Build fips-ready #362
Labels
kind/feature
New feature
Comments
|
This is actually timely, see https://redhat-internal.slack.com/archives/C05NXTEHLGY/p1712136020868139 (if you have perms), otherwise just know that the bosses want to get this soon-ish. |
jiridanek
added a commit
to jiridanek/kubeflow
that referenced
this issue
Oct 2, 2024
This takes inspiration from: * The Notebooks 2.0 Dockerfile, which comes from a default recent Kubebuilder template, at https://github.com/kubeflow/notebooks/blob/notebooks-v2/workspaces/controller/Dockerfile * The Red Hat build Dockerfile (that's the Cachito part) in an internal repository. This change brings multiple improvements: 1. Dockerfiles are brought closer together, especially to the Red Hat build; previously, sourcing things in a stand-alone RUN command had no effect 2. The openssl fips-compatible library is linked into the manager binaries, to proactively address fips concerns
3 tasks
jiridanek
added a commit
to jiridanek/kubeflow
that referenced
this issue
Oct 2, 2024
This takes inspiration from: * The Notebooks 2.0 Dockerfile, which comes from a default recent Kubebuilder template, at https://github.com/kubeflow/notebooks/blob/notebooks-v2/workspaces/controller/Dockerfile * The Red Hat build Dockerfile (that's the Cachito part) in an internal repository. This change brings multiple improvements: 1. Dockerfiles are brought closer together, especially to the Red Hat build; previously, sourcing things in a stand-alone RUN command had no effect 2. The openssl fips-compatible library is linked into the manager binaries, to proactively address fips concerns
jiridanek
added a commit
to jiridanek/kubeflow
that referenced
this issue
Oct 2, 2024
This takes inspiration from: * The Notebooks 2.0 Dockerfile, which comes from a default recent Kubebuilder template, at https://github.com/kubeflow/notebooks/blob/notebooks-v2/workspaces/controller/Dockerfile * The Red Hat build Dockerfile (that's the Cachito part) in an internal repository. This change brings multiple improvements: 1. Dockerfiles are brought closer together, especially to the Red Hat build; previously, sourcing things in a stand-alone RUN command had no effect 2. The openssl fips-compatible library is linked into the manager binaries, to proactively address fips concerns
openshift-merge-bot bot
added a commit
that referenced
this issue
Nov 13, 2024
RHOAISTRAT-214: Issue #362: feat(nbcs): build containers to be fips-ready
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
/kind feature
Why you need this feature:
Apparently, to build for fips, it's necessary to do
(from xxx://data-hub/rhods-cpaas-midstream/-/commit/d7be5e82b3f7dfdda0458dbc89d40b430ae2ef1f by @sutaakar)
https://developers.redhat.com/articles/2022/05/31/your-go-application-fips-compliant
The text was updated successfully, but these errors were encountered: