diff --git a/fast/stages/03-gke-multitenant/_module/gke-clusters.tf b/fast/stages/03-gke-multitenant/_module/gke-clusters.tf
index 7eaeddf2f..79794e566 100644
--- a/fast/stages/03-gke-multitenant/_module/gke-clusters.tf
+++ b/fast/stages/03-gke-multitenant/_module/gke-clusters.tf
@@ -102,7 +102,6 @@ module "gke-cluster" {
     }
   )
   default_max_pods_per_node = each.value.overrides.max_pods_per_node
-  binary_authorization      = each.value.overrides.binary_authorization
   master_authorized_ranges  = each.value.overrides.master_authorized_ranges
   pod_security_policy       = each.value.overrides.pod_security_policy
   release_channel           = each.value.overrides.release_channel
diff --git a/fast/stages/03-gke-multitenant/_module/gke-hub.tf b/fast/stages/03-gke-multitenant/_module/gke-hub.tf
index 8979605cb..9830c7fc2 100644
--- a/fast/stages/03-gke-multitenant/_module/gke-hub.tf
+++ b/fast/stages/03-gke-multitenant/_module/gke-hub.tf
@@ -18,9 +18,9 @@ locals {
   fleet_enabled = (
     var.fleet_features != null || var.fleet_workload_identity
   )
-  fleet_mcs_enabled = local.fleet_enabled && lookup(
-    coalesce(var.fleet_features, {}), "multiclusterservicediscovery", false
-  ) == true
+  fleet_mcs_enabled = (
+    try(var.fleet_features.multiclusterservicediscovery, false) == true
+  )
 }
 
 module "gke-hub" {
diff --git a/fast/stages/03-gke-multitenant/_module/variables.tf b/fast/stages/03-gke-multitenant/_module/variables.tf
index 15f180785..35df5615b 100644
--- a/fast/stages/03-gke-multitenant/_module/variables.tf
+++ b/fast/stages/03-gke-multitenant/_module/variables.tf
@@ -34,7 +34,6 @@ variable "cluster_defaults" {
   type = object({
     cloudrun_config                 = bool
     database_encryption_key         = string
-    binary_authorization            = bool
     master_authorized_ranges        = map(string)
     max_pods_per_node               = number
     pod_security_policy             = bool
@@ -46,7 +45,6 @@ variable "cluster_defaults" {
     # TODO: review defaults
     cloudrun_config         = false
     database_encryption_key = null
-    binary_authorization    = false
     master_authorized_ranges = {
       rfc1918_1 = "10.0.0.0/8"
       rfc1918_2 = "172.16.0.0/12"
@@ -80,9 +78,9 @@ variable "clusters" {
       subnet       = string
     })
     overrides = object({
-      cloudrun_config                 = bool
-      database_encryption_key         = string
-      binary_authorization            = bool
+      cloudrun_config         = bool
+      database_encryption_key = string
+      # binary_authorization            = bool
       master_authorized_ranges        = map(string)
       max_pods_per_node               = number
       pod_security_policy             = bool