Skip to main content
Skip table of contents

FIPS Override Non-air-gapped Files

Cloud Provisioners Override File:

Online FIPS Override File (Non-air-gapped)

Add the following FIPS override file to your environment:

--overrides overrides/fips.yaml

CODE
---
k8s_image_registry: docker.io/mesosphere

fips:
  enabled: true

build_name_extra: -fips
kubernetes_build_metadata: fips.0
default_image_repo: hub.docker.io/mesosphere
kubernetes_rpm_repository_url: "https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v{{ kubernetes_version }}-fips/x86_64"
docker_rpm_repository_url: "\
  https://containerd-fips.s3.us-east-2.amazonaws.com\
  /{{ ansible_distribution_major_version|int }}\
  /x86_64"

You can find all available Overrides files in the Konvoy Image Builder repo.

Pre-provisioned Environments Override File:

Online FIPS Override File (Pre-provisioned)

Add the following FIPS override file to your environment:

  1. If your pre-provisioned machines need to have a default Override file like FIPS, create a secret that includes the overrides in a file:

    CODE
    cat > fips.yaml << EOF 
    ---
    k8s_image_registry: docker.io/mesosphere
    
    fips:
      enabled: true
    
    build_name_extra: -fips
    kubernetes_build_metadata: fips.0
    default_image_repo: hub.docker.io/mesosphere
    kubernetes_rpm_repository_url: "https://packages.d2iq.com/konvoy/stable/linux/repos/el/kubernetes-v{{ kubernetes_version }}-fips/x86_64"
    docker_rpm_repository_url: "\
      https://containerd-fips.s3.us-east-2.amazonaws.com\
      /{{ ansible_distribution_major_version|int }}\
      /x86_64"
    EOF
  2. Create the related secret by running the following command:

    CODE
    kubectl create secret generic $CLUSTER_NAME-user-overrides --from-file=fips.yaml=fips.yaml
    kubectl label secret $CLUSTER_NAME-user-overrides clusterctl.cluster.x-k8s.io/move=

You can find all available Overrides files in the Konvoy Image Builder repo.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.