Merge pull request #1112 from vmware-tanzu/fips-website-docs

document how to use the fips dockerfile on our website
2022-04-13 16:41:25 -04:00 · 2022-04-13 16:41:25 -04:00 · 8ecf18521c
commit 8ecf18521c
parent d0d20e00e4 96c705bf94
1 changed files with 34 additions and 0 deletions
--- a/site/content/docs/reference/fips.md
+++ b/site/content/docs/reference/fips.md
@ -0,0 +1,34 @@
+---
+title: FIPS-compatible builds of Pinniped binaries
+description: Reference for FIPS builds of Pinniped binaries
+cascade:
+  layout: docs
+menu:
+  docs:
+    name: FIPS-compatible builds of Pinniped binaries
+    weight: 30
+    parent: reference
+---
+By default, the Pinniped supervisor and concierge use ciphers that
+are not supported by FIPS 140-2. If you are deploying Pinniped in an
+environment with FIPS compliance requirements, you will have to build
+the binaries yourself using the `fips_strict` build tag and Golang's
+`go-boringcrypto` fork.
+
+The Pinniped team provides an [example Dockerfile](https://github.com/vmware-tanzu/pinniped/blob/main/hack/Dockerfile_fips)
+demonstrating how you can build Pinniped images in a FIPS compatible way.
+However, we do not provide official support for FIPS configuration, and we may not
+respond to GitHub issues opened related to FIPS support.
+We provide this for informational purposes only.
+
+To build Pinniped use our example fips Dockerfile, you can run:
+```bash
+$ git clone git@github.com:vmware-tanzu/pinniped.git
+$ cd pinniped
+$ git checkout {{< latestversion >}}
+$ docker build -f hack/Dockerfile_fips .
+```
+
+Now you can deploy [the concierge]({{< ref "install-concierge" >}}) and [the supervisor]({{< ref "install-supervisor" >}}) 
+by specifying this image instead of the standard Pinniped image in your `values.yaml` or `deployment.yaml` file.
+