Use non-FIPS Packs
Palette VerteX provides the following FIPS-compliant infrastructure components in Kubernetes clusters it deploys. Review FIPS-Compliant Components to learn more.
- Operating System (OS)
- Kubernetes
- Container Network Interface (CNI)
- Container Storage Interface (CSI)
VerteX provides the flexibility to utilize non-FIPS packs listed in the table below. This allows tenant users to customize deployments to their specific needs. To make non-FIPS packs available, you must add one or both of the registries. To utilize the entire suite of packs we recommend adding both registries. Check out Add a Registry for guidance. Our support team will provide the required credentials to access the registries.
Registry | Type | Endpoint URL | FIPS | Base Path |
---|---|---|---|---|
OCI Pack Registry | AWS ECR | https://415789037893.dkr.ecr.us-east-1.amazonaws.com | No | production |
Spectro Cloud Community Registry | AWS ECR | https://415789037893.dkr.ecr.us-east-1.amazonaws.com | No | community |
Registries can be added at the system level or tenant level. When added at the system level, registries are available to all the tenants. When added at the tenant level, registries are available only to that tenant. The Add a Registry page offers guidance on adding a registry at the system scope in VerteX. For guidance on adding a registry at the tenant scope, check out Add a Tenant-Level Registry.
The screenshot below shows the icon that VerteX displays next to FIPS-compliant infrastructure components to indicate full FIPS compliance. Other icons are used to indicate profile layers with partial, unknown, or non-FIPS compliant status. To learn about other icons VerteX applies, refer to FIPS Status Icons.
Use the following steps to enable non-FIPS packs.
Prerequisites
Tenant admin permission to enable this feature.
Non-FIPS OCI pack registries added in VerteX and required credentials to access them. Review Add a Registry for guidance.
Allow Non-FIPS Packs
Log in to the Palette VerteX system console. Refer to Access the System Console guide.
Navigate to the left Main Menu and click on Tenant Settings.
From the Tenant Settings Menu, select Platform Settings.
Enable the Allow non-FIPS packs option. When you enable this option, you are prompted to confirm the use of non-FIPS packs for the tenant.
To disable the setting, toggle this option off and confirm you want to disable it.
When packs are added to a cluster profile, VerteX applies the appropriate icon next to packs and imported clusters to indicate their FIPS compliance status.
Validate
Use these steps to verify non-FIPS packs are available.
Log in to Palette.
Navigate to the left Main Menu and select Profiles.
Try creating a cluster profile and verify the registry you added is available and packs are displayed. For guidance, review the Cluster Profiles documentation.
VerteX will display the appropriate FIPS status icon next to each pack layer.