Konvoy DocumentationCreate FIPS-140 images
Konvoy Image Builder can produce images containing FIPS-140 compliant binaries. Use the fips.yaml override file provided with the konvoy-image bundle.
For example, this command produces a FIPS-compliant image on Centos 8:
konvoy-image build --overrides overrides/fips.yaml images/ami/centos-8.yaml
Pre-provisioned infrastructure
If you are targeting a pre-provisioned infrastructure, you can create a FIPS-compliant cluster by doing the following:
-
Create a bootstrap cluster
-
Create a secret on the bootstrap cluster with the contents from
fips.yamloverride file and any other user overrides you wish to provide
kubectl create secret generic $CLUSTER_NAME-fips-overrides --from-file=overrides.yaml=overrides.yaml
kubectl label secret $CLUSTER_NAME-fips-overrides clusterctl.cluster.x-k8s.io/move=