Config Connector version 1.137.0 is now available.

Changed

New Beta Resources (Direct Reconciler):

• DocumentAIProcessorVersion
• EssentialContactsContact
• BigQueryBigLakeTable
• BackupDRBackupPlan

Changed

New Alpha Resources (Direct Reconciler):

• BigtableMaterializedView

Feature

New Fields:

• BigtableMaterializedView: Added spec.sourceTableRef and spec.definition.
• BackupDRBackupPlan: Added spec.backupConfig.retentionPeriodDays and spec.backupConfig.backupWindow.
• MemorystoreInstance: Added support for MEMCACHE and REDIS instance types.

Changed

Reconciliation Improvements:

• Enabled opt-in for IAM partial policy management.
• Enabled server-side apply for KMS resources.
• Improved reconciliation for BigtableLogicalView by using deep reflection.
• Improved reconciliation for FirestoreDatabase with identity pattern and export support.
• Improved reconciliation for RunJob with export support.
• Unified ComputeTargetTCPProxy direct API and controller.

Fixed

Bug Fixes:

• Fixed an issue where ComputeBackendService backends were not sorted.
• Fixed an issue where CloudFunctionsFunction runtime was not a supported value.
• Fixed an issue with labels for BackupDRBackupPlan.
• Fixed an issue with labels for RunJob.
• Fixed a fuzzing issue for FirestoreField.
• Fixed an issue with KMSCryptoKey import.
• Fixed a flakiness issue in the MonitoringDashboard fuzzer.
• Fixed a flakiness issue in tests.
• Fixed an issue with bad labels in tests.
• Fixed an issue with etag in direct reconciliation.

Config Connector version 1.136.1 is now available.

Changed

New Beta Resources (Direct Reconciler):

• AssetFeed
• BigQueryReservationAssignment
• CloudDeployDeliveryPipeline
• ComposerEnvironment

Feature

New Fields:

• ComposerEnvironment
  • Added spec.storageConfig field.
  • Added spec.config.workloadsConfig.dagProcessor field.
  • Added spec.config.workloadsConfig.triggerer field.
  • Added spec.config.softwareConfig.webServerPluginsMode field.
  • Added spec.config.softwareConfig.cloudDataLineageIntegration field.

Changed

Reconciliation Improvements:

• Introduced Stateful Reconciliation for Direct Controllers. With stateful reconciliation, the direct controller stores a hash of the last successfully applied .spec in the resource's .status. This provides a lightweight, GitOps-safe record when a user has modified the desired state of the resource.

Fixed

Bug Fixes:

• Added support for checking etag in spec for alpha resources.
• Fixed an issue where CloudIdentityMembership roles comparison would fail.
• Fixed a bug where the wrong GVK was reported in IAM controller.
• Fixed a bug where errors were swallowed when reading a Secret.
• Fixed an issue with LRO endTime in mockgcp.
• Fixed a bug in the etag mapper.
• Fixed a bug in the mapper generator for slice and single object map.
• Fixed a bug in the mapper generator for OneOf if the input is not proto.Message.
• Fixed an import for refs in the same package in controllerbuilder.

Config Connector version 1.134.1 is now available.

Fixed

Bug Fixes:

• #5230: Fixed an issue that could lead to premature certificate rotation by ensuring errors are not swallowed when reading a Secret.
• #5231: Add more verbose logging during certificate validation to assist with debugging.

Config Connector version 1.135.0 is now available.

Changed

New Beta Resources (Direct Reconciler):

• AssetSavedQuery
• PubSubSnapshot

Changed

Modified Beta Reconciliation: We migrated the following resources from the Terraform-based or DCL-based controller to the new Direct Controller.

• VMWareEngineExternalAddress

Feature

New Fields:

• AlloyDBCluster
  • Added spec.databaseVersion field

Fixed

Bug Fixes:

• PR#5009 Fix the nil pointer dereference error in AlloyDB direct controller

Config Connector version 1.134.0 is now available.

Changed

Improved reconciliation by migrating the following resources from the Terraform-based or DCL-based controller to the new direct controller. These resources are migrated automatically and you no longer need to apply the opt-in annotation to enable the direct controller:

• CloudIdentityGroup

• CloudIdentityMembership

Changed

New Fields:

• ContainerCluster: DNS endpoint is supported in ContainerCluster.

Fixed

Bug Fixes:

• ConfigConnectorContext:
  • PR#4995: status.observedGeneration is now being set on the ConfigConnectorContext.
  • PR#4657: Added spec.managerNamespace.
• SQLInstance:
  • PR#4838: Fixed bug in SQLInstance maintenanceVersion UPDATE operation
  • PR#4843: Set status on acquisition for SQLInstance controller
  • PR#4857: Support SQLInstance maintenanceVersion in CREATE operation

Config Connector version 1.133.0 is now available.

Feature

New Beta Resources (Direct Reconciler):

• APIGatewayAPI

• AppHubApplication

• StorageAnywhereCache

Changed

New Alpha Resources (Direct Reconciler):

• BigtableLogicalView

Changed

Reconciliation Improvements

Added support for direct reconciliation to more resources, with opt-in behaviour. The API is backward compatible. The following resources now have direct reconciliation support

• BigQueryTable
  • Use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the BigQueryTable CR object to opt-in the direct controller.
  • The direct controller also supports adding BigQueryDataPolicies directly to BigQueryTable columns within spec.schema.

Fixed

• PR#4808 filtered out Kubernetes labels that are invalid for Google Cloud in the ComputeForwardingRule direct controller, ensuring backward compatibility after migrating to the direct controller.

Config Connector version 1.132.1 is now available.

Changed

Reconciliation Improvements:

• SpannerInstance
  • You can opt-in the direct controller by adding the alpha.cnrm.cloud.google.com/reconciler: direct annotation to the SpannerInstance resource`.
  • Direct controller is opt-in if using the following fields:
    • spec.labels
    • spec.defaultBackupScheduleType
    • spec.edition
    • spec.autoscalingConfig

Config Connector version 1.132.0 is now available.

Feature

New Beta Resources (Direct Reconciler):

• SpeechCustomClass
• SpeechPhraseSet
• SpeechRecognizer
• VertexAINotebooksInstance
• VertexAIMetadataStore

Changed

New Alpha Resources (Direct Reconciler):

• OrgPolicyPolicy
• OrgPolicyCustomConstraint
• SpeechRecognizer
• StorageAnywhereCache

Feature

New Fields:

• SpannerInstance For opt-in direct controller,
  • Added spec.labels field.
  • Added spec.defaultBackupScheduleType field.
• SecretManagerSecret For opt-in direct controller,
  • Added spec.labels field.

Feature

• Storage Bucket
  • Removed immutability constraint on spec.location and spec.customPlacementConfig.dataLocations fields. To learn more, see Relocate buckets.

Changed

Reconciliation Improvements:

• BigtableAppProfile
  • You can opt-in the direct controller by adding the alpha.cnrm.cloud.google.com/reconciler: direct annotation to the BigtableAppProfile resource.
  • Added support for spec.dataBoostIsolationReadOnly field for resources reconciled by the direct controller.
• CloudIdentityGroup and CloudIdentityMembership
  • You can opt-in the direct controller by adding the alpha.cnrm.cloud.google.com/reconciler: direct annotation to the CloudIdentityGroup and CloudIdentityMembership resources.
  • With direct reconciliation, creating new resources will no longer write back the service-generated ID to spec.resourceID. To acquire a resource, you can find its resourceID from the last part of status.externalRef field, or via gcloud command or Cloud Console. The spec.resourceID field is used for acquisition only, leave the field unset when creating a new resource.

Config Connector version 1.131.0 is now available.

Feature

New Beta resources (direct reconciler)

• IAPSettings

Changed

New Alpha resources (direct reconciler)

• ComputeNetworkAttachment
• ComputeNetworkEdgeSecurityService
• DataplexEntryGroup
• DataplexEntryType
• DataplexTask
• DataplexZone
• DatastreamRoute
• DocumentAIVersion
• GKEBackupBackup
• GKEBackupRestore
• PubSubSnapshot
• SpeechCustomClass
• VMwareEngineExternalAddress
• MetastoreService
• MetastoreFederation
• MetastoreBackup
• APIQuotaPreference
• APIQuotaAdjusterSettings
• EventarcGoogleChannelConfig
• EventarcChannel
• AssetSavedQuery
• AssetFeed
• EssentialContactsContact
• DataCatalogEntryGroup
• DataCatalogEntry
• DataCatalogTagTemplate
• DataCatalogTag

Fixed

• Fixed an issue: excessive compute.firewallPolicies.patchRule Logs triggered by Config Connector direct reconciliation.

Config Connector version 1.130.2 is now available.

Feature

New Beta resources (direct reconciler)

• ApigeeEndpointAttachment

• ApigeeEnvgroupAttachment

• ApigeeInstanceAttachment

• ManagedKafkaTopic

• SecureSourceManagerInstance

• SecureSourceManagerRepository

Feature

New Fields

• GKEHubFeatureMembership

  • Added spec.configmanagement.configSync.stopSyncing in version1.129.

• SpannerInstance.

  • Added spec.defaultBackupScheduleType field.
  • Added spec.labels field

Changed

New Alpha resources (direct reconciler)

• ApphubApplication
• BackupDRManagementServer
• BackupDRBackupVault
• BackupDRBackupPlan
• BackupDRBackupPlanAssociation
• BatchJob
• BigLakeTable
• BigQueryReservation
• CodeDeployDeliveryPipeline
• DataplexLake
• DatastreamPrivateConnection
• DatastreamConnectionProfile
• DocumentAIProcessor
• GKEBackupBackupPlan
• GKEBackupRestorePlan
• NetAppBackupPolicy
• NotebooksEnvironment
• SpannerInstanceConfig
• VertexAIFeaturestore
• VMwareEnginePrivateCloud
• VMwareEngineNetwork
• VMwareEngineNetworkPeering
• VMwareEngineNetworkPolicy
• WorkflowExecution

Changed

Reconciliation Improvements

Added support for direct reconciliation to more resources, with opt-in behaviour. The API is backward compatible. To use the direct reconciler, add the alpha.cnrm.cloud.google.com/reconciler: direct annotation to the corresponding Config Connector object. The following resources now have direct reconciliation support (and we list some of the issues that this fixes):

• SpannerInstance
  • You can use spec.edition field to optimize your enterprise edition type
  • You can use spec.autoscalingConfig to automate the scaling instead of manually configure spec.processingUnit or spec. numNodes.
  • You can use the defaultBackupScheduleType now.
  • Behavior Change If you use the SpannerInstance Kubernetes metadata.labels to configure your GCP labels, please change them to use the spec.labels field instead.

Config Connector version 1.129.2 is now available.

Feature

New Beta resources (direct reconciler)

• ManagedKafkaCluster

• ApigeeInstance

• AlloydbInstance

Changed

Reconciliation Improvements

• SQLInstance

  • All SQLInstance types are now reconciled using the new direct controller instead of the legacy Terraform-based controller. The previous "opt-in" annotation (document reference) no longer applies. Users no longer need to apply the "opt-in" annotation to SQLInstance resources to enable the direct controller. Regardless of the presence (or absence) of an opt-in annotation on SQLInstance resources, the direct reconciler will be used.
  • This change enables all SQLInstance resources to switch from edition ENTERPRISE to ENTERPRISE_PLUS and fixes the bug that prevented SQL Instance upgrade.

Changed

New Alpha resources (direct reconciler)

• ManagedKafkaTopic
• ApigeeInstanceAttachment
• ApigeeEnvgroupAttachment
• ApigeeEndpointAttachment

Config Connector version 1.128.0 is now available.

Feature

New Beta resources (direct reconciler)

• ApigeeEnvgroup

  • Define environment groups to specify the hostnames for routing traffic to Apigee environments.

• KMSAutokeyconfig

  • Manage the KMS auto key which simplifies the CMEKs provisioning and assignment.

Feature

New Fields

• SpannerInstance

  • You need to use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on SpannerInstance resource to opt-in these features.

    • spec.autoscalingConfig
    • spec.edition

Changed

Reconciliation Improvements

• We have added support for direct reconciliation to more resources, with opt-in behaviour. The API is unchanged. To use the direct reconciler, add the alpha.cnrm.cloud.google.com/reconciler: direct annotation to the corresponding Config Connector object. The following resources now have direct reconciliation support:

  • AlloyDBInstance
  • SpannerInstance

Changed

New Alpha resources (direct reconciler)

• IAPSettings

  • Customize the Identity-Aware Proxy (IAP) settings for applications and services running on Google Cloud Platform.

• SecureSourceManangerInstance

• SecureSourceManangerRepository

Fixed

DataformRepository fields validation error.

• Fixed the incorrect format validation for the following fields:

  • spec.gitRemoteSettings.authenticationTokenSecretVersionRef
  • spec.gitRemoteSettings.sshAuthenticationConfig.userPrivateKeySecretVersionRef
  • spec.npmrcEnvironmentVariablesSecretVersionRef

Config Connector version 1.127.0 is now available.

Feature

New Beta resources (direct reconciler)

• BigQueryAnalyticsHubListing

• FirestoreDatabase

• WorkstationConfig

• Workstation

Feature

New Fields

• BigQueryDataTransferConfig

  • Added spec.scheduleOptionsV2 to customize the different types of data transfer schedule.
  • Added status.observedState.error with detailed information about reason of the latest config failure.

• GkeHubFeatureMembership

  • Added spec.configmanagement.management to enable Config Sync Auto Upgrade. This is an opt-in feature and you need to turn on the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object.

Changed

SecretManagerSecret Reconciliation Improvements

• You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object to opt-in the direct controller, which gives the following improvements:

  • Enhanced spec.rotation.nextRotationTime to use a fixed datetime value to avoid relative now() friction.
  • Fixed the spec.replication.auto immutable issue
  • Added the in-use version aliases in status.observedState.versionAliases
  • Resolved update stalling issues.
  • Clarify the TTL use. See the problems and share your use in GitHub issue #3395

Changed

SecretManagerSecretVersion Reconciliation Improvements

• You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the object to opt-in the direct controller, which gives the following improvements:

  • Resolved update stalling caused by DependencyNotReady errors.
  • Fixed the friction in spec.enabled that enabling or disabling a secret version does not always take effect in GCP.
  • API Behavior Change The service generated ID is changed from spec.resourceID to status.version with status.externalRef (new field) to guardrail the identity.

Fixed

• Dataflowflextemplatejob subnetwork validation error.
  • Error message should match regions/REGION/subnetworks/SUBNETWORK

Config Connector version 1.126.0 is now available.

Announcement

Config Connector system management CRDs ControllerReconciler and NamespacedControllerReconciler are promoted to Beta. See how to configure the Controller manager rate limit.

Feature

New Beta resources (direct reconciler)

• BigQueryTransferConfig

  • Manage the metadata needed to perform a BigQuery data transfer.

• KMSKeyHandle

  • Manage the provisioning of a CryptoKey.

Feature

Use BigQueryConnectionConnection to provide the IAM Service Account

• IAMPolicyMember

  • Added spec.memberFrom.bigQueryConnectionConnectionRef
  • See an example on IAMPolicyMember use BigqueryConectionConnection "cloudSQL"

• IAMPartialPolicy

  • Added spec.memberFrom.bigQueryConnectionConnectionRef.

Changed

New Alpha Resources

• Add new resource WorkstationConfig

Config Connector version 1.125.0 is now available.

Feature

New Beta resources (direct reconciler)

• BigQueryConnectionConnection

  • Manage connections to connect to Google services and external data sources

• BigQueryAnalyticsHubDataExchange

  • Manage data exchange to enable self-service data sharing

• PrivilegedAccessManagerEntitlement

  • Manage entitlements to grant for projects, folders, and organizations

• WorkstationCluster

  • Manage workstation cluster to define a group of workstations in a particular region and the VPC network they're attached to.

Feature

Added cluster mode to manage the rate-limit for the Config Connector requests

• You can set the rate-limit for the reconciling requests to the kube-apiserver in Cluster and Namespace mode.
• Configure NamespacedControllerReconciler (Alpha) for namespace mode. This is added since 1.119
• Configure ControllerReconciler (Alpha) for cluster mode. The ControllerReconciler shows an example.

Changed

SQLInstance Reconciliation Improvements

• You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the SQLInstance CR object to opt-in the direct controller.
• The direct reconciler contains 2 fix and improvement:
  • Fix the upgrade and downgrade issue between ENTERPRISE and ENTERPRISE_PLUS.
  • Supports creating from clone functionality via spec. cloneSource
• Migrated the SQLInstance from the Terraform-based or DCL-based controller to the new Direct Controller to enhance the reliability and performance. The CRD is unchanged.

Changed

ComputeFirewallPolicyRule Reconciliation Improvements

• You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on the ComputeFirewallPolicyRule CR object to opt-in the direct controller, which fixes the targetResources error "required value priority could not be found".
• Migrated this resource from the Terraform-based controller to the new Direct Controller to enhance the reliability and performance. The resource CRD is unchanged.

Changed

AlloyDBInstance

• Added spec.networkConfig.enableOutboundPublicIp field.
• Added status.outboundPublicIpAddresses field.

Fixed

Issue 3007 ComputeBackendService cannot refer clientTLSPolicy due to invalid format

Fixed

Issue 2973 kubelet_config has insecure_kubelet_readonly_port_enabled: true set even if not configured in the ContainerNodePool object.

Config Connector version 1.124.0 is now available.

Announcement

The direct resource development guide is now available for contributors

To improve the Config Connector resource development process, we have a new development guide to contributing resources to Config Connector with the direct reconciliation process. This new approach makes contributing more reliable and consistent with Kubernetes development practices. For more information, read the new Direct resource development guide.

Changed

RedisCluster is promoted from alpha to beta (Direct Reconciler).

Changed

CertificateManagerDNSAuthorization

• Add the spec.Location field.

Changed

ComputeForwardingRule

• Added spec.target.googleApisBundle field (allowed values are all-apis or vpc-sc). Note, when configuring this field, the resource will use direct reconciliation.

Changed

CertificateManagerDNSAuthorization is migrated from the Terraform-based to the new Direct controller to enhance reliability and performance. The resource CRD is unchanged.

Changed

New Alpha Resources (Direct Reconciler)

• PrivilegedAccessManagerEntitlement
• BigQueryAnalyticsHubDataExchange

Config Connector version 1.123.1 is now available.

Announcement

Starting from this version, all new CustomResources (CRs) have the cnrm.cloud.google.com/state-into-spec annotation field default to absent. For more information about this behavior, see the spec fields documentation. The behavior of existing CRs is not impacted by this change.

Announcement

You can use the alpha.cnrm.cloud.google.com/reconciler: direct annotation on DataflowFlexTemplateJob resource to opt-in the Direct Cloud Reconciler, which provides an advanced status update solution for some timeout issues.

Breaking

If you use the CloudIdentityGroup, CloudBuildTrigger and FirestoreIndex resources, do not use version 1.123.0, as it contains regression issues for these resources due to the state-into-spec setting.

Changed

BigQueryDataTransferConfig (v1alpha1) now uses direct reconciliation.

Changed

BigQueryConnectionConnection (v1alpha1) now uses direct reconciliation.

Changed

DataformRepository is promoted from alpha to beta.

Changed

Added FirestoreDatabase (v1alpha1). This uses direct reconciliation.

Fixed

Config Connector switches between the Direct and TF-based reconcilers depending on the SQLInstances objects' use of the spec.cloneSource field

Config Connector version 1.122.0 is now available.

Announcement

The state-into-spec field now defaults to Absent in all Config Controller clusters.

Changed

RedisCluster (Alpha) now uses direct reconciliation.

Changed

SQLInstance now uses direct reconciliation.

Changed

Added RedisCluster (Alpha) resource for service Redis.

Changed

ContainerCluster

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

Changed

ContainerNodePool

The spec.nodeConfig.taint can be updated in place in lieu of destroying and recreating the object.

Changed

SQLInstance

Add the spec.cloneSource field to clone a SQLInstance.

Changed

RunJob

Add the spec.template.template.volumes[].cloudSqlInstance field to configure Cloud SQL instance.

Config Connector version 1.121.0 is now available.

Announcement

The state-into-spec field now defaults to Absent in any new Config Controller clusters.

Starting in version 1.122, this will be the default for all Config Controller clusters.

Starting in version 1.123, this will be the default for all Config Connector clusters.

Changed

DataformRepository (Alpha) now uses direct reconciliation.

Fixed

BigtableInstance

• When autoscaling is enabled (spec.cluster[].autoscalingConfig.), does not use numNodes (spec.cluster[].numNodes=2) as that applies only to manual scaling.

Fixed

BigQueryConnection

• Added status.observedState field to store the output-only fields which are previously mistakenly defined in spec.

Changed

BigQueryTable

• Added spec.requirePartitionFilter field. This release note was added on August 20.

Config Connector version 1.120.1 is now available.

Changed

IAM configuration can now be applied to PrivateCACAPool.

Changed

You can configure the ConfigConnector operator to roll back to install the v1.119.0 controllers by specifying spec.version: 1.119.0 in the ConfigConnectorContext CR (namespaced mode).

Changed

CloudBuildWorkerPool is promoted from alpha to beta.

Changed

CloudIDSEndpoint is promoted from alpha to beta.

Changed

ComputeMangedSSLCertificate is promoted from alpha to beta.

Changed

AlloyDBInstance

• Added networkConfig field to support Public-IP feature.

Changed

MonitoringAlertPolicy

• Added spec.severity field.

Changed

MonitoringDashboard

• Added dashboardFilters support.
• Added alertChart widgets.
• Added collapsibleGroup widgets.
• Added pieChart widgets.
• Added sectionHeader widgets.
• Added singleViewGroup widgets.

• Added timeSeriesTable widgets.

• Added blankView to scorecard widgets.

• Added dataSets.targetAxis and y2Axis fields to xyChart widgets.

• Added id field to all widgets.

• Added prometheusQuery and outputFullDuration to timeSeriesQuery.

• Added style fields to text widgets.

• Added targetAxis field to thresholds.

Changed

StorageBucket

• Added spec.softDeletePolicy field.
• Added status.observedState.softDeletePolicy field.

Config Connector version 1.119.0 is now available.

Feature

Added options to customize resource reconciliation for ConfigConnector

• Added a new ControllerReconciler CRD (v1alpha1). See example.
• This feature lets you customize the client-side kube-apiserver request rate limit.

Feature

The Direct Controller is now the default reconciler

• Initialize the Direct Controller registration
• Set the default reconciler to Direct Controller if the ConfigConnector CRD does not have cnrm.cloud.google.com/tf2crd: "true" or cnrm.cloud.google.com/dcl2crd: "true" label.

Changed

Added CloudBuildWorkerPool (v1alpha1) resource for service cloudbuild

Changed

Added MonitoringDashboard (v1beta1) resource for service monitoring

Changed

Added ComputeServiceAttachment (v1beta1) resource for service compute

• Added ComputeServiceAttachment as dependency of ComputeForwardingRule through spec.target.serviceAttachmentRef.

Fixed

Added three output-only fields for ContainerCluster

• Added status.observedState.masterAuth.clusterCaCertificate
• Added status.observedState.privateClusterConfig.privateEndpoint
• Added status.observedState.privateClusterConfig.publicEndpoint

Config Connector version 1.118.2 is now available.

Fixed

LoggingLogMetric

• Change .spec.projectRef.kind from required to be optional.
• If this field is given, it has to be .spec.projectRef.kind: Project.

Config Connector version 1.118.1 is now available.

Announcement

This release introduces the direct-reconciliation mechanism to reconcile Config Connector resources. The reconciliation makes API calls directly instead of going through a third-party library. Currently it only applies to LoggingLogMetric.

Changed

LoggingLogMetric now uses direct reconciliation.

Changed

Added support for ComputeNetworkFirewallPolicyRule resource (v1alpha1).

Changed

LoggingLogMetric

• Added spec.loggingLogBucketRef field to support bucket reference.

Fixed

SQLInstance avoids a bug causing repeated reconciliation when spec.settings.edition was configured with a non-empty value.

Config Connector version 1.117.0 is now available.

Announcement

This release improves our support for VertexAI.

Changed

VertexAIDataSet is promoted from alpha to beta.

• Output fields are now in status.observedState.

• The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef

Changed

VertexAIIndex is promoted from alpha to beta.

• Output fields are now in status.observedState.

• Note that isCompleteOverwrite is currently not supported: it is not obviously compatible with declarative operation.

Changed

VertexAIEndpoint is promoted from alpha to beta.

• Output fields are now in status.observedState.

• The KMS key is now specified using a reference: spec.encryptionSpec.kmsKeyNameRef

• The network is now specified using a reference: spec.networkRef

Changed

ComputeNetwork

• The spec.enableUlaInternalIpv6 field is no longer immutable - it can now be changed without recreating the network.

Config Connector version 1.116.0 is now available.

Issue

An error treats merge as invalid value in cnrm.cloud.google.com/state-into-spec annotation in IAMPolicy, IAMPartialPolicy, IAMPolicyMember, and IAMAuditConfig resources. Upgrading Config Connector to 1.117 or newer versions can fix the issue.

Announcement

This release includes enhanced support for DNSRecordSet, enabling advanced configurations such as geo-routing, primary/backup, and weighted round-robin load-balancing.

Changed

ContainerCluster

• Added spec.nodeConfig.linuxNodeConfig.cgroupMode field.

Changed

ContainerNodePool

• Added spec.nodeConfig.linuxNodeConfig.cgroupMode field.

Changed

DNSRecordSet

• Added spec.routingPolicy.geo.healthCheckedTargets field.

• Added spec.routingPolicy.primaryBackup field.

• Added spec.routingPolicy.wrr field.

Changed

EventArcTrigger

• Added spec.destination.httpEndpoint field.

• Added spec.destination.networkConfig field.

Changed

LoggingLogBucket

• Added spec.enableAnalytics field.

Config Connector version 1.115.0 is now available.

Feature

Improved support for AlloyDB, by adding new fields to AlloyDBCluster and AlloyDBInstance.

Changed

AlloyDBCluster

• Added spec.clusterType field.

• Added spec.deletionPolicy field.

• Added spec.secondaryConfig field.

Changed

AlloyDBInstance

• Added spec.instanceTypeRef field.

Config Connector version 1.114.1 is now available.

Changed

SQLInstance and ComputeBackendService now have additional safeguards against populating plain-text secrets back into the object.

Fixed

Fixed resource deletion of AlloyDBInstance and EdgeContainerNodePool when their "parent objects" no longer exist.

Changed

Initial support (alpha stability) for pausing reconciliation, by setting spec.actuationMode: Paused in the ConfigConnectorContext.

Changed

Initial support (alpha stability) for defaulting state-into-spec to absent (the recommended setting), by setting spec.stateIntoSpec: Absent in the ConfigConnectorContext.

Changed

AccessContextManagerServicePerimeterResource is promoted from alpha to beta

Changed

Added support for ComputeNetworkFirewallPolicyAssociation (v1beta1) resource.

Changed

Added support for APIKeysKey (v1alpha1) resource.

Changed

BigQueryDataSet

• Added access[].iamMember field.

Changed

ComputeAddress

• Added status.observedState.address field.

Changed

ComputeTargetHttpsProxy

• Added spec.certificateManagerCertificates field.

Changed

DNSRecordSet

• Added spec.routingPolicy field.

Changed

GKEHubFeatureMembership

• Added spec.policycontroller field.

Config Connector version 1.113.0 is now available.

Feature

Initial support for status.observedState in ContainerCluster, ContainerNodePool and RedisInstance.

To encourage use of cnrm.cloud.google.com/state-into-spec: absent, you can now use status.observedState in ContainerCluster, ContainerNodePool and RedisInstance. Some important resource information (such as the certificate for connecting to a GKE cluster) is currently only available in spec, and we recommend instead reading this resource information from observedState if available. More fields may be added to observedStatein the future.

Feature

Added support for ComputeNetworkFirewallPolicy (v1beta1) resource.

Feature

Added support for TagsLocationTagBinding (v1alpha1) resource.

Feature

Resource RunJob (CloudRun Job):

• Added spec.template.vpcAccess.connectorRef field.

Config Connector version 1.112.0 is now available.

Feature

Added support for AlloyDBUser (v1beta1) resource.

Feature

Added support for EdgeContainerCluster (v1beta1) and EdgeContainerNodePool (v1beta1) resources.

Feature

Added support for EdgeNetworkNetwork (v1beta1) and EdgeNetworkSubnet (v1beta1) resources.

Feature

Resource BigtableAppProfile(v1beta1):

• Added spec.standardIsolation field.

Fixed

Fixed the SecretKeyRef in the Go client. (Issue #598.)

Config Connector version 1.111.0 is now available.

Feature

Added support for ContainerAttachedCluster (v1beta1) resource.

Feature

Added support for AlloyDBCluster (v1beta1) resource.

Feature

Added support for AlloyDBInstance (v1beta1) resource.

Feature

Added support for AlloyDBBackup (v1beta1) resource.

Feature

Added name validation for ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization CRDs.

Feature

Added validation for duplicate webhooks in spec.webhooks list of the customizable ControllerResource and NamespacedControllerResource CRDs.

Feature

Added errors on invalid webhook names into status of ValidatingWebhookConfigurationCustomization and MutatingWebhookConfigurationCustomization custom resources.

Fixed

Fixed an reconciliation issue in ComputeManagedSSLCert resource. Issue #107.

Fixed

Fixed issue of the retrieved maxWorkers in DataflowFlexTemplateJob resource.

Feature

Graduated ValidatingWebhookConfigurationCustomization, MutatingWebhookConfigurationCustomization, ControllerResource and NamespacedControllerResource CRDs to v1beta1.

Fixed

Fixed an issue in ComputeForwardingRule resource when used with PSC. Issue #763.

Feature

Resource AlloyDBCluster(v1beta1):

• Added spec.networkConfig field.

Feature

Resource ComputeSubnetwork(v1beta1):

• Added status.internalIpv6Prefix field.

Feature

Resource ComputeTargetHTTPSProxy(v1beta1):

• Added spec.serverTlsPolicyRef field.

Feature

Resource ContainerCluster(v1beta1):

• Added spec.nodeConfig.fastSocket field.

Feature

Resource ContainerNodePool(v1beta1):

• Added spec.nodeConfig.fastSocket field.

Feature

Resource NetworkConnectivitySpoke(v1beta1):

• Added spec.linkedVPCNetwork field.

Feature

Resource RunJob(v1beta1):

• Added spec.template.template.vpcAccess.networkInterfaces field.

Feature

Resource RunService(v1beta1):

• Added spec.template.vpcAccess.networkInterfaces field.

Feature

Resource SecretManagerSecretVersion(v1beta1):

• Added spec.isSecretDataBase64 field.