Skip to main content
Skip table of contents

FIPS Override Files

Cloud provisioners

Online FIPS Override File (Non-air-gapped)

Add the following FIPS Overrides file to your environment:

--overrides overrides/fips.yaml

CODE 
---
k8s_image_registry: docker.io/mesosphere

fips:
  enabled: true

build_name_extra: -fips
kubernetes_build_metadata: fips.0
default_image_repo: hub.docker.io/mesosphere
kubernetes_rpm_repository_url: "https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v{{ kubernetes_version }}-fips/x86_64"
docker_rpm_repository_url: "\
  https://containerd-fips.s3.us-east-2.amazonaws.com\
  /{{ ansible_distribution_major_version|int }}\
  /x86_64"

You can find all available Overrides files in the Konvoy Image Builder repo.

Offline FIPS Override File (Air-gapped)

Add the following FIPS Overrides file to your environment:

--overrides overrides/offline-fips.yaml

CODE 
# fips os-packages
os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz"
containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}"
pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz"
images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images"

You can find all available Overrides files in the Konvoy Image Builder repo.

Pre-provisioned environments

Online FIPS Override File (Pre-provisioned)

Add the following FIPS Overrides file to your environment:

  1. If your pre-provisioned machines need to have a default Override file like FIPS, create a secret that includes the overrides in a file:

    CODE 
    cat > fips.yaml << EOF 
---
k8s_image_registry: docker.io/mesosphere

fips:
  enabled: true

build_name_extra: -fips
kubernetes_build_metadata: fips.0
default_image_repo: hub.docker.io/mesosphere
kubernetes_rpm_repository_url: "https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v{{ kubernetes_version }}-fips/x86_64"
docker_rpm_repository_url: "\
  https://containerd-fips.s3.us-east-2.amazonaws.com\
  /{{ ansible_distribution_major_version|int }}\
  /x86_64"
EOF

  2. Create the related secret by running the following command:

    CODE 
    kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=fips.yaml=fips.yaml
kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

You can find all available Overrides files in the Konvoy Image Builder repo.

Offline FIPS Override File (Pre-provisioned Air-gapped)

Add the following FIPS Overrides file to your environment:

  1. If your pre-provisioned machines need to have a default Override file like FIPS, create a secret that includes the overrides in a file:

    CODE 
    cat > fips.yaml << EOF 
# fips os-packages
os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz"
containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}"
pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz"
images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images"
EOF

  2. Create the related secret by running the following command:

    CODE 
    kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=fips.yaml=fips.yaml
kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

You can find all available Overrides files in the Konvoy Image Builder repo.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close