Stay organized with collectionsSave and categorize content based on your preferences.
Resources
Config Connector includes a collection ofCustom Resource Definitions(CRDs). Each CRD allows you to configure a Google Cloud
resource from Kubernetes. Config Connector also allows you to leverage a number
of Kubernetes features for managing Google Cloud resources.
This page introduces you to how Config Connector uses Kubernetes objects and
their metadata.
Kubernetes objects and Config Connector resources
For example, when you create aKubernetes Objectofkind: SQLInstance, Config Connector creates a Cloud SQL Instance.
This section describes how Config Connector extends object types.
Thespecfield contains all the fields that define an object's desired
state, with the exception ofLabels. The subfields of aspecrefer to the associated Google Cloud resource. When you change a
subfield, the Google Cloud resource's value iseventually consistentwith your intended value.
An example of a writable field isdatabaseVersionin a SQLInstance
resource.
Status
Thestatusfield is read-only and contains the current state of your object.
Config Connector periodically reads information on your Google Cloud
resource and updates thestatus. You can check a resource's error messages
or readiness by looking at theStatus.Condition.
An example read-onlystatusfield is theconnectionNameof a
SQLInstance resource.
Object metadata
Each Config Connector resource includes ametadatafield. This section describes how Config Connector uses subfields within
metadata.
Name
The name of a Config Connector resource. It should follow thenaming conventionof a Kubernetes object name. It is used by default as the name of the
corresponding Google Cloud resource. If theresourceIDfield is
supported in the Config Connector resource, you can specify a different
name, which follows the naming convention of the Google Cloud
resource, for the corresponding Google Cloud resource in thespec.resourceIDfield. For more information, seeManaging resources with theresourceIDfield.
Namespace
The namespace you create a Config Connector resource in determines the
project that contains the Google Cloud resource. For more on
namespaces, seeKubernetes Namespaces and Google Cloud Projects.
Labels
Labels in the metadata field of a Config Connector resource are also added
to the associated Google Cloud resource.
In addition, Config Connector adds a system label namedmanaged-by-cnrmwith a value oftrueto your Google Cloud resources.
Annotations
Config Connector can take additional actions on your resources that are
not defined in thespec. These actions are defined in subfields ofmetadata.annotations. Annotation valuesmustbe a string.
The types of annotations Config Connector supports
are described inannotations.
Folders and hierarchical resources
In addition to managing resources in Google Cloud products,
Config Connector supports creating and managing resources within
Google CloudFolders and Organizations.
For more information, seeNamespaces and projects.
Config Connector uses a ready condition instatus.conditionfor two purposes:
indicating when a resource is ready. When a resource is reconciled and
ready, itsstatus.condition.statuswill be set toTrue. To check when
a resource is ready, seeWaiting for resources to be ready
displaying additional error or information. The ready
condition hasMessageandReasonfields which provide additional
information on the resource's status.
Events
Important status changes for Config Connector resources are visible as
Kubernetes events. For more information, seeViewing events.
Declarative configuration and eventual consistency
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eConfig Connector allows the configuration of Google Cloud resources using Kubernetes Custom Resource Definitions (CRDs), extending Kubernetes capabilities.\u003c/p\u003e\n"],["\u003cp\u003eEach Config Connector resource includes a \u003ccode\u003espec\u003c/code\u003e field, defining the desired state of the object, and a read-only \u003ccode\u003estatus\u003c/code\u003e field, reflecting the current state as observed in Google Cloud.\u003c/p\u003e\n"],["\u003cp\u003eConfig Connector resources utilize Kubernetes object metadata, including names, namespaces, and labels, with labels being mirrored to the associated Google Cloud resource.\u003c/p\u003e\n"],["\u003cp\u003eConfig Connector supports \u003ccode\u003emetadata.annotations\u003c/code\u003e, which allows users to define actions not within \u003ccode\u003espec\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eConfig connector displays error information and if the resource is ready through \u003ccode\u003estatus.condition\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Resources\n=========\n\n*** ** * ** ***\n\nConfig Connector includes a collection of\n[Custom Resource Definitions](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)\n(CRDs). Each CRD allows you to configure a Google Cloud\nresource from Kubernetes. Config Connector also allows you to leverage a number\nof Kubernetes features for managing Google Cloud resources.\n\nThis page introduces you to how Config Connector uses Kubernetes objects and\ntheir metadata.\n\nKubernetes objects and Config Connector resources\n-------------------------------------------------\n\nFor example, when you create a\n[Kubernetes Object](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/)\nof `kind: SQLInstance`, Config Connector creates a Cloud SQL Instance.\nThis section describes how Config Connector extends object types.\n\n### Spec and Status\n\nEach Config Connector resource is a\n[Kubernetes object](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/)\nwith a\n[`Spec` and a `Status`](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#object-spec-and-status).\n\nSpec\n: The `spec` field contains all the fields that define an object's desired\n state, with the exception of [`Labels`](#labels). The subfields of a `spec`\n refer to the associated Google Cloud resource. When you change a\n subfield, the Google Cloud resource's value is\n [eventually consistent](#declarative_configuration_and_eventual_consistency) with your intended value.\n: An example of a writable field is `databaseVersion` in a SQLInstance\n resource.\n\nStatus\n: The `status` field is read-only and contains the current state of your object.\n Config Connector periodically reads information on your Google Cloud\n resource and updates the `status`. You can check a resource's error messages\n or readiness by looking at the [`Status.Condition`](#status_condition).\n: An example read-only `status` field is the `connectionName` of a\n SQLInstance resource.\n\nObject metadata\n---------------\n\nEach Config Connector resource includes a\n[metadata](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/#attaching-metadata-to-objects)\nfield. This section describes how Config Connector uses subfields within\nmetadata.\n\nName\n: The name of a Config Connector resource. It should follow the\n [naming convention](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names)\n of a Kubernetes object name. It is used by default as the name of the\n corresponding Google Cloud resource. If the `resourceID` field is\n supported in the Config Connector resource, you can specify a different\n name, which follows the naming convention of the Google Cloud\n resource, for the corresponding Google Cloud resource in the\n `spec.resourceID` field. For more information, see\n [Managing resources with the `resourceID` field](/config-connector/docs/how-to/managing-resources-with-resource-ids).\n\nNamespace\n: The namespace you create a Config Connector resource in determines the\n project that contains the Google Cloud resource. For more on\n namespaces, see\n [Kubernetes Namespaces and Google Cloud Projects](/config-connector/docs/concepts/namespaces-and-projects).\n\nLabels\n: Labels in the metadata field of a Config Connector resource are also added\n to the associated Google Cloud resource.\n: In addition, Config Connector adds a system label named `managed-by-cnrm`\n with a value of `true` to your Google Cloud resources.\n\nAnnotations\n: Config Connector can take additional actions on your resources that are\n not defined in the `spec`. These actions are defined in subfields of\n `metadata.annotations`. Annotation values *must* be a string.\n The types of annotations Config Connector supports\n are described in [annotations](/config-connector/docs/reference/annotations).\n\nFolders and hierarchical resources\n----------------------------------\n\nIn addition to managing resources in Google Cloud products,\nConfig Connector supports creating and managing resources within\nGoogle Cloud [Folders and Organizations](/resource-manager/docs/creating-managing-folders).\nFor more information, see [Namespaces and projects](/config-connector/docs/concepts/namespaces-and-projects).\n\nUsing RBAC for Access Control\n-----------------------------\n\nKubernetes\n[Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\n(RBAC) secures your resources. You can control creation of Google Cloud\nresources by assigning RBAC permissions. For more information, see\n[Securing access to resources](/config-connector/docs/how-to/securing-access-to-resources).\n\nStatus Condition\n----------------\n\nConfig Connector uses a ready condition in\n[`status.condition`](https://dev.to/maelvls/what-the-heck-are-kubernetes-conditions-for-4je7) for two purposes:\n\n- indicating when a resource is ready. When a resource is reconciled and ready, its `status.condition.status` will be set to `True`. To check when a resource is ready, see [Waiting for resources to be ready](/config-connector/docs/how-to/monitoring-your-resources#waiting_for_resources_to_be_ready)\n- displaying additional error or information. The ready condition has `Message` and `Reason` fields which provide additional information on the resource's status.\n\nEvents\n------\n\nImportant status changes for Config Connector resources are visible as\nKubernetes events. For more information, see\n[Viewing events](/config-connector/docs/how-to/monitoring-your-resources#viewing_events_for_a_single_resource).\n\nDeclarative configuration and eventual consistency\n--------------------------------------------------\n\nSee [Reconciliation](/config-connector/docs/concepts/reconciliation).\n\nWhat's next\n-----------\n\n- [Get started with Config Connector](/config-connector/docs/how-to/getting-started)\n- Learn about the [Resources](/config-connector/docs/reference/resources) that Config Connector configures."]]
