-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbastion.tf
More file actions
20 lines (16 loc) · 778 Bytes
/
bastion.tf
File metadata and controls
20 lines (16 loc) · 778 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# OCI Bastion Service — managed SSH proxy (Always Free, no storage)
# When enable_bastion = true, creates a STANDARD bastion associated with the
# private subnet. Sessions originate from within the private subnet CIDR, so
# the k3s node NSGs allow SSH from var.private_subnet_cidr.
#
# Use example/get-kubeconfig.sh (or create sessions manually via OCI CLI) to
# connect to nodes. No public VM, no boot volume, no storage cost.
resource "oci_bastion_bastion" "k3s" {
count = var.enable_bastion ? 1 : 0
bastion_type = "STANDARD"
compartment_id = var.compartment_ocid
target_subnet_id = oci_core_subnet.private.id
name = "${var.cluster_name}-bastion"
client_cidr_block_allow_list = [var.my_public_ip_cidr]
freeform_tags = local.common_tags
}