Deployment Manager Convert (DM Convert) is a tool you can use to convert your Deployment Manager configurations and templates to other declarative configuration formats that Google supports. Google currently supports Kubernetes Resource Model (KRM) and Terraform.
Why convert to KRM or Terraform?
KRM and Terraform are popular options for managing Google Cloud services and infrastructure. They offer actively-updated ecosystems, with support for modern features such as Secrets management and continuous reconciliation (for KRM).
Kubernetes Resource Model (KRM)
KRM is a paradigm for building APIs and resource definitions for declarative configuration management. It represents Google Cloud resources as Custom Resource Definitions (CRDs). For example, you can define an instance of a Cloud Spanner database in KRM as:
apiVersion: spanner.cnrm.cloud.google.com/v1beta1 kind: SpannerInstance metadata: name: spanner-instance-sample spec: config: regional-us-west1 displayName: Spanner Instance Sample numNodes: 2
KRM's features include continuous reconciliation using Operators, easy-to-read declarative configuration files, and integrations with other Kubernetes tools. For example, when you use the Config Connector add-on for Kubernetes, you can apply changes to your configuration files by running the following command:
kubectl apply -f
Terraform is an open-source tool for provisioning infrastructure. You can use Terraform to write declarative configurations to manage your Google Cloud services and resources.
Supported types and type providers
DM Convert converts Deployment Manager configuration YAML files and Jinja or Python template files to KRM or Terraform configuration files.
To check the current status of DM Convert's support for type providers and
resource types, you can use the
Understanding how DM Convert translates concepts across formats
The following table shows how DM Convert translates concepts from Deployment Manager into KRM and Terraform:
|Deployment Manager concept||KRM/Config Connector conversion||Terraform conversion|
|References||Resource references, if the KRM schema defines the field as a reference. If the KRM schema doesn't define the field as a reference, the Deployment Manager reference is replaced with its resolved value.||Terraform references look and behave similarly to Deployment Manager references.|
|Explicit dependencies (
||No support for explicit dependency ordering. Resources actuate in an eventually-consistent manner.||
|Identity and Access Management (IAM) Bindings (authoritative
|IAM Bindings (nonauthoritative
|Composite types||Composite types are deprecated. DM Convert doesn't convert them.||Composite types are deprecated. DM Convert doesn't convert them.|
|Actions, custom type providers, and outputs||Not supported.||Actions that have declarative equivalents in Terraform are converted. For more details, refer to Support for Actions.|
Support for Actions in DM Convert (for Terraform)
Actions is a Preview feature for Deployment Manager that extends the set of available API methods. Actions is unsupported, and DM Convert doesn't convert Actions that don't have declarative equivalents in Terraform, such as:
Patch, delete, and list APIs
APIs defined in custom type providers
Custom APIs, such as
DM Convert does support conversion to Terraform equivalents for Actions in the following cases:
It replaces Action calls to APIs that insert a resource with equivalent Terraform resources. For example,
action: gcp-types/storage-v1:storage.buckets.insertconverts to
It converts Action calls to APIs that get a resource to Terraform
datatypes whenever possible. For example,
actions: gcp-types/compute-v1:compute.subnetworks.getconverts to
setIamPolicycommands to either
*_iam_member(non-authoritative) resources, depending on whether or not they're used with
For information on migrating usage of Actions to declarative alternatives within Deployment Manager, visit Replacing usage of Actions.
Data collection in DM Convert
What we collect, by default
By default, the DM Convert tool sends anonymous usage data to Google to help us maintain and improve the tool. When the DM Convert tool executes, data about the requested operation, the success of the operation, and the timing of the conversion is collected. This data is anonymous, and excludes any personally identifiable information, sensitive data, or customer content.
The usage data might contain:
Conversion command input parameters: We record the parameter values of your conversion command when running the tool, including the output format (KRM or Terraform) and boolean representations of whether other flags are specified (we don't collect the specific values of those flags).
Conversion result: We record the results of the conversion, including the conversion status (
FAILURE) as well as the error code and error message, if an issue occurs.
Conversion time: We record the start and end times of the conversion.
How we use this data
Google collects and processes the usage data to:
Understand how the tool is used, including which features and settings are most popular.
Diagnose unsuccessful usage of the tool, and provide guidance to users seeking technical assistance.
Improve the tool by resolving issues and potentially increasing feature coverage.
Opting out of data collection
Google collects usage data by default when you execute a conversion, but this data collection can be disabled.
To disable the data collection for a specific conversion, you can specify the
--opt_out_data_collection=true in your conversion command. To
continue to opt out of this data collection going forward, you must specify the
flag every time that you run a conversion.
To enable the data collection for a specific conversion, you can specify the
--opt_out_data_collection=false in your conversion command, or omit the
flag from your command.