Find out how to set up Event Endpoint Management to be FIPS-compliant by using a boundary approach that is enabled by the “FIPS Wall”.
Requirements
To run a FIPS-compliant Event Endpoint Management deployment, you need a FIPS-enabled OpenShift Container Platform cluster available with the Event Endpoint Management operator that is installed with a version of 11.1.0 or later.
Ensure that you run both the Event Manager and the Event Gateway with the default TLS version of 1.3 and ensure that all clients have the following cipher suites available:
TLS_AES_128_GCM_SHA256TLS_AES_256_GCM_SHA384
Installation instructions
Both the Event Manager and the Event Gateway applications pick up the FIPS_MODE environment variable and sets FIPS-compliant ciphers on secure endpoints if the value of this environment variable is wall. The Event Endpoint Management operator allows you to handle the installation entirely in the corresponding custom resource.
To enable the FIPS wall, complete the following steps.
-
In the
EventEndpointManagementcustom resource for the Event Manager instance, set the value ofspec.manager.fips.modetowall. The operator sets the corresponding environment variable in the manager pod. -
For the Event Gateway, complete one of the following steps appropriate for your installation.
a. For operator-managed and Kubernetes Deployment Event Gateway Event Gateway instances, set the value of
spec.fips.modetowall.b. For Event Gateways deployed as Docker instances, in the Docker
runcommand, start the container with theFIPS_MODEenvironment variable set towall. For example:docker run -e FIPS_MODE="wall"