Fix git commit for allow-memorystore in onlineboutique + implement depends-on

Author: Mathieu Benoit

content/onlineboutique/allow-memorystore.md

@@ -19,11 +19,15 @@ apiVersion: serviceusage.cnrm.cloud.google.com/v1beta1
 kind: Service
 metadata:
   annotations:
-    cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
     cnrm.cloud.google.com/deletion-policy: "abandon"
     cnrm.cloud.google.com/disable-dependent-services: "false"
-  name: redis.googleapis.com
+    config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
+  name: ${GKE_PROJECT_ID}-redis
   namespace: config-control
+spec:
+  projectRef:
+    name: ${GKE_PROJECT_ID}
+  resourceID: redis.googleapis.com
 EOF
 ```
 
@@ -37,6 +41,8 @@ kind: IAMPolicyMember
 metadata:
   name: redis-admin-${GKE_PROJECT_ID}
   namespace: config-control
+  annotations:
+    config.kubernetes.io/depends-on: iam.cnrm.cloud.google.com/namespaces/config-control/IAMServiceAccount/${GKE_PROJECT_ID},resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
 spec:
   memberFrom:
     serviceAccountRef:
@@ -107,6 +113,47 @@ EOF
 
 ## Deploy Kubernetes manifests
 
+```Bash
+cd ~/$WORKSHOP_ORG_DIR_NAME/
+git add .
+git commit -m "Allow Security for GKE project"
+git push origin main
+```
+
+## Check deployments
+
+{{< mermaid >}}
+graph TD;
+  IAMServiceAccount-->Project
+  IAMPartialPolicy-->IAMServiceAccount
+  ConfigConnectorContext-->IAMServiceAccount
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  Service-->Project
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  Service-->Project
+  Service-->Project
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  Service-->Project
+  Service-->Project
+  Service-->Project
+  Service-->Project
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->Project
+  Service-->Project
+  IAMPolicyMember-->IAMServiceAccount
+{{< /mermaid >}}
+
 List the GCP resources created:
 ```Bash
 gcloud projects get-iam-policy $GKE_PROJECT_ID \

content/onlineboutique/set-up-memorystore.md

@@ -26,6 +26,8 @@ kind: RedisInstance
 metadata:
   name: ${REDIS_NAME}
   namespace: ${GKE_PROJECT_ID}
+  annotations:
+    config.kubernetes.io/depends-on: compute.cnrm.cloud.google.com/namespaces/${GKE_PROJECT_ID}/ComputeNetwork/${GKE_NAME}
 spec:
   region: ${GKE_LOCATION}
   tier: BASIC
@@ -59,6 +61,37 @@ echo "export REDIS_PORT=${REDIS_PORT}" >> ~/acm-workshop-variables.sh
 
 ## Check deployments
 
+{{< mermaid >}}
+graph TD;
+  ComputeNetwork-.->Project
+  IAMServiceAccount-.->Project
+  GKEHubFeature-.->Project
+  ArtifactRegistryRepository-.->Project
+  GKEHubFeature-.->Project
+  ComputeAddress-.->Project
+  ComputeSecurityPolicy-.->Project
+  ComputeSSLPolicy-.->Project
+  ComputeSubnetwork-->ComputeNetwork
+  ComputeRouterNAT-->ComputeSubnetwork
+  ComputeRouterNAT-->ComputeRouter
+  ComputeRouter-->ComputeNetwork
+  ContainerNodePool-->ContainerCluster
+  ContainerNodePool-->IAMServiceAccount
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPolicyMember-->IAMServiceAccount
+  IAMPartialPolicy-->IAMServiceAccount
+  ContainerCluster-->ComputeSubnetwork
+  GKEHubFeatureMembership-->GKEHubMembership
+  GKEHubFeatureMembership-->GKEHubFeature
+  GKEHubMembership-->ContainerCluster
+  IAMPolicyMember-->ArtifactRegistryRepository
+  IAMPolicyMember-->IAMServiceAccount
+  RedisInstance-.->Project
+  RedisInstance-->ComputeNetwork
+{{< /mermaid >}}
+
 List the GCP resources created:
 ```Bash
 gcloud redis instances list \