# Copyright 2021 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ###### # Cloud Resource Manager API and IAM api are defined in the client-project-setup package ###### # Container API # Required for Allowing GKE clusters to be deployed in service projects # Enabling the API in a project creates a GKE service account for the project. # https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-container # kpt-set: ${project-id}-container namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: container.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Container Security API # RA-5(5) - A service that provides security insights into GKE clusters apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-containersecurity # kpt-set: ${project-id}-containersecurity namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: # RA-5(5) resourceID: containersecurity.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Anthos API # https://cloud.google.com/anthos/fleet-management/docs/before-you-begin apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-anthos # kpt-set: ${project-id}-anthos namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: anthos.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Anthos Config Management API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-anthosconfigmanagement # kpt-set: ${project-id}-anthosconfigmanagement namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: anthosconfigmanagement.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # GKE Hub API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-gkehub # kpt-set: ${project-id}-gkehub namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: gkehub.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # GKE Connect API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-gkeconnect # kpt-set: ${project-id}-gkeconnect namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: gkeconnect.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Key Management Service API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-kms # kpt-set: ${project-id}-kms namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: cloudkms.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Secret Manager API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-secretmanager # kpt-set: ${project-id}-secretmanager namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: secretmanager.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Artifact Registry API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-artifactregistry # kpt-set: ${project-id}-artifactregistry namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: artifactregistry.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Container Scanning API # RA-5(5) - A service to scan containers for vulnerabilities apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-containerscanning # kpt-set: ${project-id}-containerscanning namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: # RA-5(5) resourceID: containerscanning.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Certificate Manager API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-certificatemanager # kpt-set: ${project-id}-certificatemanager namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: certificatemanager.googleapis.com projectRef: external: project-id # kpt-set: ${project-id} --- # Pub/Sub API apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1 kind: Service metadata: name: project-id-pubsub # kpt-set: ${project-id}-pubsub namespace: client-name-projects # kpt-set: ${client-name}-projects annotations: cnrm.cloud.google.com/disable-on-destroy: "false" spec: resourceID: pubsub.googleapis.com projectRef: external: project-id # kpt-set: ${project-id}