feat: snyk infra proposals

autogpt_platform/infra/terraform/modules/gke_cluster/main.tf

@@ -6,6 +6,20 @@ resource "google_container_cluster" "primary" {
     workload_pool = "${var.project_id}.svc.id.goog"
   }
 
+  master_auth {
+    client_certificate_config {
+      issue_client_certificate = false
+    }
+  }
+
+  private_cluster_config {
+    enable_private_nodes    = true
+    enable_private_endpoint = true
+  }
+
+  network_policy {
+    enabled = true
+  } 
 
   dynamic "node_pool" {
     for_each = var.enable_autopilot ? [] : [1]
@@ -31,5 +45,8 @@ resource "google_container_cluster" "primary" {
     cluster_secondary_range_name  = "pods"
     services_secondary_range_name = "services"
   }
+  resource_labels = {
+    cluster_name = var.cluster_name
+  }
 }
 

autogpt_platform/infra/terraform/modules/networking/main.tf

@@ -18,5 +18,10 @@ resource "google_compute_subnetwork" "subnet" {
     range_name    = "services"
     ip_cidr_range = var.services_ip_cidr_range
   }
+  log_config {
+    flow_sampling = 0.5
+    aggregation_interval = "INTERVAL_10_MIN"
+    metadata      = "INCLUDE_ALL_METADATA"
+  }
 }
 

autogpt_platform/infra/terraform/modules/storage/main.tf

@@ -5,6 +5,12 @@ resource "google_storage_bucket" "public_buckets" {
   name          = "${var.project_id}-${each.value}"
   location      = var.region
   force_destroy = true
+  versioning {
+    enabled = false
+  }
+  logging {
+    log_bucket = "${var.project_id}-logging"
+  }
 
   uniform_bucket_level_access = true
 
@@ -47,6 +53,9 @@ resource "google_storage_bucket" "standard_buckets" {
     enabled = true
   }
 
+  logging {
+    log_bucket = "${var.project_id}-logging"
+  }
 }
 
 resource "google_storage_bucket_iam_member" "standard_access" {