change to binary_authorization, add support for additional services

fast/stages/03-gke-multitenant/_module/gke-clusters.tf

@@ -101,12 +101,12 @@ module "gke-cluster" {
       key_name = each.value.overrides.database_encryption_key
     }
   )
-  default_max_pods_per_node   = each.value.overrides.max_pods_per_node
-  enable_binary_authorization = each.value.overrides.enable_binary_authorization
-  master_authorized_ranges    = each.value.overrides.master_authorized_ranges
-  pod_security_policy         = each.value.overrides.pod_security_policy
-  release_channel             = each.value.overrides.release_channel
-  vertical_pod_autoscaling    = each.value.overrides.vertical_pod_autoscaling
+  default_max_pods_per_node = each.value.overrides.max_pods_per_node
+  binary_authorization      = each.value.overrides.binary_authorization
+  master_authorized_ranges  = each.value.overrides.master_authorized_ranges
+  pod_security_policy       = each.value.overrides.pod_security_policy
+  release_channel           = each.value.overrides.release_channel
+  vertical_pod_autoscaling  = each.value.overrides.vertical_pod_autoscaling
   # dynamic "cluster_autoscaling" {
   #   for_each = each.value.cluster_autoscaling == null ? {} : { 1 = 1 }
   #   content {

fast/stages/03-gke-multitenant/_module/main.tf

@@ -30,6 +30,7 @@ module "gke-project-0" {
       "iam.googleapis.com",
       "stackdriver.googleapis.com",
     ],
+    var.project_services,
     !local.fleet_enabled ? [] : [
       "anthosconfigmanagement.googleapis.com",
       "anthos.googleapis.com",

fast/stages/03-gke-multitenant/_module/variables.tf

@@ -34,7 +34,7 @@ variable "cluster_defaults" {
   type = object({
     cloudrun_config                 = bool
     database_encryption_key         = string
-    enable_binary_authorization     = bool
+    binary_authorization            = bool
     master_authorized_ranges        = map(string)
     max_pods_per_node               = number
     pod_security_policy             = bool
@@ -44,9 +44,9 @@ variable "cluster_defaults" {
   })
   default = {
     # TODO: review defaults
-    cloudrun_config             = false
-    database_encryption_key     = null
-    enable_binary_authorization = false
+    cloudrun_config         = false
+    database_encryption_key = null
+    binary_authorization    = false
     master_authorized_ranges = {
       rfc1918_1 = "10.0.0.0/8"
       rfc1918_2 = "172.16.0.0/12"
@@ -82,7 +82,7 @@ variable "clusters" {
     overrides = object({
       cloudrun_config                 = bool
       database_encryption_key         = string
-      enable_binary_authorization     = bool
+      binary_authorization            = bool
       master_authorized_ranges        = map(string)
       max_pods_per_node               = number
       pod_security_policy             = bool
@@ -220,6 +220,13 @@ variable "prefix" {
   type        = string
 }
 
+variable "project_services" {
+  description = "Additional project services to enable."
+  type        = list(string)
+  default     = []
+  nullable    = false
+}
+
 variable "vpc_config" {
   description = "Shared VPC project and VPC details."
   type = object({

fast/stages/03-gke-multitenant/dev/main.tf

@@ -23,6 +23,7 @@ module "gke-multitenant" {
   group_iam          = var.group_iam
   labels             = merge(var.labels, { environment = "dev" })
   prefix             = "${var.prefix}-dev"
+  project_services   = var.project_services
   vpc_config = {
     host_project_id = var.host_project_ids.dev-spoke-0
     vpc_self_link   = var.vpc_self_links.dev-spoke-0

fast/stages/03-gke-multitenant/dev/variables.tf

@@ -46,7 +46,7 @@ variable "cluster_defaults" {
   type = object({
     cloudrun_config                 = bool
     database_encryption_key         = string
-    enable_binary_authorization     = bool
+    binary_authorization            = bool
     master_authorized_ranges        = map(string)
     max_pods_per_node               = number
     pod_security_policy             = bool
@@ -56,9 +56,9 @@ variable "cluster_defaults" {
   })
   default = {
     # TODO: review defaults
-    cloudrun_config             = false
-    database_encryption_key     = null
-    enable_binary_authorization = false
+    cloudrun_config         = false
+    database_encryption_key = null
+    binary_authorization    = false
     master_authorized_ranges = {
       rfc1918_1 = "10.0.0.0/8"
       rfc1918_2 = "172.16.0.0/12"
@@ -94,7 +94,7 @@ variable "clusters" {
     overrides = object({
       cloudrun_config                 = bool
       database_encryption_key         = string
-      enable_binary_authorization     = bool
+      binary_authorization            = bool
       master_authorized_ranges        = map(string)
       max_pods_per_node               = number
       pod_security_policy             = bool
@@ -249,6 +249,13 @@ variable "prefix" {
   type        = string
 }
 
+variable "project_services" {
+  description = "Additional project services to enable."
+  type        = list(string)
+  default     = []
+  nullable    = false
+}
+
 variable "vpc_self_links" {
   # tfdoc:variable:source 02-networking
   description = "Self link for the shared VPC."