🚀 Enhancements
Allow configuring Shielded VM options @kpocius (#113)
Secure Boot (enabled in #93 -- my bad) causes issues when updating COS image, as noted by @dennislapchenko in #112. This is because it saves the known boot configuration and compares to it upon instance restart, but since we're swapping out the image, it fails.
One way around it is to run gcloud compute instances update <atlantis-vm-name> --shielded-learn-integrity-policy
, but there's no way to handle it gracefully in terraform.
This PR introduces an option to turn off secure boot, but does not change the current default behavior as it would cause instances to be recreated.
However, long term it would probably make sense to have secure boot set to off by default for most but the most locked down deployments. Otherwise as it currently stands, the instance needs to be either manually removed or the command given above needs to be executed after each COS update.