projectRef instead of project-id in ServiceUsage + use resourceID to avoid duplicate name in same namespace (config-control)

Author: Mathieu Benoit

content/artifact-registry/allow-artifact-registry.md

@@ -43,12 +43,15 @@ apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
     config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
-  name: artifactregistry.googleapis.com
+  name: ${GKE_PROJECT_ID}-artifactregistry
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: artifactregistry.googleapis.com
 EOF
 ```
 {{% notice note %}}
@@ -64,24 +67,30 @@ apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
     config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
-  name: containeranalysis.googleapis.com
+  name: ${GKE_PROJECT_ID}-containeranalysis
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: containeranalysis.googleapis.com
 EOF
 cat <<EOF > ~/$WORKSHOP_ORG_DIR_NAME/config-sync/projects/$GKE_PROJECT_ID/containerscanning-service.yaml
 apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
     config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
-  name: containerscanning.googleapis.com
+  name: ${GKE_PROJECT_ID}-containerscanning
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: containerscanning.googleapis.com
 EOF
 ```
 

content/gke-cluster/allow-gke hub.md

@@ -43,24 +43,30 @@ apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
     config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
-  name: gkehub.googleapis.com
+  name: ${GKE_PROJECT_ID}-gkehub
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: gkehub.googleapis.com
 EOF
 cat <<EOF > ~/$WORKSHOP_ORG_DIR_NAME/config-sync/projects/$GKE_PROJECT_ID/anthos-configmanagement-service.yaml
 apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
     config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
-  name: anthosconfigmanagement.googleapis.com
+  name: ${GKE_PROJECT_ID}-anthosconfigmanagement
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: anthosconfigmanagement.googleapis.com
 EOF
 ```
 

content/gke-cluster/allow-gke.md

@@ -97,12 +97,15 @@ apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
     config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
-  name: container.googleapis.com
+  name: ${GKE_PROJECT_ID}-container
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: container.googleapis.com
 EOF
 ```
 {{% notice note %}}

content/ingress-gateway/set-up-ip-address.md

@@ -54,8 +54,6 @@ graph TD;
   ArtifactRegistryRepository-.->Project
   GKEHubFeature-.->Project
   ComputeAddress-.->Project
-  ComputeSecurityPolicy-.->Project
-  ComputeSSLPolicy-.->Project
   ComputeSubnetwork-->ComputeNetwork
   ComputeRouterNAT-->ComputeSubnetwork
   ComputeRouterNAT-->ComputeRouter

content/service-mesh/allow-asm.md

@@ -19,12 +19,15 @@ apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
     config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
-  name: mesh.googleapis.com
+  name: ${GKE_PROJECT_ID}-mesh
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: mesh.googleapis.com
 EOF
 ```