terraform-google-kubernetes-engine/modules/binary-authorization/metadata.yaml at 36266df626fae2f9aa1f02fb72b1a163dc716117 · terraform-google-modules/terraform-google-kubernetes-engine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# Copyright 2026 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: blueprints.cloud.google.com/v1alpha1
kind: BlueprintMetadata
metadata:
  name: terraform-google-kubernetes-engine-binary-authorization
  annotations:
    config.kubernetes.io/local-config: "true"
spec:
  info:
    title: Binary Authorization Infrastructure
    source:
      repo: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine.git
      sourceType: git
      dir: /modules/binary-authorization
    version: 43.0.0
    actuationTool:
      flavor: Terraform
      version: ">= 1.3"
    description: {}
  content:
    examples:
      - name: autopilot_private_firewalls
        location: examples/autopilot_private_firewalls
      - name: confidential_autopilot_private
        location: examples/confidential_autopilot_private
      - name: confidential_safer_cluster
        location: examples/confidential_safer_cluster
      - name: deploy_service
        location: examples/deploy_service
      - name: disable_client_cert
        location: examples/disable_client_cert
      - name: gke_autopilot_cluster
        location: examples/gke_autopilot_cluster
      - name: gke_standard_cluster
        location: examples/gke_standard_cluster
      - name: island_cluster_anywhere_in_gcp_design
        location: examples/island_cluster_anywhere_in_gcp_design
      - name: island_cluster_with_vm_router
        location: examples/island_cluster_with_vm_router
      - name: node_pool
        location: examples/node_pool
      - name: node_pool_update_variant
        location: examples/node_pool_update_variant
      - name: node_pool_update_variant_beta
        location: examples/node_pool_update_variant_beta
      - name: node_pool_update_variant_public_beta
        location: examples/node_pool_update_variant_public_beta
      - name: private_zonal_with_networking
        location: examples/private_zonal_with_networking
      - name: regional_private_node_pool_oauth_scopes
        location: examples/regional_private_node_pool_oauth_scopes
      - name: safer_cluster
        location: examples/safer_cluster
      - name: safer_cluster_iap_bastion
        location: examples/safer_cluster_iap_bastion
      - name: shared_vpc
        location: examples/shared_vpc
      - name: simple_autopilot_private
        location: examples/simple_autopilot_private
      - name: simple_autopilot_private_cmek
        location: examples/simple_autopilot_private_cmek
      - name: simple_autopilot_private_non_default_sa
        location: examples/simple_autopilot_private_non_default_sa
      - name: simple_autopilot_public
        location: examples/simple_autopilot_public
      - name: simple_fleet_app_operator_permissions
        location: examples/simple_fleet_app_operator_permissions
      - name: simple_regional
        location: examples/simple_regional
      - name: simple_regional_additional_ip_ranges
        location: examples/simple_regional_additional_ip_ranges
      - name: simple_regional_beta
        location: examples/simple_regional_beta
      - name: simple_regional_cluster_autoscaling
        location: examples/simple_regional_cluster_autoscaling
      - name: simple_regional_private
        location: examples/simple_regional_private
      - name: simple_regional_private_beta
        location: examples/simple_regional_private_beta
      - name: simple_regional_private_with_cluster_version
        location: examples/simple_regional_private_with_cluster_version
      - name: simple_regional_with_gateway_api
        location: examples/simple_regional_with_gateway_api
      - name: simple_regional_with_ipv6
        location: examples/simple_regional_with_ipv6
      - name: simple_regional_with_kubeconfig
        location: examples/simple_regional_with_kubeconfig
      - name: simple_regional_with_networking
        location: examples/simple_regional_with_networking
      - name: simple_windows_node_pool
        location: examples/simple_windows_node_pool
      - name: simple_zonal_private
        location: examples/simple_zonal_private
      - name: simple_zonal_with_hub
        location: examples/simple_zonal_with_hub
      - name: simple_zonal_with_hub_kubeconfig
        location: examples/simple_zonal_with_hub_kubeconfig
      - name: stub_domains
        location: examples/stub_domains
      - name: stub_domains_private
        location: examples/stub_domains_private
      - name: stub_domains_upstream_nameservers
        location: examples/stub_domains_upstream_nameservers
      - name: terraform
        location: examples/acm-terraform-blog-part1/terraform
      - name: terraform
        location: examples/acm-terraform-blog-part2/terraform
      - name: terraform
        location: examples/acm-terraform-blog-part3/terraform
      - name: upstream_nameservers
        location: examples/upstream_nameservers
      - name: workload_identity
        location: examples/workload_identity
      - name: workload_metadata_config
        location: examples/workload_metadata_config
  interfaces:
    variables:
      - name: project_id
        description: Project ID to apply services into
        varType: string
        required: true
      - name: attestor-name
        description: Name of the attestor
        varType: string
        required: true
      - name: keyring-id
        description: Keyring ID to attach attestor keys
        varType: string
        required: true
      - name: crypto-algorithm
        description: Algorithm used for the async signing keys
        varType: string
        defaultValue: RSA_SIGN_PKCS1_4096_SHA512
      - name: disable_services_on_destroy
        description: Whether project services will be disabled when the resources are destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_on_destroy
        varType: bool
        defaultValue: false
      - name: disable_dependent_services
        description: Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. https://www.terraform.io/docs/providers/google/r/google_project_service.html#disable_dependent_services
        varType: bool
        defaultValue: false
    outputs:
      - name: attestor
        description: Name of the built attestor
      - name: key
        description: Name of the Key created for the attestor
  requirements:
    roles:
      - level: Project
        roles:
          - roles/editor
    providerVersions:
      - source: hashicorp/google
        version: < 8
      - source: hashicorp/google-beta
        version: < 8