Air-gapped Environment FIPS Override Files
Cloud Provisioners Override File:
Offline FIPS Override File (Air-gapped)
Add the following FIPS Overrides file to your environment:
--overrides overrides/offline-fips.yaml
# fips os-packages
os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz"
containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}"
pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz"
images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images"
You can find all available Overrides files in the Konvoy Image Builder repo.
Pre-provisioned Environments Override File:
Offline FIPS Override File (Air-gapped)
Add the following FIPS Overrides file to your environment:
If your pre-provisioned machines need to have a default Override file like FIPS, create a secret that includes the overrides in a file:
CODEcat > fips.yaml << EOF # fips os-packages os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz" containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}" pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz" images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images" EOF
Create the related secret by running the following command:
CODEkubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=fips.yaml=fips.yaml kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=
You can find all available Overrides files in the Konvoy Image Builder repo.