Enable Disk Encryption

A guide on how to enable Omni KMS assisted disk encryption for a cluster.

First, click the “Clusters” section button in the sidebar. Next, click the “Create Cluster” button.

Select Talos version >= 1.5.0. Click “Enable Encryption” checkbox.

Create a file called cluster.yaml with the following content:

kind: Cluster
name: example
kubernetes:
  version: v1.27.3
talos:
  version: v1.5.0
features:
  diskEncryption: true
---
kind: ControlPlane
machines:
  - <control plane machine UUID>
---
kind: Workers
machines:
  - <worker machine UUID>
---
kind: Machine
name: <control plane machine UUID>
install:
  disk: /dev/<disk>
---
kind: Machine
name: <worker machine UUID>
install:
  disk: /dev/<disk>

Note

Be sure to update the UUIDs and install disks with the UUIDs and disks of the machines in your account.

Now, validate the document:

omnictl cluster template validate -f cluster.yaml

Create the cluster:

omnictl cluster template sync -f cluster.yaml --verbose

Finally, wait for the cluster to be up:

omnictl cluster template status -f cluster.yaml