Release notes

This page documents production updates to Config Connector. Check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

You can see the latest product updates for all of Google Cloud on the Google Cloud release notes page.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly:

June 25, 2020

Add an option, iam-format, to config-connector to control IAM output, options are policy, policymember, or none.

ComputeForwardingRule's target field now supports referencing a ComputeTargetSSLProxy and ComputeTargetTCPProxy.

DataFlowJob's serviceAccountEmail, network, subnetwork, machineType, and ipConfiguration fields now support updates.

Fix an issue where config-connector would error on a Project resource.

June 16, 2020

You can use config-connector tool to export Google Cloud resources into Config Connector: documentation

Bug fixes

June 12, 2020

  • Added ability to update streaming DataflowJobs by updating its spec (e.g. spec.templateGcsPath). Note that not all fields can be updated, and batch DataflowJobs don't support updates.
  • Added IAMPolicy to the output of config-connector

June 03, 2020

Miscellaneous bug fixes and improvements

May 29, 2020

Added support for SQLSSLCert

Supported acquisition of backends added to Compute Backend Services out-of-band of Config Connector

May 27, 2020

Added support for BigQueryJob resource

May 19, 2020

Bug fixes and reliability improvements

Improving handling of scenarios when version field on ContainerNodePool is updated externally

May 15, 2020

fix ContainerNodePool version upgrade scenario

increase the cpu/memory request for webhook and recorder

Miscellaneous bug fixes and improvement

April 30, 2020

Fixes for the examples for the following resources: CloudBuildTrigger, AccessContextManager, ComputeDisk, and ComputeSubNetwork

Reduced memory requirements for deletion defender, recorder, and webhook. Reduced cpu requirements for recorder and webhook Increased CPU for the manager controller from 100m to 200m.

Ensure the webhook process does not signal it is ready until it is serving HTTP traffic

April 21, 2020

Miscellaneous bug fixes and improvements

April 14, 2020

Added readiness probes to Config Connector pods

April 10, 2020

Add the CloudBuildTrigger resource

Add the SourceRepoRepository resource

miscellaneous bug fixes and improvements

April 02, 2020

March 25, 2020

Add "Deletion Defender" workload -- a pod whose job is to ensure that only resources meant to trigger a delete on the underlying API do so. If this workload goes down for whatever reason, the controller is prevented from performing deletions, thus protecting against accidental deletions in the case of cascading deletions prompted by uninstalling CRDs.

Add support for structured metadata list for ComputeInstance and ComputeInstanceTemplate in the form of a spec.metadata field.

March 23, 2020

Fixed label update issue on ContainerCluster (

Bumped memory request and limit for the manager pod as resource usage has gone up and the original limit of 256 Mi was found to not be sufficient for large customers

Changed admission webhooks to return non-200 error codes when denying admission

March 18, 2020

miscellaneous bug fixes and improvements

March 10, 2020

ComputeHealthCheck's location field now supports supplying a region

Fixed an issue with deleting StorageBucketAccessControl when the ServiceAccount did not exist:

With the exception of role-bindings, moved all system components for namespaced mode into the cnrm-system, note: you must completely uninstall and reinstall to upgrade namespaced mode completely for this release.

Added a version annotation to the Config Connector manifests

February 26, 2020

Added support for DataflowJob resource

February 21, 2020

Added support for ComputeNetworkEndpointGroup resource

February 17, 2020

Added support for DNSPolicy resource

February 09, 2020

Added support for ComputeResourcePolicy resource

January 23, 2020

Config Connector has reached General Availability (GA).

Config Connector now supports configuring GCP resources with sensitive data in GKE Secrets.

Config connector now supports authenticating to multiple Google Service Accounts using different Kubernetes Service accounts in your Config Connector cluster using Namespaced mode.

Some Config Connector resources now support directives, which allow Config Connector to take additional actions beyond creating or deleting resources. For more information, see Resources

January 09, 2020

Added support for DNSRecordSet, Project and ServiceUsage resources

January 02, 2020

Added external resource reference support for IAMPolicy and IAMPolicyMember

Improved initial Prometheus metrics

December 23, 2019

Add support for ComputeNodeTemplate

Add initial support for exporting prometheus metrics

No longer run system components as root

Add a specific ResourceReference structure to IAMPolicy and IAMPolicyMember

December 17, 2019

Added the external field to support the external resource references

Added support for ComputeTargetTCPProxy

December 12, 2019

Added support for SpannerDatabase

November 26, 2019

Added support for ServiceNetworkingConnection and ComputeTargetHTTPSProxy

November 21, 2019

Added support for ComputeInterconnectAttachment, ComputeSSLProxy, ComputeTargetSSLProxy, (Regional)ComputeDisk

November 06, 2019

Added support for FirestoreIndex, ComputeRouterInterface, ComputeRoute, ComputeRouterPeer

November 01, 2019

New resources supported: IAMPolicyMember, BigQueryTable, ComputeVPNTunnel, ComputeImage, ComputeSnapshot, ComputeBackendBucket, ComputeDisk, ComputeSSLCertificate, ComputeHTTPHealthCheck, ComputeRouterNAT, ComputeExternalVPNGateway, ComputeRouter, ComputeVPNTunnel, DNSManagedZone, StorageNotification

Breaking namespace changes for the following resources: - GlobalComputeAddress: v1alpha2->v2apha3 - ComputeNetwork: v1alpha2->v1alpha3 - ComputeSubnetwork: v1alpha2->v1alpha3 - ComputeBackendService: v1alpha2->v1alpha3 - ComputeHealthCheck: v1alpha2->v1alpha3 - ComputeFirewall: v1alpha2->v1alpha3

October 22, 2019

Added new resources and samples for BigQueryTable, ComputeExternalVPNGateway

October 15, 2019

Bump compute api group version to v1alpha2

  • rename ComputeGlobalForwardingRule to ComputeForwardingRule
  • add required location field to the following existing resources: ComputeAddress, ComputeBackendService, ComputeForwardingRule, ComputeHealthCheck, ComputeTargetHttpProxy, ComputeURLMap
  • ComputeAddress CRD now supports both global and regional compute addresses

Add the following new resources with samples: ComputeNetworkPeering, ComputeTargetVPNGateway, ComputeVpnGateway, IAMCustomRole, ComputeHTTPSHealthCheck, ComputeSharedVPCHostProject, ComputeRouter

October 08, 2019

New gcp category in CRDs, so you can view Config Connector resources via kubectl get gcp

September 30, 2019

Config Connector now supports GKE workload identity

Added the ContainerNodePool resource

September 20, 2019

Adding ComputeGlobalForwardingRule resource and examples

September 13, 2019

Fixed an issue with creating service account keys across projects.

September 09, 2019

Update samples for version 0.1.2

September 03, 2019

Added ComputeTargetHTTPProxy, ComputeBackendService, ComputeFirewall, ComputeUrlMap resources

Samples updates for newly added resources, as well bigtablecluster, bigtableinstance, iampolicy

August 16, 2019

Config Connector v0.1.1 is now available in Beta.