Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-1166

FIPS support - s2i

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • None
    • None
    • source-to-image
    • None
    • s2i for RHEL 9
    • False
    • None
    • False
    • Not Selected
    • To Do
    • 100% To Do, 0% In Progress, 0% Done

      Epic Goal

      Update source-to-image to use the most recent set of dependencies from Red Hat and support FIPS-140:

      • UBI 9 base images
      • Golang 1.22
      • FIPS 140 compliance
      • Ensure updates are propagated to Builds for OpenShift and OpenShift Pipelines catalog.

      Why is this important?

      • Ensure kernel-level consistency across Red Hat products
      • Provide high-quality Red Hat products with minimal security weaknesses/vulnerabilities
      • Support deployment in FIPS enabled environments

      User Stories

      • As a developer, I want the s2i container image to support FIPS-140 enabled environments so that I can use it in highly regulated/secured deployments.
      • As a developer, I want a UBI9 based container image for s2i so that I can confidently run in on RHEL 9-based systems
      • As a developer, I want s2i to use the latest supported golang runtime from Red Hat so it gets the latest security fixes and performance improvements.
      • As a developer, I want the latest s2i UBI 9 image to be included with Builds for OpenShift "source-to-image" build strategy
      • As a developer, I want the latest s2i UBI 9 image to be included with the OpenShift Pipelines s2i tasks/pipelines.
      • As a Red Hat engineer, I want s2i's unit and integration test suites to run on Konflux so that we can verify s2i's business logic as part of the build and release process
      • As a Red Hat engineer, I want to run an e2e test of the s2i container image on Konflux so that I can verify that s2i will work as expected when run in a Tekton Task or Shipwright BuildStrategy.

      Acceptance Criteria (Mandatory)

      • Provide UBI 9 alongside UBI 8 Base Image (released!)
      • Meet compilation requirements for FIPS 140
      • CI - MUST be running successfully with tests automated. Ideally CI is running on Konflux and we can de-commission our OpenShift CI configuration.
      • Technical enablement - announcement, updates to Builds for OpenShift and OpenShift Pipelines catalog

      Dependencies (internal and external)'

      • Go toolset images for 1.22
      • FIPS 140 support for UBI 9

      Previous Work (Optional):

      • s2i image GA work.

      Open questions::

      TBD

      Done Checklist

      • Acceptance criteria are met
      • Non-functional properties of the Feature have been validated (such as performance, resource, UX, security or privacy aspects)
      • User Journey automation is delivered
      • Support and SRE teams are provided with enough skills to support the feature in production environment

              Unassigned Unassigned
              adkaplan@redhat.com Adam Kaplan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: