Draft: building cert-manager-controller using boringcrypto (FIPS compatible) (!40) · Merge requests · Iron Bank Containers / Jetstack / cert-manager / cert-manager-controller

Geoffrey Lancaster requested to merge boringcrypto into development Oct 17, 2022

The upstream images do not include a FIPS compliant crypto module in their cert-manager builds. I've updated this project to use boringcrypto.

WARNING: GoLang/Boring crypto is only available for amd64 architectures. This might change in GoLang 1.20+ but it's not GA yet.

Similar changes will need to be made for the cert-manager-webhook and cert-manager-cainjector images as well.

We could drastically improve build times (and reduce code duplication) if we migrated to buildx but I'm not sure if that's available within the dso CI tools. Please let me know.

Edited Oct 17, 2022 by sean.melissari

Draft: building cert-manager-controller using boringcrypto (FIPS compatible)

Merge request reports