Merge pull request #21 from amazeeio/PLAT-902

britslampe · web-flow · commit 6f426ea7a768 · 2026-03-02T09:35:05.000-06:00
Enable root volume encryption by default
diff --git a/charts/aws-standalone-cp/Chart.yaml b/charts/aws-standalone-cp/Chart.yaml
@@ -6,7 +6,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.4.0
+version: 1.4.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
diff --git a/charts/aws-standalone-cp/templates/awsmachinetemplate-controlplane.yaml b/charts/aws-standalone-cp/templates/awsmachinetemplate-controlplane.yaml
@@ -24,6 +24,9 @@ spec:
       publicIP: {{ .Values.publicIP }}
       rootVolume:
         size: {{ .Values.controlPlane.rootVolumeSize }}
+        # --- START CUSTOMIZATION: Do not remove ---
+        encrypted: {{ .Values.controlPlane.rootVolumeEncryption }}
+        # --- END CUSTOMIZATION ---
       {{- with .Values.controlPlane.nonRootVolumes }}
       nonRootVolumes: {{- toYaml . | nindent 8 }}
       {{- end }}
diff --git a/charts/aws-standalone-cp/templates/awsmachinetemplate-worker.yaml b/charts/aws-standalone-cp/templates/awsmachinetemplate-worker.yaml
@@ -24,6 +24,9 @@ spec:
       publicIP: {{ .Values.publicIP }}
       rootVolume:
         size: {{ .Values.worker.rootVolumeSize }}
+        # --- START CUSTOMIZATION: Do not remove ---
+        encrypted: {{ .Values.worker.rootVolumeEncryption }}
+        # --- END CUSTOMIZATION ---
       {{- with .Values.worker.nonRootVolumes }}
       nonRootVolumes: {{- toYaml . | nindent 8 }}
       {{- end }}
diff --git a/charts/aws-standalone-cp/values.yaml b/charts/aws-standalone-cp/values.yaml
@@ -45,6 +45,9 @@ controlPlane: # @schema description: The configuration of the control plane mach
   iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io # @schema description: A name of an IAM instance profile to assign to the instance; type: string; required: true
   instanceType: "" # @schema description: The type of instance to create. Example: m4.xlarge; type: string; required: true
   rootVolumeSize: 8 # @schema description: Specifies size (in Gi) of the root storage device. Must be greater than the image snapshot size or 8 (whichever is greater); type: integer; minimum: 8
+  # --- START CUSTOMIZATION: Do not remove ---
+  rootVolumeEncryption: true # @schema description: Sets encryption for the root volume as true by default.
+  # --- END CUSTOMIZATION ---
   imageLookup: # @schema description: AMI lookup parameters; type: object
     format: "amzn2-ami-hvm*-gp2" # @schema description: The AMI naming format to look up the image for this machine. It will be ignored if an explicit AMI is set; type: string; required: true
     org: "137112412989" # @schema description: The AWS Organization ID to use for image lookup if AMI is not set; type: string; required: true
@@ -62,6 +65,9 @@ worker: # @schema description: The configuration of the worker machines; type: o
   iamInstanceProfile: control-plane.cluster-api-provider-aws.sigs.k8s.io # @schema description: A name of an IAM instance profile to assign to the instance; type: string; required: true
   instanceType: "" # @schema description: The type of instance to create. Example: m4.xlarge; type: string; required: true
   rootVolumeSize: 8 # @schema description: Specifies size (in Gi) of the root storage device. Must be greater than the image snapshot size or 8 (whichever is greater); type: integer; minimum: 8
+  # --- START CUSTOMIZATION: Do not remove ---
+  rootVolumeEncryption: true # @schema description: Sets encryption for the root volume as true by default.
+  # --- END CUSTOMIZATION ---
   imageLookup: # @schema description: AMI lookup parameters; type: object
     format: "amzn2-ami-hvm*-gp2" # @schema description: The AMI naming format to look up the image for this machine. It will be ignored if an explicit AMI is set; type: string; required: true
     org: "137112412989" # @schema description: The AWS Organization ID to use for image lookup if AMI is not set; type: string; required: true
