Your First Service

A “service” in KDP defines a unique Kubernetes API Group and offers a number of resources (types) to use. A service could offer certificate management, databases, cloud infrastructure or any other set of Kubernetes resources.

Services are provided by service owners, who run their own Kubernetes clusters and take care of the maintenance and scaling tasks for the workload provisioned by all users of the service(s) they offer.

A KDP Service should not be confused with a Kubernetes Service. Internally, a KDP Service is ultimately translated into a kcp APIExport with a number of APIResourceSchemas (~ CRDs).


This document describes the process of setting up a new Service from scratch, from the standpoint of a Service Owner. See Using Services for more information from the standpoint of Service Consumers (i.e. endusers).

Creating Services

Login to the KDP Dashboard and navigate to the organization where the Service should be available (generally, Services can be consumed from any other workspace). Choose the “Create Service” option.

Service Creation Wizard

First, choose a title. This is a “human readable” name for your Service and will be shown to potential consumers in the service catalog. Next, choose a unique API group. API groups are DNS-style names, so it is recommended to choose a sub-domain of a DNS name you actually control (e.g.

You must also choose the location to which the servlet kubeconfig secret is written. This secret is required to set up the Servlet later.

The service creation wizard also offers several optional metadata fields that will help service consumers understand what kind of services are offered. You can (optionally) provide a documentation link which will be shown to consumers as a way to discover more information about the service, a logo which will be displayed alongside the service in the service catalog and a markdown-capable description to convey what the service is about.


It is of course also possible to create services from the kcp API directly via kubectl or similar tools (useful when the service should be managed via GitOps, for example). Here is an example YAML specification:

kind: Service
    description: This is a sample service.
    documentationURL: ""
    title: sample-service
    name: sample-servlet-kubeconfig
    namespace: default

This can be applied with kubectl in your organization workspace.

$ kubectl ws :root:my-org       # switch to your workspace
$ kubectl apply -f service.yaml

Use the following command to explore the full schema for Service objects:

$ kubectl explain service

This concludes all required steps to define the new service. Click on the confirm button to create the Service.

Setting up the Servlet

Once the service is created, KDP will provision a kubeconfig. This kubeconfig is meant to be used by the KDP Servlet, the component installed by service owners into the service cluster.

The generated kubeconfig is available from the service’s context menu in the Dashboard.

Service Context Menu

Click “kubeconfig” to inspect and download the kubeconfig:

Kubeconfig View

You can also use kubectl to navigate into your workspace and inspect your Service object. In spec.kubeconfig you will find the name of the kubeconfig Secret that you can use for your Servlet.

Now switch your focus to your own cluster, where your business logic happens (for example where Crossplane runs). For your Service you need to provide exactly one Servlet in one Kubernetes cluster. This Servlet can have multiple replicas as it uses leader election, but you must not have two or more independent Servlets processing the same Service. There is currently no mechanism to spread load between multiple Service clusters and two or more Servlets will most likely conflict with each other.

The Servlet comes as a Helm chart. See deploy/charts/servlet for more information. You basically need to provide the kubeconfig generated by KDP as the “platform kubeconfig”, the service’s name (not its API Group) and a unique name for the Servlet itself. Put all the information in a values.yaml and run helm install to deploy your Servlet.

Once the Servlet has booted up, it will just sit there and do nothing, waiting for further configuration.

Defining Published Resources

Once the Servlet is up and running, you have to create PublishedResource objects on the service cluster. See the documentation for publishing resources for more information.

The Servlet will automatically react to PublishedResources and begin replicating them into KDP/kcp. This means setting up an APIExport and APIResourceSchemas. Once this is done, the KDP Service can actually be consumed on the platform. See Using Services for more information.