diff --git a/scaletest/terraform/infra/gcp_cluster.tf b/scaletest/terraform/infra/gcp_cluster.tf
index 577894790d7ff..c37132c38071b 100644
--- a/scaletest/terraform/infra/gcp_cluster.tf
+++ b/scaletest/terraform/infra/gcp_cluster.tf
@@ -41,16 +41,25 @@ resource "google_container_cluster" "primary" {
   workload_identity_config {
     workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
   }
+
+
+  lifecycle {
+    ignore_changes = [
+      maintenance_policy,
+      release_channel,
+      remove_default_node_pool
+    ]
+  }
 }
 
 resource "google_container_node_pool" "coder" {
-  name       = "${var.name}-coder"
-  location   = var.zone
-  project    = var.project_id
-  cluster    = google_container_cluster.primary.name
-  node_count = var.state == "stopped" ? 0 : var.nodepool_size_coder
-  management {
-    auto_upgrade = false
+  name     = "${var.name}-coder"
+  location = var.zone
+  project  = var.project_id
+  cluster  = google_container_cluster.primary.name
+  autoscaling {
+    min_node_count = 1
+    max_node_count = var.nodepool_size_coder
   }
   node_config {
     oauth_scopes = [
@@ -74,14 +83,20 @@ resource "google_container_node_pool" "coder" {
       disable-legacy-endpoints = "true"
     }
   }
+  lifecycle {
+    ignore_changes = [management[0].auto_repair, management[0].auto_upgrade, timeouts]
+  }
 }
 
 resource "google_container_node_pool" "workspaces" {
-  name       = "${var.name}-workspaces"
-  location   = var.zone
-  project    = var.project_id
-  cluster    = google_container_cluster.primary.name
-  node_count = var.state == "stopped" ? 0 : var.nodepool_size_workspaces
+  name     = "${var.name}-workspaces"
+  location = var.zone
+  project  = var.project_id
+  cluster  = google_container_cluster.primary.name
+  autoscaling {
+    min_node_count       = 0
+    total_max_node_count = var.nodepool_size_workspaces
+  }
   management {
     auto_upgrade = false
   }
@@ -107,6 +122,9 @@ resource "google_container_node_pool" "workspaces" {
       disable-legacy-endpoints = "true"
     }
   }
+  lifecycle {
+    ignore_changes = [management[0].auto_repair, management[0].auto_upgrade, timeouts]
+  }
 }
 
 resource "google_container_node_pool" "misc" {
@@ -140,6 +158,9 @@ resource "google_container_node_pool" "misc" {
       disable-legacy-endpoints = "true"
     }
   }
+  lifecycle {
+    ignore_changes = [management[0].auto_repair, management[0].auto_upgrade, timeouts]
+  }
 }
 
 resource "null_resource" "cluster_kubeconfig" {
diff --git a/scaletest/terraform/infra/gcp_db.tf b/scaletest/terraform/infra/gcp_db.tf
index 1a02324ce071f..4d13b262c615f 100644
--- a/scaletest/terraform/infra/gcp_db.tf
+++ b/scaletest/terraform/infra/gcp_db.tf
@@ -32,6 +32,10 @@ resource "google_sql_database_instance" "db" {
       record_client_address   = false
     }
   }
+
+  lifecycle {
+    ignore_changes = [deletion_protection, timeouts]
+  }
 }
 
 resource "google_sql_database" "coder" {
@@ -40,6 +44,9 @@ resource "google_sql_database" "coder" {
   name     = "${var.name}-coder"
   # required for postgres, otherwise db fails to delete
   deletion_policy = "ABANDON"
+  lifecycle {
+    ignore_changes = [deletion_policy]
+  }
 }
 
 resource "random_password" "coder-postgres-password" {
@@ -58,6 +65,9 @@ resource "google_sql_user" "coder" {
   password = random_password.coder-postgres-password.result
   # required for postgres, otherwise user fails to delete
   deletion_policy = "ABANDON"
+  lifecycle {
+    ignore_changes = [deletion_policy, password]
+  }
 }
 
 resource "google_sql_user" "prometheus" {
@@ -68,6 +78,9 @@ resource "google_sql_user" "prometheus" {
   password = random_password.prometheus-postgres-password.result
   # required for postgres, otherwise user fails to delete
   deletion_policy = "ABANDON"
+  lifecycle {
+    ignore_changes = [deletion_policy, password]
+  }
 }
 
 locals {
diff --git a/scaletest/terraform/infra/gcp_vpc.tf b/scaletest/terraform/infra/gcp_vpc.tf
index eb965354c3917..b125c60cfd25a 100644
--- a/scaletest/terraform/infra/gcp_vpc.tf
+++ b/scaletest/terraform/infra/gcp_vpc.tf
@@ -12,7 +12,7 @@ resource "google_compute_subnetwork" "subnet" {
   project       = var.project_id
   region        = var.region
   network       = google_compute_network.vpc.name
-  ip_cidr_range = "10.200.0.0/24"
+  ip_cidr_range = var.subnet_cidr
 }
 
 resource "google_compute_global_address" "sql_peering" {
diff --git a/scaletest/terraform/infra/vars.tf b/scaletest/terraform/infra/vars.tf
index e26e5fa54f7df..d9f5040918ba5 100644
--- a/scaletest/terraform/infra/vars.tf
+++ b/scaletest/terraform/infra/vars.tf
@@ -25,6 +25,11 @@ variable "zone" {
   default     = "us-east1-c"
 }
 
+variable "subnet_cidr" {
+  description = "CIDR range for the subnet."
+  default     = "10.200.0.0/24"
+}
+
 variable "k8s_version" {
   description = "Kubernetes version to provision."
   default     = "1.24"
diff --git a/scaletest/terraform/k8s/coder.tf b/scaletest/terraform/k8s/coder.tf
index f6b9ae7d16a09..3c3670a8c20a9 100644
--- a/scaletest/terraform/k8s/coder.tf
+++ b/scaletest/terraform/k8s/coder.tf
@@ -1,42 +1,80 @@
 data "google_client_config" "default" {}
 
 locals {
-  coder_helm_repo    = "https://helm.coder.com/v2"
-  coder_helm_chart   = "coder"
-  coder_release_name = var.name
-  coder_namespace    = "coder-${var.name}"
-  coder_admin_email  = "admin@coder.com"
-  coder_admin_user   = "coder"
-  coder_access_url   = "http://${var.coder_address}"
+  coder_url                 = var.coder_access_url == "" ? "http://${var.coder_address}" : var.coder_access_url
+  coder_admin_email         = "admin@coder.com"
+  coder_admin_user          = "coder"
+  coder_helm_repo           = "https://helm.coder.com/v2"
+  coder_helm_chart          = "coder"
+  coder_namespace           = "coder-${var.name}"
+  coder_release_name        = var.name
+  provisionerd_helm_chart   = "coder-provisioner"
+  provisionerd_release_name = "${var.name}-provisionerd"
 }
 
-resource "null_resource" "coder_namespace" {
-  triggers = {
-    namespace       = local.coder_namespace
-    kubeconfig_path = var.kubernetes_kubeconfig_path
-  }
-  provisioner "local-exec" {
-    when    = create
-    command = <<EOF
-      KUBECONFIG=${self.triggers.kubeconfig_path} kubectl create namespace ${self.triggers.namespace}
-    EOF
+resource "kubernetes_namespace" "coder_namespace" {
+  metadata {
+    name = local.coder_namespace
   }
-  provisioner "local-exec" {
-    when    = destroy
-    command = "true"
+  lifecycle {
+    ignore_changes = [timeouts, wait_for_default_service_account]
   }
 }
 
+resource "random_password" "provisionerd_psk" {
+  length = 26
+}
+
 resource "kubernetes_secret" "coder-db" {
   type = "Opaque"
   metadata {
     name      = "coder-db-url"
-    namespace = local.coder_namespace
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
   }
-  depends_on = [null_resource.coder_namespace]
   data = {
     url = var.coder_db_url
   }
+  lifecycle {
+    ignore_changes = [timeouts, wait_for_service_account_token]
+  }
+}
+
+resource "kubernetes_secret" "provisionerd_psk" {
+  type = "Opaque"
+  metadata {
+    name      = "coder-provisioner-psk"
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+  }
+  data = {
+    psk = random_password.provisionerd_psk.result
+  }
+  lifecycle {
+    ignore_changes = [timeouts, wait_for_service_account_token]
+  }
+}
+
+# OIDC secret needs to be manually provisioned for now.
+data "kubernetes_secret" "coder_oidc" {
+  metadata {
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+    name      = "coder-oidc"
+  }
+}
+
+# TLS needs to be provisioned manually for now.
+data "kubernetes_secret" "coder_tls" {
+  metadata {
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+    name      = "${var.name}-tls"
+  }
+}
+
+# Also need an OTEL collector deployed. Manual for now.
+data "kubernetes_service" "otel_collector" {
+  metadata {
+    namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+    name      = "otel-collector"
+  }
 }
 
 resource "helm_release" "coder-chart" {
@@ -44,10 +82,7 @@ resource "helm_release" "coder-chart" {
   chart      = local.coder_helm_chart
   name       = local.coder_release_name
   version    = var.coder_chart_version
-  namespace  = local.coder_namespace
-  depends_on = [
-    null_resource.coder_namespace
-  ]
+  namespace  = kubernetes_namespace.coder_namespace.metadata.0.name
   values = [<<EOF
 coder:
   affinity:
@@ -70,10 +105,10 @@ coder:
               values:   ["${local.coder_release_name}"]
   env:
     - name: "CODER_ACCESS_URL"
-      value: "${local.coder_access_url}"
+      value: "${local.coder_url}"
     - name: "CODER_CACHE_DIRECTORY"
       value: "/tmp/coder"
-    - name: "CODER_ENABLE_TELEMETRY"
+    - name: "CODER_TELEMETRY_ENABLE"
       value: "false"
     - name: "CODER_LOGGING_HUMAN"
       value: "/dev/null"
@@ -101,6 +136,39 @@ coder:
     # Disabling built-in provisioner daemons
     - name: "CODER_PROVISIONER_DAEMONS"
       value: "0"
+    - name: CODER_PROVISIONER_DAEMON_PSK
+      valueFrom:
+        secretKeyRef:
+          key: psk
+          name: "${kubernetes_secret.provisionerd_psk.metadata.0.name}"
+    # Enable OIDC
+    - name: "CODER_OIDC_ISSUER_URL"
+      valueFrom:
+        secretKeyRef:
+          key: issuer-url
+          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    - name: "CODER_OIDC_EMAIL_DOMAIN"
+      valueFrom:
+        secretKeyRef:
+          key: email-domain
+          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    - name: "CODER_OIDC_CLIENT_ID"
+      valueFrom:
+        secretKeyRef:
+          key: client-id
+          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    - name: "CODER_OIDC_CLIENT_SECRET"
+      valueFrom:
+        secretKeyRef:
+          key: client-secret
+          name: "${data.kubernetes_secret.coder_oidc.metadata.0.name}"
+    # Send OTEL traces to the cluster-local collector to sample 10%
+    - name: "OTEL_EXPORTER_OTLP_ENDPOINT"
+      value: "http://${data.kubernetes_service.otel_collector.metadata.0.name}.${kubernetes_namespace.coder_namespace.metadata.0.name}.svc.cluster.local:4317"
+    - name: "OTEL_TRACES_SAMPLER"
+      value: parentbased_traceidratio
+    - name: "OTEL_TRACES_SAMPLER_ARG"
+      value: "0.1"
   image:
     repo: ${var.coder_image_repo}
     tag: ${var.coder_image_tag}
@@ -130,6 +198,74 @@ EOF
   ]
 }
 
+resource "helm_release" "provisionerd-chart" {
+  repository = local.coder_helm_repo
+  chart      = local.provisionerd_helm_chart
+  name       = local.provisionerd_release_name
+  version    = var.provisionerd_chart_version
+  namespace  = kubernetes_namespace.coder_namespace.metadata.0.name
+  values = [<<EOF
+coder:
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+        - matchExpressions:
+          - key: "cloud.google.com/gke-nodepool"
+            operator: "In"
+            values: ["${var.kubernetes_nodepool_coder}"]
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+      - weight: 1
+        podAffinityTerm:
+          topologyKey: "kubernetes.io/hostname"
+          labelSelector:
+            matchExpressions:
+            - key:      "app.kubernetes.io/instance"
+              operator: "In"
+              values:   ["${local.coder_release_name}"]
+  env:
+    - name: "CODER_URL"
+      value: "${local.coder_url}"
+    - name: "CODER_VERBOSE"
+      value: "true"
+    - name: "CODER_CACHE_DIRECTORY"
+      value: "/tmp/coder"
+    - name: "CODER_TELEMETRY_ENABLE"
+      value: "false"
+    - name: "CODER_LOGGING_HUMAN"
+      value: "/dev/null"
+    - name: "CODER_LOGGING_STACKDRIVER"
+      value: "/dev/stderr"
+    - name: "CODER_PROMETHEUS_ENABLE"
+      value: "true"
+    - name: "CODER_PROVISIONERD_TAGS"
+      value = "socpe=organization"
+  image:
+    repo: ${var.provisionerd_image_repo}
+    tag: ${var.provisionerd_image_tag}
+  replicaCount: "${var.provisionerd_replicas}"
+  resources:
+    requests:
+      cpu: "${var.provisionerd_cpu_request}"
+      memory: "${var.provisionerd_mem_request}"
+    limits:
+      cpu: "${var.provisionerd_cpu_limit}"
+      memory: "${var.provisionerd_mem_limit}"
+  securityContext:
+    readOnlyRootFilesystem: true
+  volumeMounts:
+  - mountPath: "/tmp"
+    name: cache
+    readOnly: false
+  volumes:
+  - emptyDir:
+      sizeLimit: 1024Mi
+    name: cache
+EOF
+  ]
+}
+
 resource "local_file" "kubernetes_template" {
   filename = "${path.module}/../.coderv2/templates/kubernetes/main.tf"
   content  = <<EOF
@@ -218,174 +354,12 @@ resource "local_file" "kubernetes_template" {
   EOF
 }
 
-# TODO(cian): Remove this when we have support in the Helm chart.
-# Ref: https://github.com/coder/coder/issues/8243
-resource "local_file" "provisionerd_deployment" {
-  filename = "${path.module}/../.coderv2/provisionerd-deployment.yaml"
-  content  = <<EOF
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/instance: ${var.name}
-    app.kubernetes.io/name: provisionerd
-  name: provisionerd
-  namespace: ${local.coder_namespace}
-spec:
-  replicas: ${var.provisionerd_replicas}
-  selector:
-    matchLabels:
-      app.kubernetes.io/instance: ${var.name}
-      app.kubernetes.io/name: provisionerd
-  strategy:
-    rollingUpdate:
-      maxSurge: 25%
-      maxUnavailable: 25%
-    type: RollingUpdate
-  template:
-    metadata:
-      creationTimestamp: null
-      labels:
-        app.kubernetes.io/instance: ${var.name}
-        app.kubernetes.io/name: provisionerd
-    spec:
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-            - matchExpressions:
-              - key: cloud.google.com/gke-nodepool
-                operator: In
-                values:
-                - ${var.kubernetes_nodepool_coder}
-        podAntiAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                - key: app.kubernetes.io/instance
-                  operator: In
-                  values:
-                  - ${var.name}
-              topologyKey: kubernetes.io/hostname
-            weight: 1
-      containers:
-      - args:
-        - server
-        command:
-        - /opt/coder
-        env:
-        - name: CODER_HTTP_ADDRESS
-          value: 0.0.0.0:8080
-        - name: CODER_PROMETHEUS_ADDRESS
-          value: 0.0.0.0:2112
-        - name: CODER_ACCESS_URL
-          value: ${local.coder_access_url}
-        - name: CODER_CACHE_DIRECTORY
-          value: /tmp/coder
-        - name: CODER_ENABLE_TELEMETRY
-          value: "false"
-        - name: CODER_LOGGING_HUMAN
-          value: /dev/null
-        - name: CODER_LOGGING_STACKDRIVER
-          value: /dev/stderr
-        - name: CODER_PG_CONNECTION_URL
-          valueFrom:
-            secretKeyRef:
-              key: url
-              name: coder-db-url
-        - name: CODER_PPROF_ENABLE
-          value: "true"
-        - name: CODER_PROMETHEUS_ENABLE
-          value: "true"
-        - name: CODER_PROMETHEUS_COLLECT_AGENT_STATS
-          value: "true"
-        - name: CODER_PROMETHEUS_COLLECT_DB_METRICS
-          value: "true"
-        - name: CODER_VERBOSE
-          value: "true"
-        - name: CODER_PROVISIONER_DAEMONS
-          value: "${var.provisionerd_concurrency}"
-        image: "${var.coder_image_repo}:${var.coder_image_tag}"
-        imagePullPolicy: IfNotPresent
-        lifecycle: {}
-        livenessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /api/v2/buildinfo
-            port: http
-            scheme: HTTP
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 1
-        name: provisionerd
-        ports:
-        - containerPort: 8080
-          name: http
-          protocol: TCP
-        - containerPort: 2112
-          name: prometheus-http
-          protocol: TCP
-        readinessProbe:
-          failureThreshold: 3
-          httpGet:
-            path: /api/v2/buildinfo
-            port: http
-            scheme: HTTP
-          periodSeconds: 10
-          successThreshold: 1
-          timeoutSeconds: 1
-        resources:
-          limits:
-            cpu: "${var.provisionerd_cpu_limit}"
-            memory: "${var.provisionerd_mem_limit}"
-          requests:
-            cpu: "${var.provisionerd_cpu_request}"
-            memory: "${var.provisionerd_mem_request}"
-        securityContext:
-          allowPrivilegeEscalation: false
-          readOnlyRootFilesystem: true
-          runAsGroup: 1000
-          runAsNonRoot: true
-          runAsUser: 1000
-          seccompProfile:
-            type: RuntimeDefault
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
-        - mountPath: /tmp
-          name: cache
-      dnsPolicy: ClusterFirst
-      restartPolicy: Always
-      serviceAccount: coder
-      serviceAccountName: coder
-      terminationGracePeriodSeconds: 60
-      volumes:
-      - emptyDir:
-          sizeLimit: 10Gi
-        name: cache
-    EOF
-}
-
-resource "null_resource" "provisionerd_deployment_apply" {
-  depends_on = [helm_release.coder-chart, local_file.provisionerd_deployment]
-  triggers = {
-    kubeconfig_path = var.kubernetes_kubeconfig_path
-    manifest_path   = local_file.provisionerd_deployment.filename
-  }
-  provisioner "local-exec" {
-    command = <<EOF
-      KUBECONFIG=${self.triggers.kubeconfig_path} kubectl apply -f ${self.triggers.manifest_path}
-    EOF
-  }
-}
-
 resource "local_file" "output_vars" {
   filename = "${path.module}/../../.coderv2/url"
-  content  = local.coder_access_url
+  content  = local.coder_url
 }
 
 output "coder_url" {
   description = "URL of the Coder deployment"
-  value       = local.coder_access_url
+  value       = local.coder_url
 }
diff --git a/scaletest/terraform/k8s/prometheus.tf b/scaletest/terraform/k8s/prometheus.tf
index cd1459084c000..accf926727575 100644
--- a/scaletest/terraform/k8s/prometheus.tf
+++ b/scaletest/terraform/k8s/prometheus.tf
@@ -10,38 +10,31 @@ locals {
 }
 
 # Create a namespace to hold our Prometheus deployment.
-resource "null_resource" "prometheus_namespace" {
-  triggers = {
-    namespace       = local.prometheus_namespace
-    kubeconfig_path = var.kubernetes_kubeconfig_path
-  }
-  depends_on = []
-  provisioner "local-exec" {
-    when    = create
-    command = <<EOF
-      KUBECONFIG=${self.triggers.kubeconfig_path} kubectl create namespace ${self.triggers.namespace}
-    EOF
+resource "kubernetes_namespace" "prometheus_namespace" {
+  metadata {
+    name = local.prometheus_namespace
   }
-  provisioner "local-exec" {
-    when    = destroy
-    command = "true"
+  lifecycle {
+    ignore_changes = [timeouts, wait_for_default_service_account]
   }
 }
 
 # Create a secret to store the remote write key
 resource "kubernetes_secret" "prometheus-credentials" {
-  count      = local.prometheus_remote_write_enabled ? 1 : 0
-  type       = "kubernetes.io/basic-auth"
-  depends_on = [null_resource.prometheus_namespace]
+  count = local.prometheus_remote_write_enabled ? 1 : 0
+  type  = "kubernetes.io/basic-auth"
   metadata {
     name      = "prometheus-credentials"
-    namespace = local.prometheus_namespace
+    namespace = kubernetes_namespace.prometheus_namespace.metadata.0.name
   }
 
   data = {
     username = var.prometheus_remote_write_user
     password = var.prometheus_remote_write_password
   }
+  lifecycle {
+    ignore_changes = [timeouts, wait_for_service_account_token]
+  }
 }
 
 # Install Prometheus using the Bitnami Prometheus helm chart.
@@ -49,8 +42,7 @@ resource "helm_release" "prometheus-chart" {
   repository = local.prometheus_helm_repo
   chart      = local.prometheus_helm_chart
   name       = local.prometheus_release_name
-  namespace  = local.prometheus_namespace
-  depends_on = [null_resource.prometheus_namespace]
+  namespace  = kubernetes_namespace.prometheus_namespace.metadata.0.name
   values = [<<EOF
 alertmanager:
   enabled: false
@@ -113,13 +105,15 @@ resource "kubernetes_secret" "prometheus-postgres-password" {
   type = "kubernetes.io/basic-auth"
   metadata {
     name      = "prometheus-postgres"
-    namespace = local.prometheus_namespace
+    namespace = kubernetes_namespace.prometheus_namespace.metadata.0.name
   }
-  depends_on = [null_resource.prometheus_namespace]
   data = {
     username = var.prometheus_postgres_user
     password = var.prometheus_postgres_password
   }
+  lifecycle {
+    ignore_changes = [timeouts, wait_for_service_account_token]
+  }
 }
 
 # Install Prometheus Postgres exporter helm chart
@@ -153,35 +147,27 @@ serviceMonitor:
   ]
 }
 
-# NOTE: this is created as a local file before being applied
-# as the kubernetes_manifest resource needs to be run separately
-# after creating a cluster, and we want this to be brought up
-# with a single command.
-resource "local_file" "coder-monitoring-manifest" {
-  filename   = "${path.module}/../.coderv2/coder-monitoring.yaml"
+resource "kubernetes_manifest" "coder_monitoring" {
   depends_on = [helm_release.prometheus-chart]
-  content    = <<EOF
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  namespace: ${local.coder_namespace}
-  name: coder-monitoring
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: coder
-  podMetricsEndpoints:
-  - port: prometheus-http
-    interval: 30s
-  EOF
-}
-
-resource "null_resource" "coder-monitoring-manifest_apply" {
-  provisioner "local-exec" {
-    working_dir = "${abspath(path.module)}/../.coderv2"
-    command     = <<EOF
-KUBECONFIG=${var.kubernetes_kubeconfig_path} kubectl apply -f ${abspath(local_file.coder-monitoring-manifest.filename)}
-    EOF
+  manifest = {
+    apiVersion = "monitoring.coreos.com/v1"
+    kind       = "PodMonitor"
+    metadata = {
+      namespace = kubernetes_namespace.coder_namespace.metadata.0.name
+      name      = "coder-monitoring"
+    }
+    spec = {
+      selector = {
+        matchLabels = {
+          "app.kubernetes.io/name" : "coder"
+        }
+      }
+      podMetricsEndpoints = [
+        {
+          port     = "prometheus-http"
+          interval = "30s"
+        }
+      ]
+    }
   }
-  depends_on = [helm_release.prometheus-chart]
 }
diff --git a/scaletest/terraform/k8s/vars.tf b/scaletest/terraform/k8s/vars.tf
index 5493e64739843..36d67fbd3639b 100644
--- a/scaletest/terraform/k8s/vars.tf
+++ b/scaletest/terraform/k8s/vars.tf
@@ -28,6 +28,9 @@ variable "kubernetes_nodepool_misc" {
 }
 
 // These variables control the Coder deployment.
+variable "coder_access_url" {
+  description = "Access URL for the Coder deployment."
+}
 variable "coder_replicas" {
   description = "Number of Coder replicas to provision."
   default     = 1
@@ -68,12 +71,12 @@ variable "coder_mem_limit" {
 // Allow independently scaling provisionerd resources
 variable "provisionerd_cpu_request" {
   description = "CPU request to allocate to provisionerd."
-  default     = "500m"
+  default     = "100m"
 }
 
 variable "provisionerd_mem_request" {
   description = "Memory request to allocate to provisionerd."
-  default     = "512Mi"
+  default     = "1Gi"
 }
 
 variable "provisionerd_cpu_limit" {
@@ -83,7 +86,7 @@ variable "provisionerd_cpu_limit" {
 
 variable "provisionerd_mem_limit" {
   description = "Memory limit to allocate to provisionerd."
-  default     = "1024Mi"
+  default     = "1Gi"
 }
 
 variable "provisionerd_replicas" {
@@ -91,9 +94,19 @@ variable "provisionerd_replicas" {
   default     = 1
 }
 
-variable "provisionerd_concurrency" {
-  description = "Number of concurrent provisioner jobs per provisionerd instance."
-  default     = 3
+variable "provisionerd_chart_version" {
+  description = "Version of the Provisionerd Helm chart to install. Defaults to latest."
+  default     = null
+}
+
+variable "provisionerd_image_repo" {
+  description = "Repository to use for Provisionerd image."
+  default     = "ghcr.io/coder/coder"
+}
+
+variable "provisionerd_image_tag" {
+  description = "Tag to use for Provisionerd image."
+  default     = "latest"
 }
 
 variable "coder_chart_version" {