FIPS Override Air-gapped Environment Files

Cloud Provisioners Override File:

Offline FIPS Override File (Air-gapped)

Add the following FIPS offline override file to your environment:

--overrides overrides/offline-fips.yaml

# fips os-packages
os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz"
containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}"
pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz"
images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images"

You can find all available Overrides files in the Konvoy Image Builder repo.

Pre-provisioned Environments Override File:

Offline FIPS Override File (Air-gapped)

Add the following FIPS offline override file to your environment:

1. If your pre-provisioned machines need to have a default Override file like FIPS, create a secret that includes the overrides in a file:

   CODE

   cat > fips.yaml << EOF 
   # fips os-packages
   os_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ kubernetes_version }}_{{ ansible_distribution|lower }}_{{ ansible_distribution_major_version }}_x86_64_fips.tar.gz"
   containerd_local_bundle_file: "{{ playbook_dir }}/../artifacts/{{ containerd_tar_file }}"
   pip_packages_local_bundle_file: "{{ playbook_dir }}/../artifacts/pip-packages.tar.gz"
   images_local_bundle_dir: "{{ playbook_dir}}/../artifacts/images"
   EOF

2. Create the related secret by running the following command:

   CODE

   kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=fips.yaml=fips.yaml
   kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

You can find all available Overrides files in the Konvoy Image Builder repo.

Related Topic

Private Registry in Air-gapped Override