From 65d8d6768e8ac731e5188ae443be67c2b4a4ceae Mon Sep 17 00:00:00 2001 From: bhearn7 Date: Mon, 23 Aug 2021 16:32:49 -0400 Subject: [PATCH] add fips note --- docs/security.md | 121 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 121 insertions(+) diff --git a/docs/security.md b/docs/security.md index bfe88eb..6be1611 100644 --- a/docs/security.md +++ b/docs/security.md @@ -23,3 +23,124 @@ The Identity Provider must: - Allow unencrypted requests and responses Click the [link](https://docs.anchore.com/current/docs/overview/sso/) for more Anchore security information. + +## Note on FIPS + +With the current version of Anchore Enterprise (3.1.0), certain functions of Anchore may not work on FIPS enabled nodes. This is a [known issue](https://github.com/anchore/anchore-engine/issues/882) that is being worked on. Until a fix is released, please use node affinity to schedule Anchore pods on non-FIPS nodes: + +```yaml +# Example Big Bang values +addons: + anchore: + values: + anchoreAnalyzer: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreApi: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreCatalog: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchorePolicyEngine: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreSimpleQueue: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEngineUpgradeJob: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseFeedsUpgradeJob: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseReports: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseNotifications: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseUi: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - + anchoreEnterpriseEngineUpgradeJob: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: type + operator: In + values: + - +``` \ No newline at end of file -- GitLab