Draft: building cert-manager-controller using boringcrypto (FIPS compatible)
The upstream images do not include a FIPS compliant crypto module in their cert-manager builds. I've updated this project to use boringcrypto.
WARNING: GoLang/Boring crypto is only available for amd64 architectures. This might change in GoLang 1.20+ but it's not GA yet.
Similar changes will need to be made for the cert-manager-webhook
and cert-manager-cainjector
images as well.
We could drastically improve build times (and reduce code duplication) if we migrated to buildx but I'm not sure if that's available within the dso CI tools. Please let me know.
Edited by sean.melissari