-
Epic
-
Resolution: Done
-
Major
-
None
-
None
-
HyperShift FIPS compliance
-
BU Product Work
-
False
-
False
-
Done
-
OCPSTRAT-596 - HyperShift Security & Compliance
-
-
0% To Do, 0% In Progress, 100% Done
-
Undefined
-
0
-
0
-
0
User Stories
- As a cluster-admin, I would like to deploy HyperShift without tainting the state of a FIPS validated Cluster
- As a cluster-user, I would like my Cluster (control-plane and workload) to be FIPS compliant.
Epic Goal
- HyperShift itself should be FIPS compliant (all the crypto libraries used are Crypto compliant)
- Should have a label for OLM to decide wether to deploy it or not (if the cluster is not FIPS compliant)
- HyperShift Operators on the management cluster should not break FIPS state if the management cluster was deployed with FIPS:true
- HyperShift Should Explose APIs for FIPS enablement of the Guest cluster
- That only works if the management cluster is FIPS since the CP components are also part of the cluster
- All operators deployed on the guest cluster should be FIPS compliant.
References
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>