Find out how to set up Event Streams to be FIPS-compliant by using a boundary approach that is enabled by the “FIPS Wall”.
Requirements
To run a FIPS-compliant Event Streams deployment, ensure that you have a FIPS-enabled OpenShift Container Platform cluster available with Event Streams version of 11.3.0 or later installed.
Configuring Event Streams for FIPS
To configure your Event Streams instance for deployment within a FIPS-compliant boundary wall, set the following options in the Event Streams custom resource that defines your instance:
- Restrict external access to Kafka listeners, the Apicurio Registry, the Admin API, and the REST Producer by setting the value of
typetointernalin the following sections:- Kafka listeners:
spec.strimziOverrides.kafka.listeners - Apicurio Registry:
spec.apicurioRegistry.endpoints - Admin API:
spec.adminApi.endpoints - REST Producer:
spec.restProducer.endpoints
- Kafka listeners:
- Disable the Event Streams UI by removing the
spec.adminUIsection.
For more information about these configuration options, see configuring.
Limitations
The FIPS-complaint Event Streams deployment limits the use of the following features:
- External endpoints are not supported for Kafka listeners, the Apicurio Registry, the Admin API, and the REST Producer.
- Event Streams UI, geo-replication, and CLI cannot be used.