Skip to content

Commit 3e57f6b

Browse files
nyodasnyodas
committed
[fips] - Enable fips on select component
This would enable *fipsonly* on the following component: - kubelet - kubectl - kube-controller-manager - kube-scheduler The apiserver is currently being held back because not all client is going to be fips. Especially in non govcloud environment. datadog:patch
1 parent afb9447 commit 3e57f6b

File tree

6 files changed

+33
-2
lines changed

6 files changed

+33
-2
lines changed

.github/workflows/dd-build.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ jobs:
2020
- name: Set up Go
2121
uses: actions/setup-go@v5
2222
with:
23-
go-version: 1.22
23+
go-version: 1.23
2424
- name: Set env
2525
run: echo SANITIZED_TARGET_PLATFORM=${KUBE_BUILD_PLATFORM/\//-} >> $GITHUB_ENV
2626
env:
@@ -34,9 +34,10 @@ jobs:
3434
sudo rm -rf /usr/local/.ghcup
3535
- name: Build
3636
env:
37+
GOFLAGS: "-tags=fips"
3738
KUBE_BUILD_PLATFORMS: ${{ matrix.platform }}
3839
KUBE_RELEASE_RUN_TESTS: n
39-
run: make quick-release CGO_ENABLED=1 KUBE_CGO_OVERRIDES="kube-apiserver kube-controller-manager kube-scheduler kubelet" KUBE_BUILD_PLATFORMS=$KUBE_BUILD_PLATFORMS
40+
run: make quick-release CGO_ENABLED=1 KUBE_CGO_OVERRIDES="kube-apiserver kube-controller-manager kube-scheduler kubelet" KUBE_BUILD_PLATFORMS=$KUBE_BUILD_PLATFORMS GOFLAGS=$GOFLAGS
4041
- name: Calculate checksums
4142
id: calculate_checksums
4243
shell: bash

cmd/kube-apiserver/fips.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

cmd/kube-controller-manager/fips.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

cmd/kube-scheduler/fips.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

cmd/kubectl/fips.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

cmd/kubelet/fips.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
//go:build fips
2+
3+
package main
4+
5+
// enforce fips compliance if boringcrypto is enabled
6+
import _ "crypto/tls/fipsonly"

0 commit comments

Comments
 (0)