forked from kubeflow/kubeflow
-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build fips-ready #362
Labels
kind/feature
New feature
Comments
This is actually timely, see https://redhat-internal.slack.com/archives/C05NXTEHLGY/p1712136020868139 (if you have perms), otherwise just know that the bosses want to get this soon-ish. |
jiridanek
added a commit
to jiridanek/kubeflow
that referenced
this issue
Oct 2, 2024
This takes inspiration from: * The Notebooks 2.0 Dockerfile, which comes from a default recent Kubebuilder template, at https://github.com/kubeflow/notebooks/blob/notebooks-v2/workspaces/controller/Dockerfile * The Red Hat build Dockerfile (that's the Cachito part) in an internal repository. This change brings multiple improvements: 1. Dockerfiles are brought closer together, especially to the Red Hat build; previously, sourcing things in a stand-alone RUN command had no effect 2. The openssl fips-compatible library is linked into the manager binaries, to proactively address fips concerns
3 tasks
jiridanek
added a commit
to jiridanek/kubeflow
that referenced
this issue
Oct 2, 2024
This takes inspiration from: * The Notebooks 2.0 Dockerfile, which comes from a default recent Kubebuilder template, at https://github.com/kubeflow/notebooks/blob/notebooks-v2/workspaces/controller/Dockerfile * The Red Hat build Dockerfile (that's the Cachito part) in an internal repository. This change brings multiple improvements: 1. Dockerfiles are brought closer together, especially to the Red Hat build; previously, sourcing things in a stand-alone RUN command had no effect 2. The openssl fips-compatible library is linked into the manager binaries, to proactively address fips concerns
jiridanek
added a commit
to jiridanek/kubeflow
that referenced
this issue
Oct 2, 2024
This takes inspiration from: * The Notebooks 2.0 Dockerfile, which comes from a default recent Kubebuilder template, at https://github.com/kubeflow/notebooks/blob/notebooks-v2/workspaces/controller/Dockerfile * The Red Hat build Dockerfile (that's the Cachito part) in an internal repository. This change brings multiple improvements: 1. Dockerfiles are brought closer together, especially to the Red Hat build; previously, sourcing things in a stand-alone RUN command had no effect 2. The openssl fips-compatible library is linked into the manager binaries, to proactively address fips concerns
openshift-merge-bot bot
added a commit
that referenced
this issue
Nov 13, 2024
RHOAISTRAT-214: Issue #362: feat(nbcs): build containers to be fips-ready
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
/kind feature
Why you need this feature:
Apparently, to build for fips, it's necessary to do
(from xxx://data-hub/rhods-cpaas-midstream/-/commit/d7be5e82b3f7dfdda0458dbc89d40b430ae2ef1f by @sutaakar)
https://developers.redhat.com/articles/2022/05/31/your-go-application-fips-compliant
The text was updated successfully, but these errors were encountered: