This is a catch-all epic for all bug fixes and required changes to make Quay 3.5 run on FIPS-enabled OCP cluster or a FIPS-enabled RHEL machine.

Epic Goal

• Quay runs without issues on an OpenShift Cluster installed and running in FIPS mode
• Quay runs without issues on an RHEL node installed and running in FIPS mode

Why is this important?

• FIPS-enabled OpenShift clusters are a common requirement in public sector customers in North America
• Failing to run Quay on FIPS-enabled OCP clusters is a blocker to Quay adoption in North American Public Sector market

Scenarios

1. Quay Operator is installed on an FIPS enabled OpenShift cluster with the same functionality and runtime behavior as on a regular OCP cluster
2. Quay is deployed through the Quay Operator on an FIPS enabled OpenShift cluster with the same functionality and runtime behavior as on a regular OCP cluster

Acceptance Criteria

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• ...

Out of Scope:

1. Quay itself is FIPS certified, this is covered in PROJQUAY-216

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>