Use Konvoy Image Builder to create images with FIPS-compliant binaries

Non-air-gapped Environment Create FIPS-140 images

KIB can produce images containing FIPS-140 compliant binaries. Use the fips.yaml override file provided with the image bundles.

You can also find these override files in the Konvoy Image Builder repo.


The below snippets will create images with FIPS-compliant Kubernetes components. If you need the underlying OS to be FIPS-compliant, then you will need to provide the specific FIPS-compliant OS image, using the --source-ami flag for AWS.

  • A non-air-gapped environment example of override file use is the command below, which produces a FIPS-compliant image on RHEL 8.4 for AWS:
    Replace ami with your infrastructure provisioner

konvoy-image build --overrides overrides/fips.yaml images/ami/rhel-84.yaml
  • vSphere FIPS-complaint using image.yaml created during VM Template configuration:

konvoy-image build --overrides overrides/fips.yaml images/ova/<image.yaml>

Here is a list of FIPS Override Files.