Option to enable Binary Authorization in new GKE clusters
Problem to solve
We want to support Binary Authorization for GitLab users. The first requirement is to enable the feature in the cluster.
The GCP project where the cluster is created should have Binary Authorization API enabled. This can be checked before adding the ability to enable the feature.
There is a brief overview for binauthz overall that includes enabling this feature which can be found here: https://gitlab.com/gitlab-org/gitlab-ee/issues/7268#proposal
We should make it possible to enable binary authorization for clusters that are being created using our GKE integration. Because we only have the credential at the time of cluster creation, for now that is the only time that we will be able to add the feature automatically for the user. For already created clusters, we should point people to the documentation for enabling it in an existing cluster.
Add an action in GKE cluster creation page to enable Binary Authorization. If Binary Authorization API are not enabled, the option should be disabled and:
- a message should explain how to enable them
- OR a message should link to documentation
- OR an action should allow to enable them for the project
What does success look like, and how can we measure that?
Number of clusters that have Binary Authorization enabled.
Links / references
- Binary Authorization: https://cloud.google.com/binary-authorization/