solutions/client-setup/mgmt-project/services.yaml (97 lines of code) (raw):
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#########
# IAM API
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
name: client-management-project-id-iam # kpt-set: ${client-management-project-id}-iam
namespace: projects
annotations:
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/client-management-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${client-management-project-id}
cnrm.cloud.google.com/deletion-policy: "abandon"
cnrm.cloud.google.com/disable-dependent-services: "false"
spec:
resourceID: iam.googleapis.com
projectRef:
external: client-management-project-id # kpt-set: ${client-management-project-id}
---
# Resource Manager API
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
name: client-management-project-id-resourcemanager # kpt-set: ${client-management-project-id}-resourcemanager
namespace: projects
annotations:
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/client-management-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${client-management-project-id}
cnrm.cloud.google.com/deletion-policy: "abandon"
cnrm.cloud.google.com/disable-dependent-services: "false"
spec:
resourceID: cloudresourcemanager.googleapis.com
projectRef:
external: client-management-project-id # kpt-set: ${client-management-project-id}
---
# Billing API
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
name: client-management-project-id-billing # kpt-set: ${client-management-project-id}-billing
namespace: projects
annotations:
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/client-management-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${client-management-project-id}
cnrm.cloud.google.com/deletion-policy: "abandon"
cnrm.cloud.google.com/disable-dependent-services: "false"
spec:
resourceID: cloudbilling.googleapis.com
projectRef:
external: client-management-project-id # kpt-set: ${client-management-project-id}
---
# Service Usage API
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
name: client-management-project-id-serviceusage # kpt-set: ${client-management-project-id}-serviceusage
namespace: projects
annotations:
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/client-management-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${client-management-project-id}
cnrm.cloud.google.com/deletion-policy: "abandon"
cnrm.cloud.google.com/disable-dependent-services: "false"
spec:
resourceID: serviceusage.googleapis.com
projectRef:
external: client-management-project-id # kpt-set: ${client-management-project-id}
---
# Container API
# Required to allow deployment of kubernetes clusters from service account in the client management project
# it could be disabled if the service account would be into the k8s's project
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
name: client-management-project-id-container # kpt-set: ${client-management-project-id}-container
namespace: projects
annotations:
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/client-management-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${client-management-project-id}
cnrm.cloud.google.com/deletion-policy: "abandon"
cnrm.cloud.google.com/disable-dependent-services: "false"
spec:
resourceID: container.googleapis.com
projectRef:
external: client-management-project-id # kpt-set: ${client-management-project-id}
---
# Cloud IDS API
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
name: client-management-project-id-ids # kpt-set: ${client-management-project-id}-ids
namespace: projects
annotations:
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/client-management-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${client-management-project-id}
cnrm.cloud.google.com/deletion-policy: "abandon"
cnrm.cloud.google.com/disable-dependent-services: "false"
spec:
resourceID: ids.googleapis.com
projectRef:
external: client-management-project-id # kpt-set: ${client-management-project-id}
---
# Service Networking API
# required for private service access and cloud IDS
# https://cloud.google.com/vpc/docs/configure-private-services-access
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
name: client-management-project-id-servicenetworking # kpt-set: ${client-management-project-id}-servicenetworking
namespace: projects
annotations:
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/client-management-project-id # kpt-set: resourcemanager.cnrm.cloud.google.com/namespaces/projects/Project/${client-management-project-id}
cnrm.cloud.google.com/deletion-policy: "abandon"
cnrm.cloud.google.com/disable-dependent-services: "false"
spec:
resourceID: servicenetworking.googleapis.com
projectRef:
external: client-management-project-id # kpt-set: ${client-management-project-id}