Config Connector is a niche topic on the Associate Cloud Engineer exam, but it shows up specifically and consistently. This article covers what it is, what problem it solves, the unusual rule about deleting resources it manages, and the way the ACE exam tests it.
It does not cover Kubernetes operators in general, full GitOps pipelines, or the YAML schema for every supported GCP resource. Those are useful for actually using Config Connector at work, but they are not what the exam is testing.
Config Connector is an add-on for GKE clusters that lets you manage GCP resources using Kubernetes manifests and kubectl. With it installed, you can create a Cloud SQL instance, a Cloud Storage bucket, a Pub/Sub topic, or an IAM role binding by writing a YAML file and running kubectl apply.
The key idea is that GCP resources start to behave like Kubernetes resources. They have manifests. They live in a namespace. kubectl can list them, describe them, and delete them. Under the hood, Config Connector is calling the GCP APIs on your behalf, but the surface you interact with is Kubernetes.
If your team already runs everything on GKE and uses kubectl all day, Config Connector lets you manage your cloud infrastructure with the same tooling you use for your applications. One workflow, one config language, one access control system.
It is also the simplest path to GitOps for cloud infrastructure on GCP. You commit YAML files to a Git repo, a controller in your cluster reconciles the actual state to match what is in Git, and the GCP resources update accordingly. This is the same pattern teams use for Kubernetes apps, extended to BigQuery datasets and Cloud Storage buckets.
This is the detail the Associate Cloud Engineer exam tests most often. To delete a resource that Config Connector created, you use kubectl, not gcloud. If you delete a Cloud Storage bucket with gcloud, Config Connector will see that the actual state no longer matches the manifest in the cluster and may try to recreate it. The right way to remove a resource managed by Config Connector is to delete the Kubernetes object that represents it.
kubectl delete storagebucket my-bucketThe same logic applies for any other Config Connector resource type. The Kubernetes resource is the source of truth. Treat it that way.
The list is long, but the ones that come up on Associate Cloud Engineer exam questions are the bread-and-butter services. BigQuery datasets, Cloud Storage buckets, Cloud SQL instances, Spanner databases, Pub/Sub topics, and Cloud IAM roles. If you see a question about managing any of those from inside a Kubernetes cluster, Config Connector is the answer.
Three patterns show up on the ACE exam for Config Connector.
The first is recognition. The question describes a team that wants to manage Cloud SQL instances, Pub/Sub topics, or Cloud Storage buckets through Kubernetes manifests, the same way they manage their applications. The answer is install Config Connector. If you see kubectl and GCP resources in the same question, this is the service.
The second is the deletion rule. The question describes a Config Connector resource that needs to be removed and asks how to remove it. The answer is kubectl delete, not gcloud. If you see gcloud as one of the options for deleting a resource Config Connector created, that option is wrong.
The third is the GitOps framing. The question describes a team that wants infrastructure changes to flow through Git pull requests and get reconciled against a cluster automatically. Config Connector is one part of that answer, alongside whatever GitOps tool the team uses to sync from Git to the cluster.
Config Connector lets you manage GCP resources with kubectl by treating them as Kubernetes objects. It is useful when your team already lives in Kubernetes and wants one tool for both application config and cloud infrastructure. The detail the Associate Cloud Engineer exam tests most often is that you delete Config Connector resources with kubectl, not gcloud.
My Associate Cloud Engineer course covers Config Connector in the GKE section alongside other ways to manage cloud resources from a cluster.
