Config Connector version 1.102.0 is now available.

Added support for IAMAccessBoundaryPolicy resource.

Introduced configurable reconciliation interval feature.

Fixed a bug causing diff detection on reservedIpRange field in RedisInstance.

Added mode, remoteRepositoryConfig, virtualRepositoryConfig fields to ArtifactRegistryRepository

Added scheduling.maintenanceInterval field to ComputeInstance.

Added scheduling.maintenanceInterval field to ComputeInstanceTemplate.

Added groupPlacementPolicy.maxDistance field to ComputeResourcePolicy.

Added deletionPolicy field to ComputeSharedVPCServiceProject.

Added protectConfig field to ContainerCluster.

Added transferSpec.sinkAgentPoolName, transferSpec.sourceAgentPoolName fields to StorageTransferJob.

Added spec.bitbucketServerTriggerConfig, spec.github.enterpriseConfigResourceNameRef fields to CloudBuildTrigger.

Added spec.diskEncryptionKey.rsaEncryptedKey field to ComputeDisk.

Added spec.rateLimitOptions.enforceOnKeyConfigs field to ComputeSecurityPolicy.

Added spec.kubeletConfig.podPidsLimit field to ContainerCluster.

Added spec.kubeletConfig.podPidsLimit field to ContainerNodePool.

Added spec.instanceType field to SQLInstance.

February 21, 2023

Config Connector version 1.101.0 is now available.

Disabled fast dependency reconciliation during resource deletion.

Adjusted default reconciliation interval for the following resources:

BigtableInstance: 3600 seconds (1 hour)
BigtableTable: 3600 seconds (1 hour)
ServiceUsage: 3600 seconds (1 hour)
ComputeSslCertificate: 0 seconds (This resource does not support any updates)

Graduated the following resources from alpha to stable: NetworkServicesGateway, NetworkServicesGRPCRoute, NetworkServicesHTTPRoute, NetworkServicesMesh, NetworkServicesTCPRoute, NetworkServicesTLSRoute.

Removed GameServicesRealm resource.

Added spec.externalDataConfiguration.referenceFileSchemaUri field to BigQueryTable.

Added spec.gitFileSource.githubEnterpriseConfigRef, spec.repositoryEventConfig and spec.sourceToBuild.githubEnterpriseConfigRef fields to CloudBuildTrigger.

Added spec.edgeSecurityPolicyRef and spec.localityLbPolicies fields to ComputeBackendService.

Added spec.scheduling.maxRunDuration field to ComputeInstance.

Added spec.resourcePolicies and spec.scheduling.maxRunDuration fields to ComputeInstanceTemplate.

Added spec.shareSettings field to ComputeNodeGroup.

Added spec.tcpTimeWaitTimeoutSec field to ComputeRouterNAT (#692).

Added spec.adaptiveProtectionConfig.autoDeployConfig field to ComputeSecurityPolicy.

Added spec.bindings.members.memberFrom.serviceIdentityRef field to IAMPartialPolicy (#722).

Added spec.memberFrom.serviceIdentityRef field to IAMPolicyMember (#722).

Added spec.ipConfiguration.enablePrivatePathForGoogleCloudServices field to SQLInstance.

spec.settings.diskType is now immutable in SQLInstance.

Fixed a bug that could cause controllers to become stuck on an outdated CRD version.

January 25, 2023

Config Connector version 1.100.0 is now available.

Added support for BigQueryRoutine resource. This resource has been auto-generated and is in alpha stability (#739).

Added support for TagsTagBinding resource. This resource has been auto-generated and is in alpha stability.

Added support for PubSubLiteReservation resource.

Added support for ServiceIdentity resource (#728).

Added field status.generatedId in ComputeBackendService.

Added field spec.imagedEncryptionKey in ComputeImage.

Added fields spec.disk.sourceImageEncryptionKey, spec.disk.sourceSnapshotRef, and spec.disk.sourceSnapshotEncryptionKey in ComputeInstanceTemplate.

Added field spec.routerApplianceInstanceRef in ComputeRouterPeer.

Added field status.expireTime in ComputeSSLCertificate.

Added fields spec.settings.deletionProtectionEnabled and status.instanceType in SQLInstance (#748).

Field spec.settings.sqlServerAuditConfig.bucketRef is no longer required in SQLInstance.

Added support for IAMPolicy, IAMPartialPolicy and IAMPolicyMember in DNSManagedZone.

abandon-on-uninstall webhook will now ignore non-Config Connector CRDs (#758).

Extended event-driven reconciliation support to IAMPolicyMember.

January 06, 2023

Config Connector version 1.99.0 is now available.

Added support for DataCatalogPolicyTag resource. This resource has been auto-generated and is in alpha stability.

Added support for TagsTagKey resource. This resource has been auto-generated and is in alpha stability.

Added support for TagsTagValue resource. This resource has been auto-generated and is in alpha stability.

Fixed export error for IAMCustomRole in config-connector CLI with --resource-format=terraform.

Added fields spec.configmanagement.oci and spec.mesh.controlPlane in GKEHubFeatureMembership.

Added field spec.skipAwaitRollout in OSConfigOSPolicyAssignment.

Removed field spec.authorizationPolicyRef in NetworkServicesGateway (Alpha).

Added field spec.deletionPolicy in BigtableGCPolicy.

Added field spec.deletionProtection in BigtableTable.

Added field spec.cdnPolicy.cacheKeyPolicy.includeHttpHeaders in ComputeBackendService.

Added fields spec.privateIpAddressRef, spec.redundantInterfaceRef, spec.subnetworkRef in ComputeRouterInterface.

Added fields spec.recaptchaOptionsConfig, spec.rule.headerAction, spec.rule.preconfiguredWafConfig in ComputeSecurityPolicy.

Added fields spec.clusterAutoscaling.autoProvisioningDefaults.management, spec.clusterAutoscaling.autoProvisioningDefaults.shieldedInstanceConfig spec.clusterAutoscaling.autoProvisioningDefaults.upgradeSettings, spec.gatewayApiConfig, spec.masterAuthorizedNetworksConfig.gcpPublicCidrsAccessEnabled, spec.nodeConfig.loggingVariant, spec.nodeConfig.resourceLabels, spec.nodePoolDefaults.nodeConfigDefaults.loggingVariant, spec.privateClusterConfig.privateEndpointSubnetworkRef in ContainerCluster.

Added fields spec.networkConfig.enablePrivateNodes, spec.nodeConfig.loggingVariant, spec.nodeConfig.resourceLabels, spec.upgradeSettings.blueGreenSettings, spec.upgradeSettings.stategy in ContainerNodePool.

Added field spec.privateVisibilityConfig.gkeClustersRef in DNSManagedZone.

Added field spec.mesh.controlPlane in GKEHubFeatureMembership.

Added field spec.deletionPolicy in SQLDatabase.

Added fields spec.settings.connectorEnforcement, spec.settings.denyMaintenancePeriod, spec.settings.insightsConfig.queryPlansPerMinute in SQLInstance.

Added field spec.autoclass in StorageBucket.

Supported the regional spec.defaultRouteAction.requestMirrorPolicy.backendServiceRef, spec.defaultRouteAction.weightedBackendServices.backendServiceRef for the regional ComputeURLMap resources.

Field spec.labels in CloudIdentityGroup has become mutable.

Field spec.ipv6AccessType in ComputeSubnetwork has become mutable.

Extended faster reconciliation of resources with dependencies to support IAMPartialPolicy.

December 13, 2022

Config Connector version 1.98.0 is now available.

Added support for DataCatalogTaxonomy resource. This resource has been auto-generated and is in alpha stability.

Added spec.maxTimeTravelHours to BigQueryDataset.

Added spec.build.step.script to CloudBuildTrigger.

Added spec.sourceDiskRef and status.sourceDiskId to ComputeDisk.

Added spec.rules to ComputeRouterNAT.

Added spec.clusterAutoscaling.autoProvisioningDefaults.diskSize to ContainerCluster.

Fixed spec.datapathProvider in ContainerCluster by making it immutable.

Added mutation support to spec.nodeConfig.tags in ContainerCluster.

Added status.member to IAMServiceAccount.

Fixed spec.schemaSettings.encoding in PubSubTopic by making it immutable (#698).

Added spec.settings.timeZone to SQLInstance.

November 15, 2022

Config Connector version 1.97.0 is now available.

Added spec.gcRules to BigtableGCPolicy (Issues #624, #542, #482, #345, #300).

Added spec.load.jsonExtension to BigQueryJob.

Added spec.externalDataConfiguration.avroOptions to BigQueryTable.

Added spec.compressionMode to ComputeBackendBucket.

Added spec.compressionMode to ComputeBackendService.

Added spec.advancedOptionsConfig.jsonCustomConfig to ComputeSecurityPolicy.

Added spec.managementConfig.fullManagementConfig to ConfigControllerInstance.

Added spec.nodeConfig.guestAccelerator[].gpuSharingConfig and spec.notificationConfig.pubsub.filter to ContainerCluster.

Added spec.nodeConfig.guestAccelerator[].gpuSharingConfig to ContainerNodePool.

Added spec.config.dataprocMetricConfig, spec.config.gceClusterConfig.confidentialInstanceConfig, spec.config.gceClusterConfig.shieldedInstanceConfig, spec.config.masterConfig.diskConfig.localSsdInterface, spec.config.metastoreConfig.dataprocMetastoreServiceRef, spec.config.secondaryWorkerConfig.diskConfig.localSsdInterface, spec.config.securityConfig, spec.config.workerConfig.diskConfig.localSsdInterface and spec.virtualClusterConfig to DataprocCluster.

Added spec.cloudLoggingConfig to DNSManagedZone.

Added spec.persistenceConfig to RedisInstance.

Added status.version to SecretManagerSecretVersion.

Added spec.maintenanceVersion and status.availableMaintenanceVersions to SQLInstance.

Added spec.passwordPolicy to SQLUser.

Added spec.customPlacementConfig to StorageBucket.

Added spec.notificationConfig to StorageTransferJob (Issue #303).

Moved SQLUser output-only field sqlServerUserDetails from spec to status.

Added support for DLPJobTrigger resource.

October 26, 2022

Config Connector version 1.96.0 is now available.

Added storageTarget to BigTableInstance (Issue #729).

Added location and BITBUCKET support to CloudBuildTrigger (Issue #672).

Added visibleCoreCount to ComputeInstance.

Added visibleCoreCount to ComputeInstanceTemplate.

Added snapshotProperties.chainName to ComputeResourcePolicies.

Added chainName to ComputeSnapshot.

Added certificateMapRef to ComputeTargetSSLProxy.

Added costManagementConfig, nodePoolDefaults, serviceExternalIpsConfig to ContainerCluster.

Added locationPolicy, totalMaxNodeCount, totalMinNodeCount to ContainerNodePool.

Added channelRef and resourceConditions to EventarcTrigger.

Added mesh to GKEHubFeatureMembership.

Added forceDelete to MonitoringNotificationChannel.

Removed labels field from NetworkServicesGateway (alpha), NetworkServicesGRPCRoute (alpha), NetworkServicesHTTPRoute (alpha), NetworkServicesMesh (alpha), and NetworkServicesTCPRoute (alpha).

Released new controller unmanaged-detector. Now if there is no Config Connector controller for a resource's namespace, that resource's status will show as "Unmanaged".

Extended faster reconciliation of resources with dependencies to support IAMAuditConfig and IAMPolicy.

Added support for DLPInspectTemplate resource.

Fixed issue with DataprocCluster where resource creation was failing with error message Update call failed: error applying desired state: infeasible update: ({true }) would require recreation (Issue #661).

September 27, 2022

Config Connector version 1.95.0 is now available.

Added support for DLPDeidentifyTemplate resource.

Added enableServiceLinks: false to all the Pod configurations in Config Connector installation bundle. This is to fix the potential issue standard_init_linux.go:228: exec user process caused: argument list too long in Config Connector Pods.

September 14, 2022

Config Connector version 1.94.0 is now available.

Added spec.memberFrom.sqlInstanceRef field to IAMPolicyMember (Issue #689).

Added spec.bindings[].members[].memberFrom.sqlInstanceRef field to IAMPartialPolicy (Issue #689).

Removed the validation on spec.cluster.numNodes > 0 in BigtableInstance (Issue #673).

Added support for major version upgrades to SQLInstance (spec.databaseVersion is now mutable).

Added spec.nodeConfig.reservationAffinity to ContainerCluster.

Added spec.nodePoolAutoConfig to ContainerCluster.

Added spec.nodeConfig.reservationAffinity to ContainerNodePool.

Extended support for value absent in state-into-spec annotation to most Config Connector resources.

Added spec.placement.managedCluster.config.gceClusterConfig.shieldedInstanceConfig to DataprocWorkflow.

In NetworkServicesGateway (alpha), updated spec.authorizationPolicy to spec.authorizationPolicyRef, and updated spec.serverTlsPolicy to spec.serverTlsPolicyRef.

Removed spec.routers in NetworkServicsGRPCRoute (alpha) and NetworkServicsTCPRoute (alpha).

Removed spec.routers and spec.rules.action.originalDestination in NetworkServicsHTTPRoute (alpha).

September 01, 2022

Config Connector version 1.93.0 is now available.

Config Connector will deprecate GameServicesRealm on November 15, 2022 due to the deprecation of Google Cloud Game Servers on June 30, 2023. This means that Config Connector will stop reconciling GameServicesRealm resources. If you have any questions or require assistance, please contact Google Cloud Support.

Added support for "reconcile resource immediately once its dependency is ready" feature for CloudFunctionsFunction, EventarcTrigger, MonitoringUptimeCheckConfig, ServiceDirectoryEndpoint, and ServiceDirectoryService.

Increased webhook timeout to 10s.

Added spec.cdnPolicy.bypassCacheOnRequestHeaders and spec.cdnPolicy.requestCoalescing fields to ComputeBackendBucket.

Added spec.scheduling.instanceTerminationAction field to ComputeInstance.

Added spec.scheduling.instanceTerminationAction field to ComputeInstanceTemplate.

Added spec.networkRef and spec.subnetworkRef fields to ComputeRegionNetworkEndpointGroup.

Added spec.certificateMapRef field to ComputeTargetHTTPSProxy.

Added spec.binaryAuthorization, spec.clusterAutoscaling.autoProvisioningDefaults.bootDiskKMSKeyRef, and spec.meshCertificates fields to ContainerCluster.

Deprecated spec.enableBianryAuthorization field in ContainerCluster.

Added spec.binaryAuthorization.evaluationMode field in ContainerCluster.

Added spec.conditions.conditionMonitoringQueryLanguage.evaluationMissingData, and spec.conditions.conditionThreshold.evaluationMissingData fields to MonitoringAlertPolicy.

Added spec.bigqueryConfig field to PubSubSubscription.

Added spec.customerManagedKeyRef field to RedisInstance.

Added spec.versionRetentionPeriod field to SpannerDatabase.

Fixed the mutability of spec.settings.collation in SQLInstance, as it is actually immutable.

Added spec.settings.locationPreference.secondaryZone, spec.settings.passwordValidationPolicy, and spec.settings.sqlServerAuditConfig fields to SQLInstance.

Added spec.lifecycleRule.condition.matchesPrefix and spec.lifecycleRule.condition.matchesSuffix fields to StorageBucket.

August 17, 2022

Config Connector version 1.92.0 is now available.

Fixed missing Kind field in Go Client ResourceRef struct.

Added support for IAMWorkforcePoolProvider resource.

August 04, 2022

Config Connector version 1.91.0 is now available.

Fixed issue where if ContainerCluster had the remove-default-node-pool directive set to true and there was a ContainerNodePool associated with it, after deleting the successfully reconciled ContainerNodePool, ContainerCluster would get stuck on the UpdateFailed state.

Fixed issue where SQLInstance could not reference KMSCryptoKey.

Added support for the IAMWorkforcePool resource.

Added spec.configmanagement.policyController.monitoring and spec.configmanagement.policyController.mutationEnabled fields to GKEHubFeatureMembership.

Added support for state-into-spec to StorageBucket.

Fixed all reference docs so that code samples now work when they're copy/pasted.

July 27, 2022

Config Connector version 1.90.0 is now available.

Fixed issue where spec.layer7DdosDefenseConfig field in ComputeSecurityPolicy was not being reflected onto underlying resource.

Added support for ServiceDirectoryEndpoint resource.

Added support for the DLPStoredInfoType resource.

Added support for state-into-spec: absent to MonitoringAlertPolicy.

Added spec.iap.oauth2ClientIdRef field to ComputeBackendService.

Added spec.egressPolicies.egressTo.externalResources field to AccessContextManagerServicePerimeters,

Added spec.externalDataConfiguration.connectionId field to BigQueryTable.

Added spec.includeBuildLogs field to CloudBuildTrigger.

Added spec.cacheKeyPolicy.cdnPolicy.includeNamedCookies field to ComputeBackendService.

Added spec.enableUlaInternalIpv6 and spec.internalIpv6Range fields to ComputeNetwork.

Added spec.maxPortsPerVm field to ComputeRouterNats.

Added spec.advancedOptionsConfig field to ComputeSecurityPolicy.

Added spec.sslPolicyRef field to ComputeTargetHTTPSProxy.

Added spec.monitoringConfig.managedPrometheus field to ContainerCluster.

Added spec.sqlServerUserDetails field to SQLUser.

Added spec.schemaSettings field to PubSubTopic.

Added status.pscConnectionId and status.pscConnectionStatus fields to ComputeForwardingRule.

Added status.creationTime and status.managedZoneId fields to DNSManagedZones.

Added support for "reconcile resource immediately once its dependency is ready" feature for ComputeTargetPool, ComputeNetworkEndpointGroup, NetworkServicesGRPCRoute, NetworkServicesTLSRoute.

June 21, 2022

Config Connector version 1.89.0 is now available.

Added support for PubSubSchema resource.

Added spec.cdnPolicy.cacheKeyPolicy field to ComputeBackendBucket.

Fixed bulk-export for MonitoringAlertPolicy.

June 09, 2022

Config Connector version 1.88.0 is now available.

Added support for ServiceDirectoryNamespace and ServiceDirectoryService resources.

Added fields spec.maintenancePolicy and spec.maintenanceSchedule to MemcacheInstance resource.

June 01, 2022

Config Connector version 1.87.0 is now available.

Added spec.pscTargetService field to ComputeRegionNetworkEndpointGroup.

Added spec.enableDynamicPortAllocation field to ComputeRouterNAT.

Added spec.maintenancePolicy.maintenanceExclusion[].exclusionOptions field to ContainerCluster.

Added spec.settings.activeDirectoryConfig field to SQLInstance.

Added spec.gateways field to NetworkServicesTCPRoute.

May 24, 2022

Config Connector version 1.86.0 is now available.

Added support for ComputeRegionNetworkEndpointGroup resource.

Added spec.serviceDirectoryRegistrations field to ComputeForwardingRule.

Fixed issue where webhooks were unintentionally returning 500 errors when rejecting immutable field changes.

May 19, 2022

Config Connector version 1.85.0 is now available.

Fixed spec.topics in SecretManagerSecret (Issue #655).

Added support for PrivateCACertificate resource.

Fixed the reference configs for AccessContextManagerServicePerimeter.

Added spec.subsetting field to ComputeBackendService.

Added spec.secondaryIpRange field to RedisInstance.

Changed spec.readReplicasMode in RedisInstance from immutable to optional.

May 10, 2022

Config Connector version 1.84.0 is now available.

Added IAMPolicy and IAMPolicyMember support for AccessContextManagerAccessPolicy.

Added spec.approvalConfig field to CloudBuildTrigger.

Added spec.rule.redirectOptions field to ComputeSecurityPolicy.

Added spec.addonsConfig.gkeBackupAgentConfig field to ContainerCluster.

Added cnrm.cloud.google.com/skip-wait-on-job-termination directive to DataflowFlexTemplateJob and DataflowJob.

Added spec.rrdatasRefs field to DNSRecordSet.

Added spec.columnLayout.columns.widgets.logsPanel, spec.gridLayout.widgets.logsPanel, spec.mosaicLayout.tiles.widget.logsPanel, and spec.rowLayout.rows.widgets.logsPanel fields to MonitoringMonitorDashboard.

Added spec.enableExactlyOnceDelivery field to PubSubSubscription.

Reduced reconciliation frequency of ConfigConnector object.

Deprecated spec.rrdatas field in DNSRecordSet.

Renamed spec.template.volumes.cloudSqlInstance.connections to spec.template.volumes.cloudSqlInstance.instances in RunService (Alpha).

Removed spec.template.confidential field from RunService (Alpha).

Removed status.terminalCondition.domainMappingReason and status.terminalCondition.internalReason fields from RunService (Alpha).

Removed spec.gateways field from NetworkServicesTCPRoute (Alpha).

April 25, 2022

Config Connector version 1.83.0 is now available.

Made the spec.resourceRef.apiVersion field in IAMPolicy, IAMPartialPolicy, IAMPolicyMember, IAMAuditConfig optional.

Added IAMPolicyMember support for BinaryAuthorizationPolicy, CloudFunctionsFunction, DataprocCluster, NetworkSecurityAuthorizationPolicy, NetworkSecurityClientTLSPolicy, NetworkSecurityServerTLSPolicy, and RunService.

April 21, 2022

Config Connector version 1.82.0 is now available.

Added field spec.networkInterface[].networkIpRef to ComputeInstance resource.

Deprecated spec.networkInterface[].networkIp field in ComputeInstance resource.

April 13, 2022

This release contains an issue that may prevent you from successfully deleting namespaces with Config Connector enabled if using Config Connector in namespaced-mode. If you are using namespaced-mode, do not upgrade to version 1.81.0 - please upgrade to 1.82.0 instead.

Config Connector version 1.81.0 is now available.

Added support for ApigeeEnvironment resource.

Added field spec.cluster[].autoscalingConfig to BigtableInstance resource.

Added field spec.edgeSecurityPolicy to ComputeBackendBucket resource.

Added field spec.type to ComputeSecurityPolicy resource.

Added field spec.schedule.repeatInterval to StorageTransferJob resource

Fixed the bug introduced in version 1.62.0 that list fields can't be set to empty lists. (Issue #595)

April 07, 2022

Config Connector version 1.80.0 is now available.

Added support for ApigeeOrganization resource.

Added support for NetworkServicesTLSRoute resource.

Added spec.destination.loggingLogBucketRef to LoggingLogSink.

March 30, 2022

Config Connector version 1.79.0 is now available.

Added support for MonitoringMonitoredProject resource.

Added spec.mavenConfig to ArtifactRegistryRepository.

Added spec.filter, spec.gitFileSource, and spec.sourceToBuild to CloudBuildTrigger.

Added spec.nodeConfig.gvnic to ContainerCluster.

Added spec.nodeConfig.gvnic to ContainerNodePool.

Added IAMPolicy support for BinaryAuthorizationPolicy, CloudFunctionsFunction, DataprocCluster, NetworkSecurityAuthorizationPolicy, NetworkSecurityClientTLSPolicy, NetworkSecurityServerTLSPolicy, and RunService.

March 21, 2022

Config Connector version 1.78.0 is now available.

Fixed issue where users could not switch between the field singleClusterRouting and the fields multiClusterRoutingUseAny and multiClusterRoutingClusterIds in BigtableAppProfile resources.

Fixed issue where users could not update the policy in ResourceManagerPolicy resources.

Fixed issue where users could not switch between the field github.push and the field github.pullRequest in CloudBuildTrigger resources (Issue #357).

March 16, 2022

Config Connector version 1.77.0 is now available.

Added support for IdentityPlatformConfig resource.

Added support for ARM binaries.

March 04, 2022

Config Connector version 1.75.0 is now available.

Added support for BillingBudgetsBudget resource.

Added support for EventarcTrigger resource.

Added support for LoggingLogView resource.

Added field spec.rule[].rateLimitOptions into ComputeSecurityPolicy resource.

Added fields spec.addonsConfig.gcpFilestoreCsiDriverConfig and spec.clusterAutoscaling.autoProvisioningDefaults.imageType into ContainerCluster resource.

Added fields spec.maintenancePolicy and spec.maintenanceSchedule into RedisInstance resource.

Added fields spec.transferSpec.awsS3DataSource.roleArn, spec.transferSpec.posixDataSink and spec.transferSpec.posixDataSource into StorageTransferJob resource.

Added field status.selfLink into NetworkServicesGateway,NetworkServicesGRPCRoute, NetworkServicesHTTPRoute, NetworkServicesMesh and NetworkServicesTCPRoute resources.

StorageTransferJob: Fields spec.schedule and spec.transferSpec.awsS3DataSource.awsAccessKey are no longer required.

February 18, 2022

Config Connector version 1.74.0 is now available.

Added support for PrivateCACertificateAuthority resource

Fixed topicRef in CloudBuildTrigger (Issue #605).

February 11, 2022

Config Connector version 1.73.0 is now available.

Added support for ComputeFirewallPolicyAssociation resource.

Added support in IAMPartialPolicy and IAMPolicy to cover Organization and BillingAccount resources.

Fixed spec.target.targetHTTPProxyRef issue in ComputeForwardingRule (Issue #596).

CRD go clients (alpha) have moved to pkg/clients/generated/client/clientset/versioned/ package.

February 01, 2022

Config Connector version 1.72.1 is now available.

Miscellaneous bug fixes.

January 25, 2022

Config Connector version 1.72.0 is now available.

Added support for LoggingLogBucket resource.

Added support for CloudFunctionsFunction resource.

Added fields spec.alertStrategy and spec.conditions.conditionMatchedLog to MonitoringAlertPolicy resource.

January 19, 2022

Config Connector version 1.71.0 is now available.

Added support for LoggingLogMetric resource.

Added support for NetworkConnectivitySpoke resource.

Added regional support for ComputeTargetHTTP(S)Proxy resource(s).

Added spec.build.availableSecrets to CloudBuildTrigger resource.

Added spec.nodeConfig.nodeGroupRef and spec.nodeConfig.spot to ContainerCluster and ContainerNodePool resources.

Added spec.readReplicaMode, spec.replicaCount and status.nodes to RedisInstance resources.

Added spec.settings.ipConfiguration.allocatedIpRange to SQLInstance resource.

Added spec.publicAccessPrevention to StorageBucket resource.

Added spec.identityServiceConfig to ContainerCluster resource.

January 07, 2022

Config Connector 1.70.0 is now available

Added support for MonitoringUptimeCheckConfig resource.

Added support for RunService (alpha) resource.

Added support for NetworkServicesGateway (alpha), NetworkServicesMesh (alpha), NetworkServicesGRPCRoute (alpha), NetworkServicesHTTPRoute (alpha), and NetworkServicesTCPRoute (alpha) resources.

Added field spec.networkInterface.queueCount to ComputeInstance and ComputeInstanceTemplate resources.

Added fields spec.bfd.minReceiveInterval, spec.bfd.minTransmitInterval, spec.bfd.multiplier, and spec.bfd.sessionInitializationMode to ComputeRouterPeer resource.

Added fields spec.nodeConfig.gcfsConfig and spec.managedInstanceGroupUrls to ContainerNodePool resource.

Added field spec.nodeConfig.gcfsConfig (deprecated) to ContainerCluster resource. spec.nodeConfig is a deprecated field that we recommend not using in your configuration.

Added field spec.messageRetentionDuration to PubSubTopic resource.

Supported referencing Workload Identity principals in IAMPolicyMember. (Issue #583)

ComputeInstance and ComputeInstanceTemplate: Configuring field spec.serviceAccount.scopes with value trace-append or trace-ro is no longer available. Use trace instead.

ContainerCluster: The default value for spec.enableShieldedNodes is changed to true.

ContainerCluster: Output-only field status.instanceGroupUrls is removed.

ContainerCluster: It now errors out if spec.workloadIdentityConfig.identityNamespace (deprecated) and spec.workloadIdentityConfig.workloadPool are both present but with different values. We recommend using spec.workloadIdentityConfig.workloadPool field only.

ComputeSnapshot: Output-only field status.sourceDiskLink is removed.

PubSubSubscription: Output-only field status.path is removed.

SQLInstance: spec.settings.authorizedGaeApplications, spec.settings.crashSafeReplication, spec.settings.replicationType become no-ops fields. We recommend removing these fields in your configuration.

StorageBucket: It now errors out if spec.bucketPolicyOnly (deprecated) and spec.uniformBucketLevelAccess are both present but with different values. We recommend using spec.uniformBucketLevelAccess field only.

config-connector CLI removes the ability to export default ComputeNetwork, ComputeSubnetwork, and ComputeRoute via bulk-export command. Those default network assets contain invalid values in other contexts. Removing them from bulk export to avoid additional manual handling of the exported configuration.

December 14, 2021

Config Connector 1.69.0 is now available

Added support for VPCAccessConnector resource

Added support for ComputePacketMirroring resource

Added support for PrivateCACAPool resource

Added support for IAMWorkloadIdentityPool resource

Added support for IAMWorkloadIdentityPoolProvider resource

Added support for CloudIdentityMembership resource

Rollout support for state-into-spec: absent to ContainerCluster resource (Issue #576)

Add billgProject flag in ConfigConnectorContext to specify a quota project to send along with user_project_override header, used for all requests sent from Config Connector. If set on a resource that supports sending the resource project, this value will supersede the resource project. This field can only be set if requestProjectPolicy takes BILLING_PROJECT value

Fixed the issues in config-connector export that the exported YAML now include zero primitives to match the Google Cloud resource live state

Fixed the issues in ContainerCluster with creating autopilot clusters

December 01, 2021

Config Connector 1.68.0 is now available.

Added support for MonitoringService resource.

Added support for MonitoringServiceLevelObjective resource.

Added support for NetworkConnectivityHub resource.

Added support for OSConfigOSPolicyAssignment resource.

Added support for RecaptchaEnterpriseKey resource.

Added support for regional ComputeSSLCertificate resource.

Added support for resourceID field for SecretManagerSecretVersion resource.

November 11, 2021

Config Connector 1.67.0 is now available.

Added support for PrivateCACertificateTemplate resource.

Added support for ConfigControllerInstance (Alpha) resource.

Added fields spec.nodeConfig.guestAccelerator[].gpuPartitionSize and spec.workloadIdentityConfig.workloadPool to ContainerCluster resource.

Added field spec.nodeConfig.guestAccelerator[].gpuPartitionSize to ContainerNodePool resource.

Deprecated spec.workloadIdentityConfig.identityNamespace (field is also no longer required), spec.masterAuth and status.instanceGroupUrls in ContainerCluster resource.

Fixed the issue that DataflowJob was repeatedly updating if spec.enableStreamingEngine was set to true.

Fixed the issues in config-connector bulk-export and the exported IAMCustomRole resources can now be imported into Config Connector.

November 04, 2021

Config Connector 1.66.0 is now available.

Added support for memberFrom in IAMPartialPolicy.

Miscellaneous bug fixes and improvements.

November 01, 2021

Config Connector 1.65.0 is now available.

Added support for the ComputeServiceAttachment resource.

config-connector command cli print-resources now includes a column listing whether it supports of related IAM resources.

All config-connector containers now emit logging to stdout rather than stderr.

config-connector command cli now correctly labels supported bulk-export resources.

October 25, 2021

Config Connector 1.64.0 is now available.

Added support for ComputeFirewallPolicyRule resource.

Added support for FilestoreBackup and FilestoreInstance resources.

Added connectionTrackingPolicy field to ComputeBackendService.

Added ipv6AccessConfig, ipv6AccessType and stackType fields to ComputeInstance.

Added ipv6AccessConfig, ipv6AccessType and stackType fields to ComputeInstanceTemplate.

Added ipv6AccessType, stackType, externalIpv6Prefix, ipv6CidrRange fields to ComputeSubnetwork.

Added nodeConfig.workloadMetadataConfig.mode; deprecated nodeConfig.workloadMetadataConfig.nodeMetadata in ContainerCluster.

Added serviceAccountRef field to CloudBuildTrigger.

Added monitoringConfig, dnsConfig and loggingConfig fields to ContainerCluster.

Added importOnly field to KMSCryptoKey.

Added disabled field to IAMServiceAccount.

Added gcsDataSink.path and gcsDataSource.path fields to StorageTransferJob.

Moved version field to status in DataprocWorkflowTemplate.

In DNSRecordSet, ttl field is no longer required.

Handle the lifecycle of ConfigConnectorContext objects in a separate controller for better isolation and scalability.

Fixed the issue of changing BigTableInstance node size.

October 01, 2021

Config Connector 1.63.0 is now available.

Added spec.configSync.git.gcpServiceAccountRef to GKEHubFeatureMembership.

Added spec.destroyScheduledDuration to KMSCryptoKey.

ComputeDisk: spec.interface has been deprecated. The value of spec.interface is no longer used by the API, so all validation has been removed and values will not be populated. You should remove this field from your configuration.

ComputeRouterPeer: ipAddress is no longer a read-only field, and can be set with the spec.ipAddress field.

September 21, 2021

Config Connector 1.62.0 is now available.

Added Age and Healthy columns for the kubectl get tabular outputs of ConfigConnector and ConfigConnectorContext resources.

Miscelleanous bug fixes.

September 10, 2021

Config Connector 1.61.0 is now available

Added the securitySettings field to ComputeBackendService

Added jitter to resource reconciliation reenqueue period to smooth out the traffic pattern

Fixed a bug in BigqueryJob that generates unexpected diff for 'kms_key_name'

September 03, 2021

Config Connector 1.60.0 is now available.

Added support for ComputeFirewallPolicy resource.

Fixed the error when deleting the ConfigConnectorContext object. (Issue #523)

August 19, 2021

Config Connector 1.59.0 is now available

Added networkConfig field into ContainerNodePool

Added processingUnits field into SpannerInstance

config-connector CLI supports IAMPartialPolicy as an IAM output format

Fixed the issue where ComputeInstance fails reconciliation if metadata is set outside KCC (Issue #524)

August 12, 2021

Config Connector 1.58.1 is now available.

Miscellaneous bug fixes.

August 02, 2021

Config Connector 1.58.0 is now available.

Added support for MonitoringMetricDescriptor resource.

CloudBuildTrigger: added webhookConfig and pubsubConfig options for triggers.

Added a list of resources which have service-generated resource IDs.

Added limited support for the cnrm.cloud.google.com/state-into-spec annotation, which allows merge and absent values to merge a resource's state into the spec field or not, respectively.

Currently only supported for BigQueryDataset.

July 22, 2021

Config Connector 1.57.0 is now available.

Added support for GKEHubFeatureMembership resource.

Added spec.projectRef to ServiceUsageService.

Reverted DNSRecordSetto an older implementation (from v1.50.0) due to an issue that broke users' ability to modify rrdatas. Note that this also means that rrdatas and ttl are required fields again.

Added the following output-only fields:

BigQueryJob: query.destinationEncryptionConfiguration.kmsKeyVersion, load.destinationEncryptionConfiguration.kmsKeyVersion, and copy.destinationEncryptionConfiguration.kmsKeyVersion.
BigQueryTable: encryptionConfiguration.kmsKeyVersion.

Added advancedMachineFeatures to ComputeInstance.

July 13, 2021

Config Connector 1.56.0 is now available.

Added support for ComputeInstanceGroupManager resource (Issue #314).

Added support for BinaryAuthorizationPolicy resource.

Added cluster.kmsKeyRef field to BigtableInstance.

Added expire, rotation, topics, and ttl fields to SecretManagerSecret (Issue #471).

Fixed bug that was causing CloudIdentityGroup to go through infinite updates.

Added timestamp to log messages.

Aggregated the cnrm-admin ClusterRole to the admin and edit ClusterRoles, and aggregated the cnrm-viewer ClusterRole to view ClusterRole. See Aggregated ClusterRoles for details (Issue #486).

July 07, 2021

Config Connector 1.55.0 is now available

Added NetworkServicesEndpointPolicy support

Added new fields:

ComputeInstance: networkPerformanceConfig.totalEgressBandwidthTier field added.
ComputeInstanceTemplate: advancedMachineFeatures field added.
ComputeInstanceTemplate: confidentialInstanceConfig.enableConfidentialCompute field is now immutable.
ComputeInstanceTemplate: networkPerformanceConfig.totalEgressBandwidthTier field added.
ComputeSecurityPolicy: adaptiveProtectionConfig field added.
RedisInstance: redisVersion field no longer immutable.

Reduced max retry interval on failure to 120 seconds for fast reconciliation

Use IAMResourceRef type in IAMPartialPolicySpec (Issue #495)

ContainerCluster supports User Project Override (Issue #492)

June 24, 2021

Config Connector 1.54.0 is now available

Added support for the following resources:

MonitoringDashboard
GKEHubFeature
IAMPartialPolicy
NetworkSecurityAuthorizationPolicy
BinaryAuthorizationAttestor

Added support for ingress and egress policies in AccessContextManagerServicePerimeter

Added new fields:

ComputeAddress: networkRef
ComputeDisk: provisionedIops
ComputeInstance: reservationAffinity
ComputeInstanceTemplate: reservationAffinity
ComputeInterconnectedAttachment: encryption and ipsecInternalAddresses
ComputeResourcePolicy: description and instanceSchedulePolicy
ComputeRouterInterface: encryptedInterconnectRouter
SQLInstance: diskAutoresizeLimit
StorageTransferJob: transferSpec.azureBlobStorageDataSource

The following fields are no longer immutable:

CloudIdentityGroup: initialGroupConfig
DataflowFlexTemplateJob: containerSpecGcsPath and parameters

SQLInstance: databaseVersion field now additionally accepts POSTGRES_10, POSTGRES_12, and POSTGRES_13.

ComputeVPNGateway: vpnInterfaces field moved from status to spec and now includes interconnectAttachmentRef field.

ComputeAddress: purpose field now additionally accepts IPSEC_INTERCONNECT.

June 21, 2021

Config Connector 1.53.0 is now available

Added support for NetworkSecurityClientTLSPolicy

Added support for NetworkSecurityServerTLSPolicy

Added support for strong hierarchal references to several resources:

Add spec.projectRef to DataprocAutoScalingPolicy
Add spec.projectRef to DataprocCluster
Add spec.projectRef to DataprocWorkflowTemplate
Add spec.projectRef to MonitoringGroup

Change cnrm-system containers to use HTTP probes for readiness instead of command probes

June 11, 2021

Config Connector 1.52.0 is now available.

Added support for ComputeURLMap, DataFusionInstance, LoggingLogExclusion.

IAMServiceAccount: added support for resourceID.

spec.preservedUnknownFields is set to false for all CRDs, ensuring consistent behavior as the flag is set from true to false across Kubernetes versions.

June 02, 2021

Config Connector 1.51.2 is now available.

Miscellaneous bug fixes.

May 27, 2021

Config Connector 1.51.1 is now available

Miscellaneous bug fixes.

May 24, 2021

Config Connector 1.51.0 is now available

Added field spec.basic.conditions[].devicePolicy.osConstraints[].requireVerifiedChromeOs to AccessContextManagerAccessLevel

Added field spec.externalDataConfiguration.hivePartitioningOptions.requirePartitionFilter to BigQueryTable

Added field spec.initialGroupConfig to CloudIdentityGroup

Added field spec.initialSize to ComputeNodeGroup

Added field spec.maintenanceWindow to ComputeNodeGroup

Added field spec.replication.userManaged.replicas[].customerManagedEncryption to SecretManagerSecret

Added field spec.encryptionConfig to SpannerDatabase

May 17, 2021

Config Connector version 1.50.0 is now available.

Resource CRDs are now using apiextensions.k8s.io/v1. The minimum required Kubernetes version for using Config Connector v1.50.0 and above is Kubernetes 1.16. This change is in preparation for the removal of apiextensions.k8s.io/v1beta1 in Kubernetes 1.22.

Fixed the issue that Project creation failed if spec.resourceID was set. (Issue #462)

Fixed the issue that Storage resources couldn't be deleted if the referenced StorageBucket was deleted first. (Issue #463)

Fixed the IAM resource references in go-client. (Issue #413)

May 04, 2021

Config Connector version 1.49.1 is now available.

Miscellaneous bug fixes.

April 30, 2021

Config Connector version 1.49.0 is now available.

Hierarchical reference field is optional for BigQueryDataset, ComputeDisk, Folder, and Project (Fixes a follow-up issue in #349).

April 27, 2021

Config Connector version 1.48.0 is now available.

ComputeDisk added support for projectRef

Added go-clients for GKEHubMembership and CloudIdentityGroup

April 23, 2021

Config Connector version 1.47.0 is now available.

Added support CloudIdentityGroup and GKEHubMembership

Added resourceID support for Project resource

Fixed the issue of acquiring ComputeBackendService with iap configuration (GitHub #304)

April 16, 2021

Config Connector version 1.46.0 is now available.

cnrm-resource-stats-recorder container now binds to hostPort 48797 rather than 8888 (fixes GitHub issue #449)

Go Client now uses a pointer type or allows for a built-in nil value for spec fields that are optional. (fixes GitHub issue #426)

BigQueryDataset add support for projectRef

ContainerCluster supports enableAutopilot, enableL4IlbSubsetting, and privateIpv6GoogleAccess.

ContainerNodePool supports disabling autoscaling by setting min and max node counts to 0 (fixes GitHub issue #437)

SecretManagerSecretVersion now requires the secretData field.

Added observedGeneration field to status for resources, enabling compatibility with kstatus (fixes GitHub issue #410]{:.external})

April 08, 2021

Config Connector version 1.45.0 is now available.

Added support for OSConfigGuestPolicy, IdentityPlatformTenant, IdentityPlatformOAuthIDPConfig and IdentityPlatformTenantOauthIDPConfig.

Added proxyBind field to ComputeTargetHTTPProxy, ComputeTargeHTTPSProxy, and ComputeTargetTCPProxy.

Added enableStreamingEngine field to DataflowJob.

Fixed issue where folderRef/organizationRef could not be defaulted from folder-id/organization-id annotations when creating Project/Folder resources with server-side apply. (More details can be found here).

Supported a viewer cluster role so that resources can be referenced cross namespaces in namespaced mode. (Issue #407)

Updated the structs' name of any field FooBar to be KindFooBar in Go Client resources. This ensures that the struct names are unique within a Go package.

Fixed the ListMeta type in Go Client (Issue #422).

March 25, 2021

Config Connector version 1.44.0 is now available.

Added support for the ContainerAnalysisNote resource (no config-connector CLI support)

Added mtu field to ComputeInterconnectAttachment.

Added nodeConfig.ephemeralStorageConfig field to ContainerCluster and ContainerNodePool.

Added settings.backupConfiguration.backupRetentionSettings and settings.backupConfiguration.transactionLogRetentionDays fields to SQLInstance.

Made materializedView.query field in BigQueryTable immutable.

Deprecated nicType field in ComputeInstanceTemplate.

Added support for acquisitions of Folder using displayName and folderRef/organizationRef.

Fixed incorrect file extension for Terraform files output by the config-connector CLI.

March 23, 2021

Config Connector version 1.43.0 is now available

config-connector CLI now supports a flag to filter out deleted IAM members

Added support for IAPBrand (no config-connector CLI support)

Added support for IAPIdentityAwareProxyClient (no config-connector CLI support)

Conflict Prevention is now turned off by default. The current implementation results in the Ready condition destabilizing despite the resource reflecting user-desired state.

Work is enqueued to improve this behavior, but the functionality is turned off for new resources in the interim.

Webhook certificates that do not contain a SAN are now re-created on upgrade of the Config Connector operator.

Added support for folderRef and organizationRef in Project and Folder.

March 12, 2021

Config Connector version 1.42.0 is now available.

Increase resource limits of webhook, recorder and deletiondefender workloads

On upgrade, ensure that your cluster has sufficient CPU/Memory to allocate if you have seen Pod Unschedulable errors

Added operation field into ContainerNodePool

Ensure that CLI will not terminate on particular problematic resources when on-error is set with ignore or continue

Miscellaneous bug fixes

March 05, 2021

Config Connector version 1.41.0 is now available.

Added targetGRPCProxyRef field in ComputeForwardingRule.

Added insightsConfig field in SQLInstance.

Added transitEncryptionMode field in RedisInstance. Also added serverCaCerts to the status of RedisInstance.

Updated the format of the version tag to v0.0.0 so that Config Connector v1.41.0 and above can be fetched as a Go module. (Issue #408)

February 26, 2021

Config Connector version 1.40.0 is now available

Added support for DataprocAutoscalingPolicy (no config-connector CLI support, expected Q2)

Added support for DataprocCluster (no config-connector CLI support, expected Q2)

Added support for DataprocWorkflowTemplate (no config-connector CLI support, expected Q2)

Added support for MemcacheInstance

New field for ComputeInstance: nicType

New fields for ComputeInstanceTemplate: nicType and resourcePolicies

New status field for BigQueryJob: status

Go client is no longer nested under generated folder.

February 22, 2021

Config Connector version 1.39.0 is now available

Alpha release of Go types and clients for Config Connector resources

Added support for CloudSchedulerJob resource

Reverted webhook port to 443 to alleviate forwarding rule issue on GKE private clusters

Fixed issue with aggressive retrying of failed updates leading to exhausting quota

Fixed issue with ArtifactRegistryRepository always failing to update

February 09, 2021

Config Connector version 1.38.1 is now available

Miscellaneous bug fixes

February 05, 2021

Config Connector version 1.38.0 is now available

Added resourceID support to: ContainerCluster, ContainerNodePool, SourceRepoRepository and AccessContextManager resources

config-connector bulk-export now operates on LoggingLogSink resources

Increased CPU and Memory limit for ConfigConnector Operator

January 27, 2021

Config Connector version 1.37.0 is now available.

Added a column Status Age showing the last transition time for the value in Status, and added the column Age back to the default output of kubectl get for all Config Connector resources. Improved the value at Status and Ready columns to match against the condition name.

Added resourceID support for ArtifactRegistryRepository, Bigtable resources, DataflowJob, DNS resources, Monitoring resources, RedisInstance, ResourceManagerLien, SecretManagerSecret, Spanner resources, StorageTransferJob.

Fixed the issue with the legacy Common Name field on x509 certificate. Config Connector should be working on clusters of K8s 1.19+. (Issue #335)

January 22, 2021

Config Connector version 1.36.0 is now available

Added a column 'Ready' showing the value of the .status.conditions[0] (the ready condition), and associated Status to the default output of kubectl get for all Config Connector resources.

Added support for referencing an organization to IAMCustomRole.

Added a new sub-command to the CLI, config-connector print-resources which shows all config connector resources and their associated level of export and bulk-export support.

Reduce the memory usage of deletiondefender and controller-manager in high-scale scenarios (1000+ resources under management).

Added resourceID support to the Compute resources.

January 13, 2021

Config Connector version 1.35.0 is now available.

Added resourceID support for: SQL resources, Pub/Sub resources, LoggingLogSink, StorageBucket, KMS resources, IAMCustomRole.

Added support for the MonitoringGroup resource.

January 06, 2021

Config Connector version 1.34.0 is now available.

Added support for IAM Member References. This allows users to create an IAMPolicyMember that references another resource as the IAM member (e.g. IAMServiceAccount, LoggingLogSink). For more information, see the memberFrom field in the IAMPolicyMember reference documentation. Support for IAM Member References is added only to IAMPolicyMember, not IAMPolicy.

Added support for the GameServicesRealm resource.

Added IAM support for ComputeDisk.

Added cacheMode, clientTtl, defaultTtl, maxTtl, negativeCaching, negativeCachingPolicy, serveWhileStale, and customResponseHeaders fields to ComputeBackendBucket.

Added customTimeBefore, daysSinceCustomTime, daysSinceNoncurrentTime, and noncurrentTimeBefore fields to StorageBucket.

Allow for IAMPolicy, IAMPolicyMember, and IAMAuditConfig to reference resources in other namespaces.

Added support for UpdateFailed, DeleteFailed, DependencyNotFound, and DependencyNotReady events to IAMPolicy, IAMPoicyMember, IAMAuditConfig.

Allow for Project and Folder resources to be migrated across folders and organizations by updating the folder-id/organization-id annotation. Only folder-to-folder or organization-to-organization migrations are allowed; folder-to-organization migrations or vice versa are not yet supported.

December 09, 2020

Config Connector version 1.33.0 is now available.

Added support for the ComputeProjectMetadata resource

Added resourceID field to ServiceUsageService and StorageNotification

Added computeResponseHeaders field to ComputeBackendService

Added maintenancePolicy.maintenanceExclusion field to ContainerCluster

Added description and disabled fields to LoggingLogSink

DataflowJobs can now be acquired via name

Added IAM support to BigtableTable

December 01, 2020

Config Connector version 1.32.0 is now available.

Added the resourceID field to Folder, BigQueryTable, BigQueryJob, and BigQueryDataset. (Issue #147 and #128)

Added the customResponseHeaders field to ComputeBackendService.

Added the maintenancePolicy.maintenanceExclusion field to ContainerCluster.

Added the description and disabled fields to LoggingLogSink.

Added "ORC" as a new available value to the CRD description of externalDataConfiguration.sourceFormat field in BigQueryTable.

Fixed the bug that the Bigtable Garbage Collection Policy can't be created via the Config Connector BigQueryGCPolicy resource. (Issue #300)

November 29, 2020

Config Connector version 1.31.1 is now available

Miscellaneous fixes and improvements

November 23, 2020

Config Connector version 1.31.0 is now available

Added support for the ComputeTargetGRPCProxy resource

Added support for the ResourceManagerLien resource

Fixed issue where IAMPolicyMember and IAMPolicy resources cannot be deleted if an invalid configuration is applied (such as referencing a non-existent resource)

Fixed issue where notificationConfig.pubsub.topicRef was not usable

November 10, 2020

Config Connector version 1.30.0 is now available.

Added support for the MonitoringAlertPolicy resource.

Added maintenancePolicy field to ComputeNodeGroup.

Added exclusions field to LoggingLogSink.

Added authEnabled field to RedisInstance.

Added interface field to ComputeDisk.

Added mtu field to ComputeNetwork.

Added privateIpv6GoogleAccess field to ComputeSubnetwork.

Added confidentialNodes field to ContainerCluster.

Added skipInitialVersionCreation field to KMSCryptoKey.

Added "Immutable." to CRD descriptions for immutable fields in IAMPolicy, IAMPolicyMember, IAMAuditConfig.

Added more field descriptions.

Fixed bug where DataflowJob would fail to create if zone is unspecified even if region is specified.

Fixed bug in operator where ConfigConnector was not being re-enqueued for reconciliation when there is an error during reconciliation.

November 06, 2020

Config Connector version 1.29.0 is now available.

Field descriptions now document immutability.

DataflowJob labels are now mutable.

October 28, 2020

ConfigConnector version 1.28.0 released

Add spec.requestProjectPolicy field to ConfigConnectorContext CRD

October 21, 2020

Added support for externally referencing billing account and organizations in IAMPolicyMember

Added LoggingLogSink resource for creating log sinks at project, folder, and organization scopes

Added ResourceManagerPolicy resource for setting organization policy at project, folder, and organization scopes

October 19, 2020

Fixes "413 Request Entity Too Large" seen across multiple resource types

Adds support for MonitoringNotificationChannel

October 15, 2020

Support export sub-command in the config-connector CLI

Add support for the AccessContextManagerServicePerimeter resource

Add support for Folder-level IAM Audit Configs

Fix deadLetterTopicRef in the PubSubSubscription resource (Issue #281)

October 07, 2020

Add support for the DataflowFlexTemplateJob resource

Add the transformNameMapping field to DataflowJob

Add the auditConfigs field to IAMPolicy

Add the loadBalancerType, datapathProvider, and notificationConfig fields to ContainerCluster

Add the artifacts and options fields to CloudBuildTrigger

Add support for the GRPC protocol for ComputeBackendService

Add logic to auto-trigger server-side apply metadata on resources on K8s clusters with server-side apply enabled (i.e. K8s 1.16+)

Fix issue where kubectl get gcp did not include IAMPolicy, IAMPolicyMember, and IAMAuditConfig resources (Issue #286)

October 02, 2020

Added Cloud IAM support for ComputeImage.

Fixed an issue where an IAMPolicy cannot be deleted when the externally referenced resource does not exist.

Fixed an infinite diff condition on spec.minMasterVersion.

September 03, 2020

BigtableInstance: numNodes on resources is now optional. You can then programmatically scale your Bigtable instances. You cannot add the numNodes field after creating a BigtableInstance.

For production instances where the numNodes will be managed by Config Connector, this field is required with a minimum of 1. For a development instance or for an existing instance where the numNodes is managed outside of Config Connector, this field must be left unset.

August 27, 2020

Support referencing org-level IAM custom roles for IAMPolicy/IAMPolicyMember

Increase support for cross-project references

August 19, 2020

Add support for configuring Bigtable garbage collection policies with the BigtableGCPolicy resource

Fixes issue where SQLUser would constantly update despite there being no changes.

Fix issue where Deletion Defender would sometimes panic during uninstallation of Config Connector, preventing uninstallation to complete.

Performance improvements.

August 13, 2020

The Config Connector GKE Add-on is launched to GA. Users can now enable the GKE Add-on on cluster creation with the gcloud CLI or on the Cloud Console.

Add support for BigtableAppProfile

August 08, 2020

Added support for BigtableTable

Fix a bug where a CRD would be marked as uninstalling on a dryrun delete

July 31, 2020

Add support for ArtifactRegistryRepository

Changes DataflowJob to allow for spec.parameters and spec.ipConfiguration to be updateable

Fixes issue that was causing ContainerNodePool and SQLDatabase to display UpdateFailed due to the referenced ContainerCluster or SQLDatabase not being ready

Fixes issue preventing the creation of BigQuery resources that read from Google Drive files due to insufficient OAuth 2.0 scopes

Fixes issue causing SourceRepoRepository to constantly update even when there were no changes

July 21, 2020

bug fixes and performance improvements

July 16, 2020

Add support for allowing fields not specified by the user to be externally-managed (i.e. changeable outside of Config Connector). This feature can be enabled for a resource by enabling K8s server-side apply for the resource, which will be the default for all K8s resources starting in K8s 1.18. More detailed docs about the feature coming soon.

Operator improvement: add support for cluster-mode set-ups, which allows users to use one Google Service Account for all namespaces in their cluster. This is very similar to the traditional "Workload Identity" installation set-up.

Fix ContainerCluster validation issue (Issue #242).

Fix OOM issue for the cnrm-resource-stats-recorder pod (Issue #239).

Add support for projectViewer prefix for members in IAMPolicy and IAMPolicyMember (Issue #234).

Reduce spec.revisionHistoryLimit for the cnrm-stats-recorder and cnrm-webhook-manager Deployments from 10 (the default) to 1.

July 09, 2020

Added support for SecretManagerSecret

July 01, 2020

Config Connector now supports --server-dry-run for resource CRDs.

Fix a bug for the BigtableInstance resource that causes constant reconciliation.

Deprecate BigtableInstance's spec.deletionProtection field.

June 25, 2020

Add an option, iam-format, to config-connector to control IAM output, options are policy, policymember, or none.

ComputeForwardingRule's target field now supports referencing a ComputeTargetSSLProxy and ComputeTargetTCPProxy.

DataFlowJob's serviceAccountEmail, network, subnetwork, machineType, and ipConfiguration fields now support updates.

Fix an issue where config-connector would error on a Project resource.

June 16, 2020

You can use config-connector tool to export Google Cloud resources into Config Connector: documentation

Bug fixes

June 12, 2020

Added ability to update streaming DataflowJobs by updating its spec (e.g. spec.templateGcsPath). Note that not all fields can be updated, and batch DataflowJobs don't support updates.
Added IAMPolicy to the output of config-connector

June 03, 2020

Miscellaneous bug fixes and improvements

May 29, 2020

Added support for SQLSSLCert

Supported acquisition of backends added to Compute Backend Services out-of-band of Config Connector

Fixed support for autoscaling and manually resizing node pools with ContainerNodePool

May 27, 2020

Added support for BigQueryJob resource

May 19, 2020

Bug fixes and reliability improvements

Improving handling of scenarios when version field on ContainerNodePool is updated externally

May 15, 2020

fix ContainerNodePool version upgrade scenario

increase the cpu/memory request for webhook and recorder

Miscellaneous bug fixes and improvement

April 30, 2020

Fixes for the examples for the following resources: CloudBuildTrigger, AccessContextManager, ComputeDisk, and ComputeSubNetwork

Reduced memory requirements for deletion defender, recorder, and webhook. Reduced cpu requirements for recorder and webhook Increased CPU for the manager controller from 100m to 200m.

Ensure the webhook process does not signal it is ready until it is serving HTTP traffic

April 21, 2020

Miscellaneous bug fixes and improvements

April 14, 2020

Added readiness probes to Config Connector pods

April 10, 2020

Add the CloudBuildTrigger resource

Add the SourceRepoRepository resource

miscellaneous bug fixes and improvements

April 02, 2020

Fixed the ComputeInstance idempotency issue

March 25, 2020

Add "Deletion Defender" workload -- a pod whose job is to ensure that only resources meant to trigger a delete on the underlying API do so. If this workload goes down for whatever reason, the controller is prevented from performing deletions, thus protecting against accidental deletions in the case of cascading deletions prompted by uninstalling CRDs.

Add support for structured metadata list for ComputeInstance and ComputeInstanceTemplate in the form of a spec.metadata field.

March 23, 2020

Fixed label update issue on ContainerCluster (https://github.com/GoogleCloudPlatform/k8s-config-connector/issues/110)

Bumped memory request and limit for the manager pod as resource usage has gone up and the original limit of 256 Mi was found to not be sufficient for large customers

Changed admission webhooks to return non-200 error codes when denying admission

March 18, 2020

miscellaneous bug fixes and improvements

March 10, 2020

ComputeHealthCheck's location field now supports supplying a region

Fixed an issue with deleting StorageBucketAccessControl when the ServiceAccount did not exist: https://github.com/GoogleCloudPlatform/k8s-config-connector/issues/39

With the exception of role-bindings, moved all system components for namespaced mode into the cnrm-system, note: you must completely uninstall and reinstall to upgrade namespaced mode completely for this release.

Added a version annotation to the Config Connector manifests

February 26, 2020

Added support for DataflowJob resource

February 21, 2020

Added support for ComputeNetworkEndpointGroup resource

February 17, 2020

Added support for DNSPolicy resource

February 09, 2020

Added support for ComputeResourcePolicy resource

January 23, 2020

Config Connector has reached General Availability (GA).

Config Connector now supports configuring Google Cloud resources with sensitive data in GKE Secrets.

Config connector now supports authenticating to multiple Google Service Accounts using different Kubernetes Service accounts in your Config Connector cluster using Namespaced mode.

Some Config Connector resources now support directives, which allow Config Connector to take additional actions beyond creating or deleting resources. For more information, see Resources

January 09, 2020

Added support for DNSRecordSet, Project and ServiceUsage resources

January 02, 2020

Added external resource reference support for IAMPolicy and IAMPolicyMember

Improved initial Prometheus metrics

December 23, 2019

Add support for ComputeNodeTemplate

Add initial support for exporting prometheus metrics

No longer run system components as root

Add a specific ResourceReference structure to IAMPolicy and IAMPolicyMember

December 17, 2019

Added the external field to support the external resource references

Added support for ComputeTargetTCPProxy

December 12, 2019

Added support for SpannerDatabase

November 26, 2019

Added support for ServiceNetworkingConnection and ComputeTargetHTTPSProxy

November 21, 2019

Added support for ComputeInterconnectAttachment, ComputeSSLProxy, ComputeTargetSSLProxy, (Regional)ComputeDisk

November 06, 2019

Added support for FirestoreIndex, ComputeRouterInterface, ComputeRoute, ComputeRouterPeer

November 01, 2019

New resources supported: IAMPolicyMember, BigQueryTable, ComputeVPNTunnel, ComputeImage, ComputeSnapshot, ComputeBackendBucket, ComputeDisk, ComputeSSLCertificate, ComputeHTTPHealthCheck, ComputeRouterNAT, ComputeExternalVPNGateway, ComputeRouter, ComputeVPNTunnel, DNSManagedZone, StorageNotification

Breaking namespace changes for the following resources: - GlobalComputeAddress: v1alpha2->v2apha3 - ComputeNetwork: v1alpha2->v1alpha3 - ComputeSubnetwork: v1alpha2->v1alpha3 - ComputeBackendService: v1alpha2->v1alpha3 - ComputeHealthCheck: v1alpha2->v1alpha3 - ComputeFirewall: v1alpha2->v1alpha3

October 22, 2019

Added new resources and samples for BigQueryTable, ComputeExternalVPNGateway

October 15, 2019

Bump compute api group version to v1alpha2

rename ComputeGlobalForwardingRule to ComputeForwardingRule
add required location field to the following existing resources: ComputeAddress, ComputeBackendService, ComputeForwardingRule, ComputeHealthCheck, ComputeTargetHttpProxy, ComputeURLMap
ComputeAddress CRD now supports both global and regional compute addresses

Add the following new resources with samples: ComputeNetworkPeering, ComputeTargetVPNGateway, ComputeVpnGateway, IAMCustomRole, ComputeHTTPSHealthCheck, ComputeSharedVPCHostProject, ComputeRouter

October 08, 2019

New gcp category in CRDs, so you can view Config Connector resources via kubectl get gcp

September 30, 2019

Config Connector now supports GKE workload identity

Added the ContainerNodePool resource

September 20, 2019

Adding ComputeGlobalForwardingRule resource and examples

September 13, 2019

Fixed an issue with creating service account keys across projects.

September 09, 2019

Update samples for version 0.1.2

September 03, 2019

Added ComputeTargetHTTPProxy, ComputeBackendService, ComputeFirewall, ComputeUrlMap resources

Samples updates for newly added resources, as well bigtablecluster, bigtableinstance, iampolicy

August 16, 2019

Config Connector v0.1.1 is now available in Beta.