Fix dependencies in gke multitenant stage

examples/gke-serverless/multitenant-fleet/gke-hub.tf

@@ -37,4 +37,8 @@ module "gke-hub" {
   workload_identity_clusters = (
     var.fleet_workload_identity ? keys(var.clusters) : []
   )
+
+  depends_on = [
+    module.gke-nodepool
+  ]
 }

examples/gke-serverless/multitenant-fleet/main.tf

@@ -21,27 +21,33 @@ module "gke-project-0" {
   parent          = var.folder_id
   prefix          = var.prefix
   group_iam       = var.group_iam
-  iam             = var.iam
   labels          = var.labels
+  iam = merge(var.iam, {
+    "roles/gkehub.serviceAgent" = [
+      "serviceAccount:${module.gke-project-0.service_accounts.robots.fleet}"
+    ] }
+  )
   services = concat(
     [
+      "anthos.googleapis.com",
+      "anthosconfigmanagement.googleapis.com",
       "cloudresourcemanager.googleapis.com",
       "container.googleapis.com",
       "dns.googleapis.com",
-      "iam.googleapis.com",
-      "stackdriver.googleapis.com",
-    ],
-    var.project_services,
-    !local.fleet_enabled ? [] : [
-      "anthosconfigmanagement.googleapis.com",
-      "anthos.googleapis.com",
       "gkeconnect.googleapis.com",
       "gkehub.googleapis.com",
+      "iam.googleapis.com",
       "multiclusteringress.googleapis.com",
       "multiclusterservicediscovery.googleapis.com",
+      "stackdriver.googleapis.com",
       "trafficdirector.googleapis.com"
-    ]
+    ],
+    var.project_services
   )
+  service_config = {
+    disable_on_destroy         = false
+    disable_dependent_services = false
+  }
   shared_vpc_service_config = {
     attach       = true
     host_project = var.vpc_config.host_project_id

fast/stages/03-gke-multitenant/dev/variables.tf

@@ -168,7 +168,7 @@ variable "fleet_features" {
 variable "fleet_workload_identity" {
   description = "Use Fleet Workload Identity for clusters. Enables GKE Hub if set to true."
   type        = bool
-  default     = true
+  default     = false
   nullable    = false
 }