Skip to content

Config Connector

Created: 2020-10-26 14:29:48 -0700 Modified: 2020-10-27 08:51:54 -0700

  • Overview (reference): it’s a Kubernetes add-on that lets you manage Google Cloud resources through Kubernetes. You can describe GCP resources declaratively just like you would with Kubernetes resources (reference), then you use kubectl to CRUD those resources.
  • Features (reference):
    • Role-based access control
    • Events for visibility
    • Single source of configuration
      • E.g. you can use secrets with GCP resources just like you would with Kubernetes resources (reference).
    • Eventual consistency
  • Implementation
    • Implementation in Kubernetes (reference): Config Connector works through Custom Resource Definitions (CRDs) and custom controllers. Remember that CRDs are just pieces of data that represent resources and do almost nothing on their own, so the custom controllers are what will take that data and reconcile the desired state in the cloud.
    • Implementation in GCP (reference): Resource Manager is a GCP service that lets you group and manage other GCP resources (e.g. VMs, Cloud Storage buckets, etc. (reference)). You can set up organizations or projects, form hierarchies, and then manage these abstractions in one spot. Config Connector uses Resource Manager’s API (which has to be explicitly enabled).
      • Example (reference): your MyCompany organization can include folders for DeptX → ProductA, ProductB and DeptY → TeamB. Within a folder, you may have dev/test/prod projects. Then, you can grant access to all of TeamB’s members to the TeamB folder, that way you don’t have to individually manage access control within that folder.