From 2e0c856db12364dc824c038f018515399c9b9276 Mon Sep 17 00:00:00 2001
From: Marco Ferrari <ferrarim@google.com>
Date: Mon, 23 Dec 2024 10:39:59 +0100
Subject: [PATCH] feat: configure the gke cluster for fl (#73)

Configure the GKE cluster for the federated learning use case
---
 .../gke/base/use-cases/federated-learning/README.md   | 11 ++++++++---
 .../gke/base/use-cases/federated-learning/common.sh   |  3 ++-
 .../terraform/container_image_repository/main.tf      |  2 +-
 .../terraform/private_google_access/main.tf           |  6 +++---
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/platforms/gke/base/use-cases/federated-learning/README.md b/platforms/gke/base/use-cases/federated-learning/README.md
index 5efb9282..14e529fd 100644
--- a/platforms/gke/base/use-cases/federated-learning/README.md
+++ b/platforms/gke/base/use-cases/federated-learning/README.md
@@ -1,16 +1,21 @@
 # Federated learning on Google Cloud
 
+## Configure the Federated learning reference architecture
+
+You can configure the reference architecture by modifying files in
+`platforms/gke/base/use-cases/federated-learning/terraform/_shared_config`.
+
 ## Deploy the Federated learning reference architecture
 
-1. Provision the Federated Learning reference architecture:
+1. Provision the Federated learning reference architecture:
 
    ```sh
    "${ACP_PLATFORM_BASE_DIR}/use-cases/federated-learning/deploy.sh"
    ```
 
-## Teardown the Federated Learning reference architecture
+## Teardown the Federated learning reference architecture
 
-1. Teardown the Federated Learning reference architecture:
+1. Teardown the Federated learning reference architecture:
 
    ```sh
    "${ACP_PLATFORM_BASE_DIR}/use-cases/federated-learning/teardown.sh"
diff --git a/platforms/gke/base/use-cases/federated-learning/common.sh b/platforms/gke/base/use-cases/federated-learning/common.sh
index 3df802d6..8b92cfd9 100755
--- a/platforms/gke/base/use-cases/federated-learning/common.sh
+++ b/platforms/gke/base/use-cases/federated-learning/common.sh
@@ -33,13 +33,14 @@ FEDERATED_LEARNING_SHARED_CONFIG_DIR="${FEDERATED_LEARNING_USE_CASE_TERRAFORM_DI
 
 # shellcheck disable=SC2034 # Variable is used in other scripts
 federated_learning_terraservices=(
-  "initialize"
   "container_image_repository"
   "private_google_access"
 )
 
 # shellcheck disable=SC2034 # Variable is used in other scripts
 TERRAFORM_CLUSTER_CONFIGURATION=(
+  "cluster_binary_authorization_evaluation_mode = \"PROJECT_SINGLETON_POLICY_ENFORCE\""
+  "cluster_confidential_nodes_enabled = false"
 )
 
 apply_or_destroy_terraservice() {
diff --git a/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf b/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf
index cb04e8ea..80282b51 100644
--- a/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf
+++ b/platforms/gke/base/use-cases/federated-learning/terraform/container_image_repository/main.tf
@@ -14,7 +14,7 @@
 
 resource "google_artifact_registry_repository" "container_image_repository" {
   location      = var.cluster_region
-  repository_id = "federated-learning-container-image-repository"
+  repository_id = "${local.unique_identifier_prefix}-fl-repository"
   description   = "Federated Learning container image repository"
   format        = "DOCKER"
   project       = google_project_service.artifactregistry_googleapis_com.project
diff --git a/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf b/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf
index d45d2311..e2babcdd 100644
--- a/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf
+++ b/platforms/gke/base/use-cases/federated-learning/terraform/private_google_access/main.tf
@@ -37,7 +37,7 @@ data "google_compute_network" "main_vpc_network" {
 
 resource "google_dns_managed_zone" "private_google_access" {
   project     = google_project_service.dns_googleapis_com.project
-  name        = "private-google-apis"
+  name        = "${local.unique_identifier_prefix}-private-google-apis"
   dns_name    = "googleapis.com."
   description = "Private DNS zone for Google APIs"
   visibility  = "private"
@@ -51,7 +51,7 @@ resource "google_dns_managed_zone" "private_google_access" {
 
 resource "google_dns_managed_zone" "private_google_access_container_registry" {
   project     = google_project_service.dns_googleapis_com.project
-  name        = "private-google-access-container-registry"
+  name        = "${local.unique_identifier_prefix}-private-google-access-container-registry"
   dns_name    = "gcr.io."
   description = "Private DNS zone for Container Registry"
   visibility  = "private"
@@ -65,7 +65,7 @@ resource "google_dns_managed_zone" "private_google_access_container_registry" {
 
 resource "google_dns_managed_zone" "private_google_access_artifact_registry" {
   project     = google_project_service.dns_googleapis_com.project
-  name        = "private-google-access-artifact-registry"
+  name        = "${local.unique_identifier_prefix}-private-google-access-artifact-registry"
   dns_name    = "pkg.dev."
   description = "Private DNS zone for Artifact Registry"
   visibility  = "private"