FIPS Override Non-air-gapped Files

Cloud Provisioners Override File:

Online FIPS Override File (Non-air-gapped)

Add the following FIPS override file to your environment:

--overrides overrides/fips.yaml

---
k8s_image_registry: docker.io/mesosphere

fips:
  enabled: true

build_name_extra: -fips
kubernetes_build_metadata: fips.0
default_image_repo: hub.docker.io/mesosphere
kubernetes_rpm_repository_url: "https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v{{ kubernetes_version }}-fips/x86_64"
docker_rpm_repository_url: "\
  https://containerd-fips.s3.us-east-2.amazonaws.com\
  /{{ ansible_distribution_major_version|int }}\
  /x86_64"

You can find all available Overrides files in the Konvoy Image Builder repo.

Pre-provisioned Environments Override File:

Online FIPS Override File (Pre-provisioned)

Add the following FIPS override file to your environment:

1. If your pre-provisioned machines need to have a default Override file like FIPS, create a secret that includes the overrides in a file:

   CODE

   cat > fips.yaml << EOF 
   ---
   k8s_image_registry: docker.io/mesosphere
   
   fips:
     enabled: true
   
   build_name_extra: -fips
   kubernetes_build_metadata: fips.0
   default_image_repo: hub.docker.io/mesosphere
   kubernetes_rpm_repository_url: "https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v{{ kubernetes_version }}-fips/x86_64"
   docker_rpm_repository_url: "\
     https://containerd-fips.s3.us-east-2.amazonaws.com\
     /{{ ansible_distribution_major_version|int }}\
     /x86_64"
   EOF

2. Create the related secret by running the following command:

   CODE

   kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=fips.yaml=fips.yaml
   kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

You can find all available Overrides files in the Konvoy Image Builder repo.