diff --git a/docs/security.md b/docs/security.md index bfe88eb49ecc0f65eceb890e0c3bef0325c8bdb5..6be1611d9547055a34e1954c4e4fbd50ae1960b9 100644 --- a/docs/security.md +++ b/docs/security.md @@ -23,3 +23,124 @@ The Identity Provider must: - Allow unencrypted requests and responses Click the [link](https://docs.anchore.com/current/docs/overview/sso/) for more Anchore security information. + +## Note on FIPS + +With the current version of Anchore Enterprise (3.1.0), certain functions of Anchore may not work on FIPS enabled nodes. This is a [known issue](https://github.com/anchore/anchore-engine/issues/882) that is being worked on. Until a fix is released, please use node affinity to schedule Anchore pods on non-FIPS nodes: + +```yaml +# Example Big Bang values +addons: + anchore: + values: + anchoreAnalyzer: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreApi: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreCatalog: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchorePolicyEngine: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreSimpleQueue: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEngineUpgradeJob: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseFeedsUpgradeJob: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseReports: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseNotifications: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseUi: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseEngineUpgradeJob: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - +``` \ No newline at end of file