Skip to content
This repository was archived by the owner on May 7, 2025. It is now read-only.

Commit bc93987

Browse files
author
Mathieu Benoit
committed
depends-on and mermaid charts for WORKSHOP_ORG_DIR_NAME
1 parent adbfb17 commit bc93987

File tree

11 files changed

+207
-2
lines changed

11 files changed

+207
-2
lines changed

content/artifact-registry/allow-artifact-registry.md

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ metadata:
4646
cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
4747
cnrm.cloud.google.com/deletion-policy: "abandon"
4848
cnrm.cloud.google.com/disable-dependent-services: "false"
49+
resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
4950
name: artifactregistry.googleapis.com
5051
namespace: config-control
5152
EOF
@@ -66,6 +67,7 @@ metadata:
6667
cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
6768
cnrm.cloud.google.com/deletion-policy: "abandon"
6869
cnrm.cloud.google.com/disable-dependent-services: "false"
70+
resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
6971
name: containeranalysis.googleapis.com
7072
namespace: config-control
7173
EOF
@@ -77,6 +79,7 @@ metadata:
7779
cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
7880
cnrm.cloud.google.com/deletion-policy: "abandon"
7981
cnrm.cloud.google.com/disable-dependent-services: "false"
82+
resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
8083
name: containerscanning.googleapis.com
8184
namespace: config-control
8285
EOF
@@ -93,6 +96,33 @@ git push origin main
9396

9497
## Check deployments
9598

99+
{{< mermaid >}}
100+
graph TD;
101+
IAMServiceAccount-->Project
102+
IAMPartialPolicy-->IAMServiceAccount
103+
ConfigConnectorContext-->IAMServiceAccount
104+
IAMPolicyMember-->IAMServiceAccount
105+
IAMPolicyMember-->Project
106+
IAMPolicyMember-->IAMServiceAccount
107+
IAMPolicyMember-->Project
108+
IAMPolicyMember-->IAMServiceAccount
109+
IAMPolicyMember-->Project
110+
IAMPolicyMember-->IAMServiceAccount
111+
IAMPolicyMember-->Project
112+
IAMPolicyMember-->IAMServiceAccount
113+
IAMPolicyMember-->Project
114+
Service-->Project
115+
IAMPolicyMember-->IAMServiceAccount
116+
IAMPolicyMember-->Project
117+
Service-->Project
118+
Service-->Project
119+
IAMPolicyMember-->IAMServiceAccount
120+
IAMPolicyMember-->Project
121+
Service-->Project
122+
Service-->Project
123+
Service-->Project
124+
{{< /mermaid >}}
125+
96126
List the GCP resources created:
97127
```Bash
98128
gcloud projects get-iam-policy $GKE_PROJECT_ID \

content/artifact-registry/set-up-artifact-registry.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,27 @@ git push origin main
6464

6565
## Check deployments
6666

67+
{{< mermaid >}}
68+
graph TD;
69+
ComputeSubnetwork-->ComputeNetwork
70+
ComputeRouterNAT-->ComputeSubnetwork
71+
ComputeRouterNAT-->ComputeRouter
72+
ComputeRouter-->ComputeNetwork
73+
ContainerNodePool-->ContainerCluster
74+
ContainerNodePool-->IAMServiceAccount
75+
IAMPolicyMember-->IAMServiceAccount
76+
IAMPolicyMember-->IAMServiceAccount
77+
IAMPolicyMember-->IAMServiceAccount
78+
IAMPolicyMember-->IAMServiceAccount
79+
IAMPartialPolicy-->IAMServiceAccount
80+
ContainerCluster-->ComputeSubnetwork
81+
GKEHubFeatureMembership-->GKEHubMembership
82+
GKEHubFeatureMembership-->GKEHubFeature
83+
GKEHubMembership-->ContainerCluster
84+
IAMPolicyMember-->ArtifactRegistryRepository
85+
IAMPolicyMember-->IAMServiceAccount
86+
{{< /mermaid >}}
87+
6788
List the GCP resources created:
6889
```Bash
6990
gcloud projects get-iam-policy $GKE_PROJECT_ID \

content/gke-cluster/allow-gke hub.md

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ metadata:
4646
cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
4747
cnrm.cloud.google.com/deletion-policy: "abandon"
4848
cnrm.cloud.google.com/disable-dependent-services: "false"
49+
resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
4950
name: gkehub.googleapis.com
5051
namespace: config-control
5152
EOF
@@ -57,6 +58,7 @@ metadata:
5758
cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
5859
cnrm.cloud.google.com/deletion-policy: "abandon"
5960
cnrm.cloud.google.com/disable-dependent-services: "false"
61+
resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
6062
name: anthosconfigmanagement.googleapis.com
6163
namespace: config-control
6264
EOF
@@ -73,6 +75,28 @@ git push origin main
7375

7476
## Check deployments
7577

78+
{{< mermaid >}}
79+
graph TD;
80+
IAMServiceAccount-->Project
81+
IAMPartialPolicy-->IAMServiceAccount
82+
ConfigConnectorContext-->IAMServiceAccount
83+
IAMPolicyMember-->IAMServiceAccount
84+
IAMPolicyMember-->Project
85+
IAMPolicyMember-->IAMServiceAccount
86+
IAMPolicyMember-->Project
87+
IAMPolicyMember-->IAMServiceAccount
88+
IAMPolicyMember-->Project
89+
IAMPolicyMember-->IAMServiceAccount
90+
IAMPolicyMember-->Project
91+
IAMPolicyMember-->IAMServiceAccount
92+
IAMPolicyMember-->Project
93+
Service-->Project
94+
IAMPolicyMember-->IAMServiceAccount
95+
IAMPolicyMember-->Project
96+
Service-->Project
97+
Service-->Project
98+
{{< /mermaid >}}
99+
76100
List the GCP resources created:
77101
```Bash
78102
gcloud projects get-iam-policy $GKE_PROJECT_ID \

content/gke-cluster/allow-gke.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,7 @@ metadata:
100100
cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
101101
cnrm.cloud.google.com/deletion-policy: "abandon"
102102
cnrm.cloud.google.com/disable-dependent-services: "false"
103+
resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
103104
name: container.googleapis.com
104105
namespace: config-control
105106
EOF
@@ -231,6 +232,24 @@ git push origin main
231232

232233
## Check deployments
233234

235+
{{< mermaid >}}
236+
graph TD;
237+
IAMServiceAccount-->Project
238+
IAMPartialPolicy-->IAMServiceAccount
239+
ConfigConnectorContext-->IAMServiceAccount
240+
IAMPolicyMember-->IAMServiceAccount
241+
IAMPolicyMember-->Project
242+
IAMPolicyMember-->IAMServiceAccount
243+
IAMPolicyMember-->Project
244+
IAMPolicyMember-->IAMServiceAccount
245+
IAMPolicyMember-->Project
246+
IAMPolicyMember-->IAMServiceAccount
247+
IAMPolicyMember-->Project
248+
IAMPolicyMember-->IAMServiceAccount
249+
IAMPolicyMember-->Project
250+
Service-->Project
251+
{{< /mermaid >}}
252+
234253
List the GCP resources created:
235254
```Bash
236255
gcloud projects get-iam-policy $GKE_PROJECT_ID \

content/gke-cluster/create-gke-cluster.md

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -211,6 +211,22 @@ git push origin main
211211

212212
## Check deployments
213213

214+
{{< mermaid >}}
215+
graph TD;
216+
ComputeSubnetwork-->ComputeNetwork
217+
ComputeRouterNAT-->ComputeSubnetwork
218+
ComputeRouterNAT-->ComputeRouter
219+
ComputeRouter-->ComputeNetwork
220+
ContainerNodePool-->ContainerCluster
221+
ContainerNodePool-->IAMServiceAccount
222+
IAMPolicyMember-->IAMServiceAccount
223+
IAMPolicyMember-->IAMServiceAccount
224+
IAMPolicyMember-->IAMServiceAccount
225+
IAMPolicyMember-->IAMServiceAccount
226+
IAMPartialPolicy-->IAMServiceAccount
227+
ContainerCluster-->ComputeSubnetwork
228+
{{< /mermaid >}}
229+
214230
List the GCP resources created:
215231
```Bash
216232
gcloud projects get-iam-policy $GKE_PROJECT_ID \

content/gke-cluster/set-up-gke-configs-git-repo.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -144,6 +144,25 @@ git push origin main
144144

145145
## Check deployments
146146

147+
{{< mermaid >}}
148+
graph TD;
149+
ComputeSubnetwork-->ComputeNetwork
150+
ComputeRouterNAT-->ComputeSubnetwork
151+
ComputeRouterNAT-->ComputeRouter
152+
ComputeRouter-->ComputeNetwork
153+
ContainerNodePool-->ContainerCluster
154+
ContainerNodePool-->IAMServiceAccount
155+
IAMPolicyMember-->IAMServiceAccount
156+
IAMPolicyMember-->IAMServiceAccount
157+
IAMPolicyMember-->IAMServiceAccount
158+
IAMPolicyMember-->IAMServiceAccount
159+
IAMPartialPolicy-->IAMServiceAccount
160+
ContainerCluster-->ComputeSubnetwork
161+
GKEHubFeatureMembership-->GKEHubMembership
162+
GKEHubFeatureMembership-->GKEHubFeature
163+
GKEHubMembership-->ContainerCluster
164+
{{< /mermaid >}}
165+
147166
List the GitHub runs for the **GKE project configs** repository `cd ~/$GKE_PROJECT_DIR_NAME && gh run list`:
148167
```Plaintext
149168
STATUS NAME WORKFLOW BRANCH EVENT ID ELAPSED AGE

content/gke-project/create-gke-project.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,8 @@ kind: IAMServiceAccount
7777
metadata:
7878
name: ${GKE_PROJECT_ID}
7979
namespace: config-control
80+
annotations:
81+
config.kubernetes.io/depends-on: resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
8082
spec:
8183
displayName: ${GKE_PROJECT_ID}
8284
EOF
@@ -128,6 +130,8 @@ kind: ConfigConnectorContext
128130
metadata:
129131
name: configconnectorcontext.core.cnrm.cloud.google.com
130132
namespace: ${GKE_PROJECT_ID}
133+
annotations:
134+
config.kubernetes.io/depends-on: iam.cnrm.cloud.google.com/namespaces/${GKE_PROJECT_ID}/IAMServiceAccount/${GKE_PROJECT_ID}
131135
spec:
132136
googleServiceAccount: ${GKE_PROJECT_SA_EMAIL}
133137
EOF
@@ -144,6 +148,13 @@ git push origin main
144148

145149
## Check deployments
146150

151+
{{< mermaid >}}
152+
graph TD;
153+
IAMServiceAccount-->Project
154+
IAMPartialPolicy-->IAMServiceAccount
155+
ConfigConnectorContext-->IAMServiceAccount
156+
{{< /mermaid >}}
157+
147158
List the GCP resources created:
148159
```Bash
149160
gcloud projects describe $GKE_PROJECT_ID

content/networking/allow-networking.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,15 @@ git push origin main
4545

4646
## Check deployments
4747

48+
{{< mermaid >}}
49+
graph TD;
50+
IAMServiceAccount-->Project
51+
IAMPartialPolicy-->IAMServiceAccount
52+
ConfigConnectorContext-->IAMServiceAccount
53+
IAMPolicyMember-->IAMServiceAccount
54+
IAMPolicyMember-->Project
55+
{{< /mermaid >}}
56+
4857
List the GCP resources created:
4958
```Bash
5059
gcloud projects get-iam-policy $GKE_PROJECT_ID \

content/networking/set-up-network.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,14 @@ git push origin main
102102

103103
## Check deployments
104104

105+
{{< mermaid >}}
106+
graph TD;
107+
ComputeSubnetwork-->ComputeNetwork
108+
ComputeRouterNAT-->ComputeSubnetwork
109+
ComputeRouterNAT-->ComputeRouter
110+
ComputeRouter-->ComputeNetwork
111+
{{< /mermaid >}}
112+
105113
List the GCP resources created:
106114
```Bash
107115
gcloud compute networks list \

content/service-mesh/allow-asm.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ metadata:
2222
cnrm.cloud.google.com/project-id: ${GKE_PROJECT_ID}
2323
cnrm.cloud.google.com/deletion-policy: "abandon"
2424
cnrm.cloud.google.com/disable-dependent-services: "false"
25+
resourcemanager.cnrm.cloud.google.com/namespaces/config-control/Project/${GKE_PROJECT_ID}
2526
name: mesh.googleapis.com
2627
namespace: config-control
2728
EOF
@@ -38,6 +39,34 @@ git push origin main
3839

3940
## Check deployments
4041

42+
{{< mermaid >}}
43+
graph TD;
44+
IAMServiceAccount-->Project
45+
IAMPartialPolicy-->IAMServiceAccount
46+
ConfigConnectorContext-->IAMServiceAccount
47+
IAMPolicyMember-->IAMServiceAccount
48+
IAMPolicyMember-->Project
49+
IAMPolicyMember-->IAMServiceAccount
50+
IAMPolicyMember-->Project
51+
IAMPolicyMember-->IAMServiceAccount
52+
IAMPolicyMember-->Project
53+
IAMPolicyMember-->IAMServiceAccount
54+
IAMPolicyMember-->Project
55+
IAMPolicyMember-->IAMServiceAccount
56+
IAMPolicyMember-->Project
57+
Service-->Project
58+
IAMPolicyMember-->IAMServiceAccount
59+
IAMPolicyMember-->Project
60+
Service-->Project
61+
Service-->Project
62+
IAMPolicyMember-->IAMServiceAccount
63+
IAMPolicyMember-->Project
64+
Service-->Project
65+
Service-->Project
66+
Service-->Project
67+
Service-->Project
68+
{{< /mermaid >}}
69+
4170
List the GitHub runs for the **Org configs** repository `cd ~/$WORKSHOP_ORG_DIR_NAME && gh run list`:
4271
```Plaintext
4372
STATUS NAME WORKFLOW BRANCH EVENT ID ELAPSED AGE

0 commit comments

Comments
 (0)