Use CNRM (not AnthosCLI) to enable services

jlewi commented 4 years ago

Currently we are using the AnthosCLI to enable services https://github.com/kubeflow/gcp-blueprints/blob/master/kubeflow/README.md#common-problems

Would it be better to instead create CNRM resources in the management cluster?

issue-label-bot[bot] commented 4 years ago

Issue-Label Bot is automatically applying the labels:

Label	Probability
kind/feature	0.66
platform/gcp	0.98

Please mark this comment with :thumbsup: or :thumbsdown: to give our bot feedback! Links: app homepage, dashboard and code for this bot.

jlewi commented 4 years ago

CNRM seems to use the slightly newer CNRM service resource. https://cloud.google.com/config-connector/docs/reference/resources#service

jlewi commented 4 years ago

Here's the YAML I used to enable the services using CNRM

# GKE
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:  
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: container.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: compute.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: monitoring.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: logging.googleapis.com

# TODO(jlewi): Does order matter?
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: meshca.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: meshtelemetry.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: meshconfig.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: iamcredentials.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: anthos.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: gkeconnect.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: gkehub.googleapis.com
---
apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
kind: Service
metadata:
  annotations:
    # use the deletion policy of abandon to ensure that the pubsub service remains enabled when this resource is deleted.
    cnrm.cloud.google.com/deletion-policy: "abandon"
    # this is unnecessary with the deletion-policy of 'abandon', but useful if the abandon policy is removed.
    cnrm.cloud.google.com/disable-dependent-services: "false"
  name: cloudresourcemanager.googleapis.com

GoogleCloudPlatform / kubeflow-distribution

Use CNRM (not AnthosCLI) to enable services #31