Skip to content

Commit 71130af

Browse files
lahinsonlahinson
authored
Merge pull request #90004 from lahinson/osdocs-13524-hcp-fips
[OSDOCS-13524]: Adding FIPS details for HCP
2 parents 6aafc31 + 699faa0 commit 71130af

File tree

2 files changed

+17
-0
lines changed

2 files changed

+17
-0
lines changed

hosted_control_planes/hcp-prepare/hcp-requirements.adoc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ You can run both the management cluster and the worker nodes on-premise, such as
1515
In Bare Metal Host (BMH) deployments, where the Bare Metal Operator starts machines, the hosted control plane must be able to reach baseboard management controllers (BMCs). If your security profile does not permit the Cluster Baremetal Operator to access the network where the BMHs have their BMCs in order to enable Redfish automation, you can use BYO ISO support. However, in BYO mode, {product-title} cannot automate the powering on of BMHs.
1616

1717
include::modules/hcp-support-matrix.adoc[leveloffset=+1]
18+
include::modules/hcp-fips.adoc[leveloffset=+1]
1819

1920
[role="_additional-resources"]
2021
.Additional resources

modules/hcp-fips.adoc

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
// Module included in the following assemblies:
2+
//
3+
// * hosted-control-planes/hcp-prepare/hcp-requirements.adoc
4+
5+
6+
:_mod-docs-content-type: CONCEPT
7+
[id="hcp-fips_{context}"]
8+
= FIPS-enabled hosted clusters
9+
10+
The binaries for {hcp} are FIPs-compliant, with the exception of the {hcp} command-line interface, `hcp`.
11+
12+
If you want to deploy a FIPS-enabled hosted cluster, you must use a FIPS-enabled management cluster. To enable FIPS mode for your management cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on {op-system-base}, see link:https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/security_hardening/switching-rhel-to-fips-mode_security-hardening[Switching {op-system-base} to FIPS mode].
13+
14+
When running {op-system-base} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.
15+
16+
After you set up your management cluster in FIPS mode, the hosted cluster creation process runs on that management cluster.

0 commit comments

Comments
 (0)