Deployment Manager Convert (DM Convert) is a tool you can use to convert your Deployment Manager configurations and templates to other declarative configuration formats that Google supports. Google currently supports Terraform and Kubernetes Resource Model (KRM).
Why convert to Terraform or KRM?
Terraform and KRM are popular options for managing Google Cloud services and infrastructure. They offer actively-updated ecosystems, with support for modern features such as Secrets management and continuous reconciliation (for KRM).
Google works with HashiCorp to develop the Terraform provider for Google Cloud. In 2020, Google also launched Config Connector to help customers use Kubernetes to manage Google Cloud resource types.
Terraform
Terraform is an open-source tool for provisioning infrastructure. You can use Terraform to write declarative configurations to manage your Google Cloud services and resources using the Terraform provider for Google Cloud. For more information, refer to Terraform on Google Cloud.
Kubernetes Resource Model (KRM)
KRM is a paradigm for building APIs and resource definitions for declarative configuration management. It represents Google Cloud resources as Custom Resource Definitions (CRDs) and can be actuated using Config Controller.
Supported types and type providers
DM Convert converts Deployment Manager configuration YAML files and Jinja or Python template files to KRM or Terraform configuration files.
To check the current status of DM Convert's support for type providers and
resource types, you can use the --list-supported-types
flag.
Understanding how DM Convert translates concepts across formats
The following table shows how DM Convert translates concepts from Deployment Manager into KRM and Terraform:
Deployment Manager concept | KRM/Config Connector conversion | Terraform conversion |
---|---|---|
References | Resource references, if the KRM schema defines the field as a reference. If the KRM schema doesn't define the field as a reference, the Deployment Manager reference is replaced with its resolved value. | Terraform references look and behave similarly to Deployment Manager references. |
Explicit dependencies (depends_on ) |
No support for explicit dependency ordering. Resources actuate in an eventually-consistent manner. | depends_on |
Identity and Access Management (IAM) Bindings (authoritative accessControl blocks) |
IAMPolicy |
<resource_type>_iam_policy types (for example, google_pubsub_topic_iam_policy ) |
IAM Bindings (nonauthoritative iamMemberBinding types) |
IAMPolicyMember |
<resource_type>_iam_member (for example, google_project_iam_member ) |
Composite types | Composite types are deprecated. DM Convert doesn't convert them. | Composite types are deprecated. DM Convert doesn't convert them. |
Actions, custom type providers, and outputs | Not supported. | Actions that have declarative equivalents in Terraform are converted. For more details, refer to Support for Actions. |
Support for Actions in DM Convert (for Terraform)
Actions is a Preview feature for Deployment Manager that extends the set of available API methods. Actions is unsupported, and DM Convert doesn't convert Actions that don't have declarative equivalents in Terraform, such as:
Patch, delete, and list APIs
APIs defined in custom type providers
Custom APIs, such as
sqladmin-v1beta4:sql.instances.restart
DM Convert does support conversion to Terraform equivalents for Actions in the following cases:
It replaces Action calls to APIs that insert a resource with equivalent Terraform resources. For example,
action: gcp-types/storage-v1:storage.buckets.insert
converts togoogle_storage_bucket
.It converts Action calls to APIs that get a resource to Terraform
data
types whenever possible. For example,actions: gcp-types/compute-v1:compute.subnetworks.get
converts togoogle_compute_subnetwork
.It converts
setIamPolicy
commands to either*_iam_policy
(authoritative) or*_iam_member
(non-authoritative) resources, depending on whether or not they're used withgetIamPolicy
.
For information on migrating usage of Actions to declarative alternatives within Deployment Manager, visit Replacing usage of Actions.
Workflow for converting to Terraform
To use DM Convert to convert your Deployment Manager configurations to Terraform:
- Identify the Deployment Manager configuration you want to convert to Terraform.
- To make sure your resources are up-to-date, reconcile any active deployments of the configuration.
- To convert your configuration to Terraform, run the DM Convert tool locally.
- Verify that the generated Terraform configuration reflects the current state of your resources.
- Delete the Deployment Manager deployment. To preserve your resources when you delete the deployment, set
delete-policy
toabandon
.
We recommend that you follow Terraform best practices, such as:
For a detailed walkthrough of this workflow, refer to Converting your Deployment Manager configurations with DM Convert.
Data collection in DM Convert
What we collect, by default
By default, the DM Convert tool sends anonymous usage data to Google to help us maintain and improve the tool. When the DM Convert tool executes, data about the requested operation, the success of the operation, and the timing of the conversion is collected. This data is anonymous, and excludes any personally identifiable information, sensitive data, or customer content.
The usage data might contain:
Conversion command input parameters: We record the parameter values of your conversion command when running the tool, including the output format (KRM or Terraform) and boolean representations of whether other flags are specified (we don't collect the specific values of those flags).
Conversion result: We record the results of the conversion, including the conversion status (
SUCCESS
orFAILURE
) as well as the error code and error message, if an issue occurs.Conversion time: We record the start and end times of the conversion.
How we use this data
Google collects and processes the usage data to:
Understand how the tool is used, including which features and settings are most popular.
Diagnose unsuccessful usage of the tool, and provide guidance to users seeking technical assistance.
Improve the tool by resolving issues and potentially increasing feature coverage.
Opting out of data collection
Google collects usage data by default when you execute a conversion, but this data collection can be disabled.
To disable the data collection for a specific conversion, you can specify the
flag --opt_out_data_collection=true
in your conversion command. To
continue to opt out of this data collection going forward, you must specify the
flag every time that you run a conversion.
To enable the data collection for a specific conversion, you can specify the
flag --opt_out_data_collection=false
in your conversion command, or omit the
flag from your command.