diff --git a/README.md b/README.md index 80b873d..1680517 100644 --- a/README.md +++ b/README.md @@ -212,7 +212,7 @@ done | vault\_allowed\_cidrs | List of CIDR blocks to allow access to the Vault nodes. Since the load balancer is a pass-through load balancer, this must also include all IPs from which you will access Vault. The default is unrestricted (any IP address can access Vault). It is recommended that you reduce this to a smaller list. | `list(string)` |
[| no | | vault\_args | Additional command line arguments passed to Vault server | `string` | `""` | no | | vault\_ca\_cert\_filename | GCS object path within the vault\_tls\_bucket. This is the root CA certificate. | `string` | `"ca.crt"` | no | -| vault\_instance\_base\_image | Base operating system image in which to install Vault. This must be a Debian-based system at the moment due to how the metadata startup script runs. | `string` | `"debian-cloud/debian-10"` | no | +| vault\_instance\_base\_image | Base operating system image in which to install Vault. This must be a Debian-based system at the moment due to how the metadata startup script runs. | `string` | `"debian-cloud/debian-12"` | no | | vault\_instance\_labels | Labels to apply to the Vault instances. | `map(string)` | `{}` | no | | vault\_instance\_metadata | Additional metadata to add to the Vault instances. | `map(string)` | `{}` | no | | vault\_instance\_tags | Additional tags to apply to the instances. Note 'allow-ssh' and 'allow-vault' will be present on all instances. | `list(string)` | `[]` | no | diff --git a/modules/cluster/README.md b/modules/cluster/README.md index 65b7ae4..b86115b 100644 --- a/modules/cluster/README.md +++ b/modules/cluster/README.md @@ -60,7 +60,7 @@ module "vault_cluster" { | user\_vault\_config | Additional user-provided vault config added at the end of standard vault config | `string` | `""` | no | | vault\_args | Additional command line arguments passed to Vault server | `string` | `""` | no | | vault\_ca\_cert\_filename | GCS object path within the vault\_tls\_bucket. This is the root CA certificate. | `string` | `"ca.crt"` | no | -| vault\_instance\_base\_image | Base operating system image in which to install Vault. This must be a Debian-based system at the moment due to how the metadata startup script runs. | `string` | `"debian-cloud/debian-10"` | no | +| vault\_instance\_base\_image | Base operating system image in which to install Vault. This must be a Debian-based system at the moment due to how the metadata startup script runs. | `string` | `"debian-cloud/debian-12"` | no | | vault\_instance\_labels | Labels to apply to the Vault instances. | `map(string)` | `{}` | no | | vault\_instance\_metadata | Additional metadata to add to the Vault instances. | `map(string)` | `{}` | no | | vault\_instance\_tags | Additional tags to apply to the instances. Note 'allow-ssh' and 'allow-vault' will be present on all instances. | `list(string)` | `[]` | no | diff --git a/modules/cluster/variables.tf b/modules/cluster/variables.tf index 3637cbc..639dfbd 100644 --- a/modules/cluster/variables.tf +++ b/modules/cluster/variables.tf @@ -156,7 +156,7 @@ variable "vault_instance_metadata" { variable "vault_instance_base_image" { type = string - default = "debian-cloud/debian-10" + default = "debian-cloud/debian-12" description = "Base operating system image in which to install Vault. This must be a Debian-based system at the moment due to how the metadata startup script runs." } diff --git a/variables.tf b/variables.tf index 32a12ba..6c83ae4 100644 --- a/variables.tf +++ b/variables.tf @@ -385,7 +385,7 @@ variable "vault_instance_metadata" { variable "vault_instance_base_image" { type = string - default = "debian-cloud/debian-10" + default = "debian-cloud/debian-12" description = "Base operating system image in which to install Vault. This must be a Debian-based system at the moment due to how the metadata startup script runs." }
"0.0.0.0/0"
]