Commit 7f6648e
authored
feat(maas-controller): enable FIPS compliance in Dockerfile.konflux (#564)
## Summary
Enable FIPS compliance in `maas-controller/Dockerfile.konflux` by
aligning it with `maas-api/Dockerfile.konflux` (introduced in PR #255).
## Description
- Set `CGO_ENABLED=1` — required to link against system crypto libraries
(OpenSSL) instead of Go's built-in crypto
- Add `GOEXPERIMENT=strictfipsruntime` — enables startup validation that
a FIPS-compatible crypto backend is active at runtime
No behavioral changes to the controller logic or deployment manifests.
## How it was tested
- Built `Dockerfile.konflux` locally using `podman build` targeting
`linux/amd64`, image built successfully through both builder and runtime
stages
## Merge criteria:
<!--- This PR will be merged by any repository approver when it meets
all the points in the checklist -->
<!--- Go over all the following points, and put an `x` in all the boxes
that apply. -->
- [x] The commits are squashed in a cohesive manner and have meaningful
messages.
- [x] Testing instructions have been added in the PR body (for PRs
involving changes that are not immediately obvious).
- [x] The developer has manually tested the changes and verified that
the changes work
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Chores**
* Updated build configuration to enforce stricter compliance standards
and optimize native library integration.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
Signed-off-by: Chaitanya Kulkarni <chkulkar@redhat.com>1 parent cf3873c commit 7f6648e
1 file changed
+2
-2
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
7 | | - | |
| 7 | + | |
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| |||
14 | 14 | | |
15 | 15 | | |
16 | 16 | | |
17 | | - | |
| 17 | + | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
| |||
0 commit comments