Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question on fips compliance #2732

Closed
SubhraB opened this issue Jan 19, 2021 · 4 comments
Closed

Question on fips compliance #2732

SubhraB opened this issue Jan 19, 2021 · 4 comments
Milestone
5.4.0

Comments

@SubhraB
Copy link

SubhraB commented Jan 19, 2021
edited
Loading

We are using the k8s client version 4.13.0.

I was looking at this class. io.fabric8.kubernetes.client.internal.CertUtils

Specifically the code below, which I see multiple instances of.
KeyStore trustStore = KeyStore.getInstance("JKS");

The above line of code becomes invalid when we run our application on fips mode, since the truststore format becomes BCFKS. We expect something like this.
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());

Is there a way to override that to make us fips compliance. FYI, we are not allowed to make insecure https calls, we have to use a truststore in BCFKS format
@DimoDonchev
Copy link

I am having the same issuе here. Really hope this gets checked out.

@gulyaev13 gulyaev13 mentioned this issue Feb 5, 2021
Merged
11 tasks
@gulyaev13
Copy link
Contributor

@SubhraB , @DimoDonchev , I've created PR with a fix. Hope that it will be merged and solve our problem.
#2788

@SubhraB
Copy link
Author

SubhraB commented Feb 5, 2021

I got around it by not using the default k8s client. Buts its a little pain.

@manusa manusa added this to the 5.1.0 milestone Feb 8, 2021
@manusa manusa modified the milestones: 5.1.0, 5.2.0 Feb 17, 2021
@manusa manusa modified the milestones: 5.2.0, 5.3.0 Mar 11, 2021
@manusa
Copy link
Member

manusa commented May 5, 2021

#2788 was merged and will be released as part of 5.4.0

@manusa manusa closed this as completed May 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.4.0
Development

No branches or pull requests
4 participants
@manusa @gulyaev13 @SubhraB @DimoDonchev