Skip to main content
Skip table of contents

Air-gapped Environment FIPS Override Files

Cloud Provisioners Override File:

Offline FIPS Override File (Air-gapped)

Add the following FIPS Overrides file to your environment:

--overrides overrides/offline-fips.yaml

CODE
# fips os-packages
os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz"
containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}"
pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz"
images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images"

You can find all available Overrides files in the Konvoy Image Builder repo.

Pre-provisioned Environments Override File:

Offline FIPS Override File (Air-gapped)

Add the following FIPS Overrides file to your environment:

  1. If your pre-provisioned machines need to have a default Override file like FIPS, create a secret that includes the overrides in a file:

    CODE
    cat > fips.yaml << EOF 
    # fips os-packages
    os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz"
    containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}"
    pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz"
    images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images"
    EOF
  2. Create the related secret by running the following command:

    CODE
    kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=fips.yaml=fips.yaml
    kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

You can find all available Overrides files in the Konvoy Image Builder repo.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.