During a cluster deployment, the Federal Information Processing Standards (FIPS) change is applied when the Red Hat Enterprise Linux CoreOS (RHCOS) machines are deployed in your cluster. For Red Hat Enterprise Linux (RHEL) machines, you must enable FIPS mode when you install the operating system on the machines that you plan to use as worker machines.
|
Important
|
{product-title} requires the use of a FIPS-capable installation binary to install a cluster in FIPS mode. |
You can enable FIPS mode through the preferred method of install-config.yaml and agent-config.yaml:
-
You must set value of the
fipsfield totruein theinstall-config.yamlfile:Sample install-config.yaml.fileapiVersion: v1 baseDomain: test.example.com metadata: name: sno-cluster fips: true
ImportantTo enable FIPS mode on {ibm-z-name} clusters, you must also enable FIPS in either the
.parmfile or usingvirt-installas outlined in the procedures for manually adding {ibm-z-name} agents. -
Optional: If you are using the {ztp} manifests, you must set the value of
fipsastruein theagent-install.openshift.io/install-config-overridesfield in theagent-cluster-install.yamlfile:Sample agent-cluster-install.yaml fileapiVersion: extensions.hive.openshift.io/v1beta1 kind: AgentClusterInstall metadata: annotations: agent-install.openshift.io/install-config-overrides: '{"fips": true}' name: sno-cluster namespace: sno-cluster-test