-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FIPS 140-2 Enablement #210
Comments
Is there anything here that needs to change? The RKE2 FIPS enablement is 99% on the build side. If we ever to enable kine in RKE2, it would be built in to the main RKE2 binary in the same way as it is in K3s, and covered by the same processes (goboring, SLE BCI) that provide RKE2 with its FIPS crypto bits. |
Given RKE2 isn't likely to embed Kine, was thinking Kine would need to be built with the FIPS crypto bits, if running along side an RKE2 deployment, and point RKE2 to an external etcd backend (Kine). |
Yes, at the moment we're unlikely to allow for anything other than the embedded etcd. If we changed that, we would likely embed kine. It's actually already in the binary (inherited from k3s), it's just that the configuration hard-codes use of the embedded etcd datastore. |
Any chance of building this project with FIPS 140-2 crypto, such that this could be used with RKE2 in the future?
The text was updated successfully, but these errors were encountered: