Enabling Federal Information Processing Standards (FIPS)

Find out how to set up Event Streams to be FIPS-compliant by using a boundary approach that is enabled by the “FIPS Wall”.


To run a FIPS-compliant Event Streams deployment, ensure that you have a FIPS-enabled OpenShift Container Platform cluster available with Event Streams version of 11.3.0 or later installed.

Configuring Event Streams for FIPS

To configure your Event Streams instance for deployment within a FIPS-compliant boundary wall, set the following options in the Event Streams custom resource that defines your instance:

  1. Restrict external access to Kafka listeners, the Apicurio Registry, the Admin API, and the REST Producer by setting the value of type to internal in the following sections:
    • Kafka listeners: spec.strimziOverrides.kafka.listeners
    • Apicurio Registry: spec.apicurioRegistry.endpoints
    • Admin API: spec.adminApi.endpoints
    • REST Producer: spec.restProducer.endpoints
  2. Disable the Event Streams UI by removing the spec.adminUI section.

For more information about these configuration options, see configuring.


The FIPS-complaint Event Streams deployment limits the use of the following features:

  • External endpoints are not supported for Kafka listeners, the Apicurio Registry, the Admin API, and the REST Producer.
  • Event Streams UI, geo-replication, and CLI cannot be used.