diff --git a/Dockerfile b/Dockerfile index f7047fcd..96d33775 100644 --- a/Dockerfile +++ b/Dockerfile @@ -22,6 +22,9 @@ ARG TARGETARCH ENV GOOS=$TARGETOS ENV GOARCH=$TARGETARCH +ARG FIPS_MODE=off +ENV GOFIPS140=$FIPS_MODE + # Build RUN CGO_ENABLED=0 GO111MODULE=on go build -a -tags timetzdata -o manager main.go diff --git a/Makefile b/Makefile index fb8eae7c..008112b3 100644 --- a/Makefile +++ b/Makefile @@ -192,10 +192,11 @@ generate-client-set: GIT_COMMIT=$(shell git rev-parse --short HEAD)-dev OPERATOR_IMAGE ?= rabbitmqoperator/messaging-topology-operator +GOFIPS140 ?= off .PHONY: docker-build-dev docker-build-dev: $(call check_defined, DOCKER_REGISTRY_SERVER, URL of docker registry containing the Operator image (e.g. registry.my-company.com)) - $(BUILD_KIT) buildx build --build-arg=GIT_COMMIT=$(GIT_COMMIT) -t $(DOCKER_REGISTRY_SERVER)/$(OPERATOR_IMAGE):$(GIT_COMMIT) . + $(BUILD_KIT) buildx build --build-arg=FIPS_MODE=$(GOFIPS140) --build-arg=GIT_COMMIT=$(GIT_COMMIT) -t $(DOCKER_REGISTRY_SERVER)/$(OPERATOR_IMAGE):$(GIT_COMMIT) . $(BUILD_KIT) push $(DOCKER_REGISTRY_SERVER)/$(OPERATOR_IMAGE):$(GIT_COMMIT) # docker-build-local and deploy-local work in local Kubernetes installations where the Kubernetes API diff --git a/main.go b/main.go index 955660dc..83f4b9d2 100644 --- a/main.go +++ b/main.go @@ -10,6 +10,7 @@ This product may include a number of subcomponents with separate copyright notic package main import ( + "crypto/fips140" "flag" "fmt" "os" @@ -387,6 +388,7 @@ func main() { log.Error(err, "unable to create controller", "controller", controllers.SuperStreamControllerName) os.Exit(1) } + // +kubebuilder:scaffold:builder if os.Getenv(controllers.EnableWebhooksEnvVar) != "false" { if err = (&topology.Binding{}).SetupWebhookWithManager(mgr); err != nil { @@ -443,7 +445,9 @@ func main() { } } - // +kubebuilder:scaffold:builder + if fips140.Enabled() { + log.Info("FIPS 140-3 mode enabled") + } log.Info("starting manager") if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {