1.4 KiB
| title | description | cascade | menu | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| FIPS-compatible builds of Pinniped binaries | Reference for FIPS builds of Pinniped binaries |
|
|
By default, the Pinniped supervisor and concierge use ciphers that
are not supported by FIPS 140-2. If you are deploying Pinniped in an
environment with FIPS compliance requirements, you will have to build
the binaries yourself using the fips_strict build tag and Golang's
go-boringcrypto fork.
The Pinniped team provides an example Dockerfile demonstrating how you can build Pinniped images in a FIPS compatible way. However, we do not provide official support for FIPS configuration, and we may not respond to GitHub issues opened related to FIPS support. We provide this for informational purposes only.
To build Pinniped use our example fips Dockerfile, you can run:
$ git clone git@github.com:vmware-tanzu/pinniped.git
$ cd pinniped
$ git checkout {{< latestversion >}}
$ docker build -f hack/Dockerfile_fips .
Now you can deploy [the concierge]({{< ref "install-concierge" >}}) and [the supervisor]({{< ref "install-supervisor" >}})
by specifying this image instead of the standard Pinniped image in your values.yaml or deployment.yaml file.