Skip to content

[WIP] Build operator image from single source of truth using FIPS-140-3 #5747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
andriisoldatenko wants to merge 23 commits into
base: main
Choose a base branch
from
Open

[WIP] Build operator image from single source of truth using FIPS-140-3 #5747

andriisoldatenko wants to merge 23 commits into from
+25 −11

Conversation

@andriisoldatenko
Copy link
Contributor

@andriisoldatenko andriisoldatenko commented Nov 27, 2025
edited
Loading

Description

This PR resolves https://dt-rnd.atlassian.net/browse/DAQ-11573

Note

- fixed how we run e2e tests using ocp fips cluster and fips image (we broke it for a while and run normal image using FIPS cluster) fixed by @avorima in another PR

  • Added log line FIPS 140-2 Mode Enabled: true/false when we start operator/webhook to easily find which one we use currently

Warning

In testing phase, potentially postponed until Go 1.26 release.

How can this be tested?

run e2e tests with/ using FIPS and non FIPS image.

TAG=snapshot-build-operator-fips-fips make test/e2e/standard

@andriisoldatenko andriisoldatenko changed the title add fips enabled to logs Build operator image from single source of truth using FIPS-140-3 Nov 27, 2025
aorcholski
aorcholski reviewed Nov 27, 2025
View reviewed changes
@andriisoldatenko andriisoldatenko marked this pull request as ready for review November 28, 2025 07:54
@andriisoldatenko andriisoldatenko requested review from a team as code owners November 28, 2025 07:54
avorima
avorima reviewed Nov 28, 2025
View reviewed changes
Copy link
Contributor

@avorima avorima left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we can consolidate a bit here. Special make targets for fips can be removed in favor of making the mode fully dependent on the env/args. The same goes for workflows. fips-ci and fips-release are very similar to their non-fips counterparts

@andriisoldatenko
Copy link
Contributor Author

andriisoldatenko commented Nov 28, 2025

I think we can consolidate a bit here. Special make targets for fips can be removed in favor of making the mode fully dependent on the env/args. The same goes for workflows. fips-ci and fips-release are very similar to their non-fips counterparts

potentially yes, but it requires more work and testing, okey let me do it :)

0sewa0
0sewa0 reviewed Nov 28, 2025
View reviewed changes
@andriisoldatenko andriisoldatenko force-pushed the build-operator-fips branch 2 times, most recently from 9a1e1c2 to ded6429 Compare December 9, 2025 12:38
@andriisoldatenko andriisoldatenko changed the title Build operator image from single source of truth using FIPS-140-3 [WIP] Build operator image from single source of truth using FIPS-140-3 Dec 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0sewa0 0sewa0 0sewa0 left review comments

@Incredible-O Incredible-O Awaiting requested review from Incredible-O Incredible-O is a code owner automatically assigned from Dynatrace/kubernetes-operator

@Edivion Edivion Awaiting requested review from Edivion Edivion is a code owner automatically assigned from Dynatrace/kubernetes-operator

@gkrenn gkrenn Awaiting requested review from gkrenn gkrenn is a code owner automatically assigned from Dynatrace/kubernetes-operator

@albertogdd albertogdd Awaiting requested review from albertogdd albertogdd is a code owner automatically assigned from Dynatrace/kubernetes-operator

@StefanHauth StefanHauth Awaiting requested review from StefanHauth StefanHauth is a code owner automatically assigned from Dynatrace/kubernetes-operator

@aorcholski aorcholski Awaiting requested review from aorcholski aorcholski is a code owner automatically assigned from Dynatrace/kubernetes-operator

@avorima avorima Awaiting requested review from avorima avorima is a code owner automatically assigned from Dynatrace/kubernetes-operator

@chrismuellner chrismuellner Awaiting requested review from chrismuellner chrismuellner is a code owner automatically assigned from Dynatrace/kubernetes-operator

@waodim waodim Awaiting requested review from waodim waodim is a code owner automatically assigned from Dynatrace/kubernetes-operator

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@andriisoldatenko @avorima @0sewa0 @aorcholski