fix: disable confidential nodes

google/gke/gke.tf

@@ -11,7 +11,7 @@ resource "google_container_cluster" "gke_cluster" {
   ]
 
   project  = var.project_id
-  name     = var.cluster_name
+  name     = "${var.cluster_name}-cluster"
   location = var.cluster_location
 
   resource_labels = {
@@ -55,8 +55,9 @@ resource "google_container_cluster" "gke_cluster" {
   }
 
   # use confidential nodes which have memory encryption
+  # disabled since it requires the N2D machine type 
   confidential_nodes {
-    enabled = true
+    enabled = false
   }
 
   node_config {
@@ -138,7 +139,11 @@ resource "google_container_cluster" "gke_cluster" {
 
   # use stackdriver GKE native system monitoring for everything
   monitoring_config {
-    enable_components = ["SYSTEM_COMPONENTS", "WORKLOADS"]
+    enable_components = ["SYSTEM_COMPONENTS"]
+
+    managed_prometheus {
+      enabled = true
+    }
   }
 
   # kubernetes addons

google/gke/kms.tf

@@ -1,11 +1,11 @@
 resource "google_kms_key_ring" "k8s_key_ring" {
   project  = var.project_id
-  name     = "gke-etcd-keyring-gke-${var.cluster_name}"
+  name     = "gke-api-keyring-gke-${var.cluster_name}"
   location = var.cluster_region
 }
 
 resource "google_kms_crypto_key" "k8s_etcd_kms_key" {
-  name            = "gke-etcd-enc-key-gke-${var.cluster_name}"
+  name            = "gke-api-enc-key-gke-${var.cluster_name}"
   key_ring        = google_kms_key_ring.k8s_key_ring.id
   rotation_period = "100000s"
 }

providers.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= v1.1.4"
+  required_version = ">= v1.2.3"
 
   backend "gcs" {
     bucket = "ironsecurity-terraform-state"