enable-gcp-services

KRM function for enable-gcp-services

enable-gcp-services #

Overview #

The enable-gcp-services function generates GCP project service resources from a list of services to enable GCP APIs within a specified project. This allows users to succinctly define all the services necessary in a single resource and have tighter control over which services are enabled in a specific project.

Usage #

enable-gcp-services function can be used both declaratively and imperatively.

$ kpt fn eval --image gcr.io/kpt-fn/enable-gcp-services:v0.1.0

The enable-gcp-services function does the following:

Discovers all ProjectServiceSet custom resources in a given package and nested packages if any.
For each ProjectServiceSet CR, it generates GCP project service resources as specified in the spec.services list.
- Adds all annotations defined for ProjectServiceSet CR to each generated resource. This can be used for enabling features like disable-on-destroy for generated services.
- Sets namespace if any defined for ProjectServiceSet CR to each generated resource.
- Sets projectID if any defined for ProjectServiceSet CR to each generated resource.
Each generated GCP project service resource has a blueprints.cloud.google.com/ownerReference annotation. This annotation allows enable-gcp-services function to track generated resources for the declarative management of the generated resources. Any changes made to the generate resources will be overwritten and should be made to the ProjectServiceSet CR instead.

<code>ProjectServiceSet</code> #

This function only supports local-config custom resources of kind ProjectServiceSet and can be provided using input items along with other KRM resources. Multiple ProjectServiceSet CRs can be declared in a package.

ProjectServiceSet has the following supported parameters:

apiVersion: blueprints.cloud.google.com/v1alpha1
kind: ProjectServiceSet
metadata:
  name: my-project-services
  annotations:
    cnrm.cloud.google.com/deletion-policy: false
    config.kubernetes.io/local-config: true
spec:
  services: # list of services to generate
    - compute.googleapis.com
  projectID: foo

Field	Description	Example	Required
`spec.services[]`	A list of GCP services to enable	[compute.googleapis.com,bigquery.googleapis.com]	yes
`spec.projectID`	Project ID where the services should be enabled.	my-project-id	no

Examples #

Let’s start with a ProjectServiceSet CR for enabling two services compute.googleapis.com and redis.googleapis.com in a GCP Project proj1.

# services-config.yaml
apiVersion: blueprints.cloud.google.com/v1alpha1
kind: ProjectServiceSet
metadata:
  name: proj1-service
  annotations:
    config.kubernetes.io/local-config: true
spec:
  services:
    - compute.googleapis.com
    - redis.googleapis.com
  projectID: proj1

Invoke the function:

$ kpt fn eval --image gcr.io/kpt-fn/enable-gcp-services:v0.1.0

Generated resources looks like the following:

# service_proj1-service-compute.yaml
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  name: proj1-service-compute
  annotations:
    blueprints.cloud.google.com/ownerReference: 'blueprints.cloud.google.com/ProjectServiceSet/proj1-service'
spec:
  resourceID: compute.googleapis.com
  projectRef:
    external: proj1

# service_proj1-service-redis.yaml
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  name: proj1-service-redis
  annotations:
    blueprints.cloud.google.com/ownerReference: 'blueprints.cloud.google.com/ProjectServiceSet/proj1-service'
spec:
  resourceID: redis.googleapis.com
  projectRef:
    external: proj1

Last modified October 9, 2025: Moving the documentation to Hugo (#1177) (a7f5458)