From 67c9e0305f974ac70723fba421e5e315a1b0543a Mon Sep 17 00:00:00 2001 From: Admiral Date: Wed, 21 Feb 2024 17:23:20 +0100 Subject: [PATCH] Update k3s-workers.tf Added some more secure stuff --- k3s-workers.tf | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/k3s-workers.tf b/k3s-workers.tf index aecbe1c..c050208 100644 --- a/k3s-workers.tf +++ b/k3s-workers.tf @@ -1,5 +1,4 @@ resource "oci_core_instance_pool" "k3s_workers" { - depends_on = [ oci_load_balancer_load_balancer.k3s_load_balancer, ] @@ -79,10 +78,16 @@ resource "oci_core_instance" "k3s_extra_worker_node" { nsg_ids = [oci_core_network_security_group.lb_to_instances_http.id] hostname_label = "k3s-extra-worker-node" } + instance_options { + are_legacy_imds_endpoints_disabled = true + } + launch_options { + is_pv_encryption_in_transit_enabled = true + } - metadata = { - "ssh_authorized_keys" = file(var.public_key_path) - "user_data" = data.cloudinit_config.k3s_worker_tpl.rendered + metadata = { + "ssh_authorized_keys" = var.ssh_authorized_keys_content + "user_data" = data.cloudinit_config.k3s_worker_tpl.rendered } freeform_tags = { @@ -92,4 +97,4 @@ resource "oci_core_instance" "k3s_extra_worker_node" { "k3s-cluster-name" = "${var.cluster_name}" "k3s-instance-type" = "k3s-worker" } -} \ No newline at end of file +}