Update template.tf

Enabled in-transit encryption, add OCI cloud agent parameters previously missing
AdmiraalA · Feb 21, 2024 · a6284ae · a6284ae
1 parent 932afb2
commit a6284ae
Showing 1 changed file with 23 additions and 23 deletions.
diff --git a/template.tf b/template.tf
@@ -1,26 +1,25 @@
 resource "oci_core_instance_configuration" "k3s_server_template" {
-
   compartment_id = var.compartment_ocid
   display_name   = "k3s server configuration"
 
   freeform_tags = {
     "provisioner"           = "terraform"
-    "environment"           = "${var.environment}"
-    "${var.unique_tag_key}" = "${var.unique_tag_value}"
+    "environment"           = var.environment
+    "${var.unique_tag_key}" = var.unique_tag_value
     "k3s-template-type"     = "k3s-server"
   }
 
   instance_details {
     instance_type = "compute"
 
     launch_details {
-
-      agent_config {
-        is_management_disabled = "false"
-        is_monitoring_disabled = "false"
+        is_pv_encryption_in_transit_enabled = true
+        agent_config {
+        is_management_disabled = false
+        is_monitoring_disabled = false
 
         plugins_config {
-          desired_state = "DISABLED"
+          desired_state = "ENABLED"
           name          = "Vulnerability Scanning"
         }
 
@@ -47,14 +46,15 @@ resource "oci_core_instance_configuration" "k3s_server_template" {
       display_name = "k3s server template"
 
       metadata = {
-        "ssh_authorized_keys" = file(var.public_key_path)
+        "ssh_authorized_keys" = var.ssh_authorized_keys_content
         "user_data"           = data.cloudinit_config.k3s_server_tpl.rendered
+        "OCI_METADATA_LEGACY" = "false"  # Disable metadata V1 endpoint
       }
 
       shape = var.compute_shape
       shape_config {
-        memory_in_gbs = "6"
-        ocpus         = "1"
+        memory_in_gbs = 6
+        ocpus         = 1
       }
       source_details {
         image_id    = var.os_image_id
@@ -65,25 +65,24 @@ resource "oci_core_instance_configuration" "k3s_server_template" {
 }
 
 resource "oci_core_instance_configuration" "k3s_worker_template" {
-
   compartment_id = var.compartment_ocid
   display_name   = "k3s worker configuration"
 
   freeform_tags = {
     "provisioner"           = "terraform"
-    "environment"           = "${var.environment}"
-    "${var.unique_tag_key}" = "${var.unique_tag_value}"
+    "environment"           = var.environment
+    "${var.unique_tag_key}" = var.unique_tag_value
     "k3s-template-type"     = "k3s-worker"
   }
 
   instance_details {
     instance_type = "compute"
 
     launch_details {
-
-      agent_config {
-        is_management_disabled = "false"
-        is_monitoring_disabled = "false"
+        is_pv_encryption_in_transit_enabled = true
+        agent_config {
+        is_management_disabled = false
+        is_monitoring_disabled = false
 
         plugins_config {
           desired_state = "DISABLED"
@@ -113,19 +112,20 @@ resource "oci_core_instance_configuration" "k3s_worker_template" {
       display_name = "k3s worker template"
 
       metadata = {
-        "ssh_authorized_keys" = file(var.public_key_path)
+        "ssh_authorized_keys" = var.ssh_authorized_keys_content
         "user_data"           = data.cloudinit_config.k3s_worker_tpl.rendered
+        "OCI_METADATA_LEGACY" = "false"  # Disable metadata V1 endpoint
       }
 
       shape = var.compute_shape
       shape_config {
-        memory_in_gbs = "6"
-        ocpus         = "1"
+        memory_in_gbs = 6
+        ocpus         = 1
       }
       source_details {
         image_id    = var.os_image_id
         source_type = "image"
       }
     }
-  }
-}
+}
+}