Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIPS 140-2 Enablement #210

Open
retr0h opened this issue Aug 24, 2023 · 3 comments
Open

FIPS 140-2 Enablement #210

retr0h opened this issue Aug 24, 2023 · 3 comments

Comments

@retr0h
Copy link

retr0h commented Aug 24, 2023

Any chance of building this project with FIPS 140-2 crypto, such that this could be used with RKE2 in the future?
@brandond
Copy link
Contributor

brandond commented Aug 24, 2023
edited

Is there anything here that needs to change? The RKE2 FIPS enablement is 99% on the build side. If we ever to enable kine in RKE2, it would be built in to the main RKE2 binary in the same way as it is in K3s, and covered by the same processes (goboring, SLE BCI) that provide RKE2 with its FIPS crypto bits.

@retr0h
Copy link
Author

retr0h commented Aug 25, 2023

Given RKE2 isn't likely to embed Kine, was thinking Kine would need to be built with the FIPS crypto bits, if running along side an RKE2 deployment, and point RKE2 to an external etcd backend (Kine).

@brandond
Copy link
Contributor

brandond commented Aug 25, 2023
edited

Yes, at the moment we're unlikely to allow for anything other than the embedded etcd. If we changed that, we would likely embed kine. It's actually already in the binary (inherited from k3s), it's just that the configuration hard-codes use of the embedded etcd datastore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@retr0h @brandond