CadolesKube
/
typhoon
mirror of https://github.com/puppetmaster/typhoon.git
7
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enable AWS root block device encryption by default 

* terraform-provider-aws v2.23.0 allows AWS root block devices
to enable encryption by default.
* Require updating terraform-provider-aws to v2.23.0 or higher
* Enable root EBS device encryption by default for controller
instances and worker instances in auto-scaling groups

For comparison:

* Google Cloud persistent disks have been encrypted by
default for years
* Azure managed disk encryption is not ready yet (#486)
This commit is contained in:
Dalton Hubble 2019-08-07 20:56:55 -07:00
parent cad12804c8
commit 6db11d5908
7 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGES.md
View File

@ -4,6 +4,11 @@ Notable changes between versions.
## Latest ## Latest
#### AWS
* Enable root block device encryption by default ([#527](https://github.com/poseidon/typhoon/pull/527))
* Require `terraform-provider-aws` v2.23+ (**action required**)
#### Addons #### Addons
* Update kube-state-metrics from v1.7.1 to v1.7.2 * Update kube-state-metrics from v1.7.1 to v1.7.2

1
aws/container-linux/kubernetes/controllers.tf
View File

@ -31,6 +31,7 @@ resource "aws_instance" "controllers" {
volume_type = var.disk_type volume_type = var.disk_type
volume_size = var.disk_size volume_size = var.disk_size
iops = var.disk_iops iops = var.disk_iops
encrypted = true
} }
# network # network

2
aws/container-linux/kubernetes/versions.tf
View File

@ -3,7 +3,7 @@
terraform { terraform {
required_version = "~> 0.12.0" required_version = "~> 0.12.0"
required_providers { required_providers {
aws = "~> 2.7" aws = "~> 2.23"
ct = "~> 0.3" ct = "~> 0.3"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"

1
aws/container-linux/kubernetes/workers/workers.tf
View File

@ -56,6 +56,7 @@ resource "aws_launch_configuration" "worker" {
volume_type = var.disk_type volume_type = var.disk_type
volume_size = var.disk_size volume_size = var.disk_size
iops = var.disk_iops iops = var.disk_iops
encrypted = true
} }
# network # network

1
aws/fedora-coreos/kubernetes/controllers.tf
View File

@ -31,6 +31,7 @@ resource "aws_instance" "controllers" {
volume_type = var.disk_type volume_type = var.disk_type
volume_size = var.disk_size volume_size = var.disk_size
iops = var.disk_iops iops = var.disk_iops
encrypted = true
} }
# network # network

2
aws/fedora-coreos/kubernetes/versions.tf
View File

@ -3,7 +3,7 @@
terraform { terraform {
required_version = "~> 0.12.0" required_version = "~> 0.12.0"
required_providers { required_providers {
aws = "~> 2.7" aws = "~> 2.23"
ct = "~> 0.4" ct = "~> 0.4"
template = "~> 2.1" template = "~> 2.1"
null = "~> 2.1" null = "~> 2.1"

1
aws/fedora-coreos/kubernetes/workers/workers.tf
View File

@ -56,6 +56,7 @@ resource "aws_launch_configuration" "worker" {
volume_type = var.disk_type volume_type = var.disk_type
volume_size = var.disk_size volume_size = var.disk_size
iops = var.disk_iops iops = var.disk_iops
encrypted = true
} }
# network # network