Managing and deleting resources

Learn how Config Connector manages an existing resource and handles deleting resources .

Creating a resource

When you create a resource, Config Connector creates the resource if it doesn't exist. If a Google Cloud resource already exists with the same name, then Config Connector acquires the resource and manages it.

To learn more about creating resources, see Getting started .

You can also manage the resources using the resourceID field. To learn more, see Managing resources with the resourceID field .

Acquiring an existing resource

This section describes how you acquire an existing BigQuery resource with Config Connector.

Before you begin

1. Enable the BigQuery API .
2. Confirm you have access to the bq command line tool. If you don't have bq , use Cloud Shell or install it with the gcloud CLI .

Acquiring a BigQuery dataset

Config Connector acquires, or takes control of, resources when the values in the manifest and the resource name match. If a resource does not have a name (for example, a Project ID), the ID of the resource is used.

By creating an empty BigQuery dataset and then acquiring the dataset with Config Connector, you learn how Config Connector handles existing resources.

1. Create a BigQuery dataset named bigquerydatasetsample with bq .

    bq --location=US mk \ 
   --dataset \
   --default_table_expiration 3600 \
   --description description \ PROJECT_ID 
   :bigquerydatasetsample

2. Copy the following contents into a file named bq-sample.yaml .

      
    apiVersion 
    : 
     
    bigquery.cnrm.cloud.google.com/v1beta1 
     
    kind 
    : 
     
    BigQueryDataset 
     
    metadata 
    : 
     
    name 
    : 
     
    bigquerydatasetsample 
     
    spec 
    : 
     
    defaultTableExpirationMs 
    : 
     
    3600000 
     
    description 
    : 
     
    "BigQuery 
     
    Dataset 
     
    Sample" 
     
    friendlyName 
    : 
     
    bigquerydataset-sample 
     
    location 
    : 
     
    US 
    
   

3. Apply the yaml to your cluster.

   kubectl apply --namespace CC_NAMESPACE 
   -f bq-sample.yaml

   Replace CC_NAMESPACE with the namespace Config Connector manages resources from.

4. Use kubectl describe to see details on the dataset.

   kubectl describe --namespace CC_NAMESPACE 
   bigquerydataset bigquerydatasetsample

   Replace CC_NAMESPACE with the namespace Config Connector manages resources from.

   The output from kubectl describe includes metadata on the resource's status and ownership.

Deleting the dataset

By default, after Config Connector acquires and manages a resource, deleting the object from your cluster will delete the resource. If you prefer to keep the dataset, set the resource's deletion-policy .

For example, deleting the manifest that acquired bigquerydataset-sample will delete the dataset from BigQuery.

1. You can delete the bigquerydataset-sample dataset with kubectl delete .

   kubectl delete --namespace CC_NAMESPACE 
   -f bq-sample.yaml

   Replace CC_NAMESPACE with the namespace Config Connector manages resources from.

   The output of kubectl confirms the deletion. bigquerydataset.bigquery.cnrm.cloud.google.com "bigquerydatasetsample" deleted

2. Use bq to confirm the dataset no longer exists.

   bq show PROJECT_ID 
   :bigquerydatasetsample

   The output of the command includes Not Found .

Resources with restrictions around acquisition

Resources with a service-generated resource ID

You can only acquire Google Cloud resources which have a service-generated resource ID by using the resourceID field.

The following Config Connector resources correspond to Google Cloud resources which have a service-generated resource ID:

• AccessContextManagerAccessPolicy
• ApigeeOrganization
• BillingBudgetsBudget
• CloudIdentityGroup
• CloudIdentityMembership
• ComputeFirewallPolicy
• DLPDeidentifyTemplate
• DLPInspectTemplate
• DLPJobTrigger
• DLPStoredInfoType
• Folder
• IAPBrand
• IAPIdentityAwareProxyClient
• IdentityPlatformTenant
• MonitoringAlertPolicy
• MonitoringGroup
• MonitoringNotificationChannel
• MonitoringUptimeCheckConfig
• RecaptchaEnterpriseKey
• ResourceManagerLien
• SQLSSLCert
• SecretManagerSecretVersion
• StorageNotification
• StorageTransferJob
• VertexAIDataset
• VertexAIIndex

To learn about how to use the resourceID field, see Managing resources with the resourceID field .

Resources that cannot be acquired

The following Config Connector resources do not have support for acquiring existing Google Cloud resources:

• DataflowFlexTemplateJob
• FirestoreIndex
• IAMServiceAccountKey

Keeping resources after deletion

  ... 
 metadata 
 : 
  
 annotations 
 : 
  
 cnrm.cloud.google.com/deletion-policy 
 : 
  
 abandon 
 ... 
 

For example, the YAML for the BigQuery dataset described earlier including the abandon deletion policy is below:

  apiVersion 
 : 
  
 bigquery.cnrm.cloud.google.com/v1beta1 
 kind 
 : 
  
 BigQueryDataset 
 metadata 
 : 
  
 name 
 : 
  
 bigquerydatasetsample 
  
 annotations 
 : 
  
 cnrm.cloud.google.com/deletion-policy 
 : 
  
 abandon 
 spec 
 : 
  
 defaultTableExpirationMs 
 : 
  
 3600000 
  
 description 
 : 
  
 "BigQuery 
  
 Dataset 
  
 Sample" 
  
 friendlyName 
 : 
  
 bigquerydataset-sample 
  
 location 
 : 
  
 US 
 

What's next

• Learn about how Config Connector models Google Cloud resources with Kubernetes constructs .
• See the Google Cloud resources Config Connector can manage.
• See additional examples of how to use Config Connector on the GitHub repository .
• Learn how Kubernetes handles declarative configuration of objects.