rvennam/Istio-Solo-FIPS.md

Created February 3, 2022 19:57

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/rvennam/85a9fc95d1abb311ad9380e0cf571e48.js"></script>
Save rvennam/85a9fc95d1abb311ad9380e0cf571e48 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

Istio-Solo-FIPS.md

Solo.io Istio FIPS Verification

Download Istio 1.11.5 CLI:

curl -L https://istio.io/downloadIstio | ISTIO_VERSION=1.11.5 sh -

Install Solo Istio 1.11.5 FIPS:

cd ~/istio-1.11.5/bin
./istioctl install --set hub=gcr.io/istio-enterprise --set tag=1.11.5-fips

Verify Istio Ingress Gateway is using FIPS

kubectl exec -it -n istio-system deploy/istio-ingressgateway -- /usr/local/bin/envoy --version

Look for "BoringSSL-FIPS" at the end

Deploy a sample app with Istio sidecar

kubectl label namespace default istio-injection=enabled
kubectl apply -f https://raw.githubusercontent.com/istio/istio/master/samples/sleep/sleep.yaml

Verify that sidecar is using FIPS

kubectl exec -it deploy/sleep -c istio-proxy -- /usr/local/bin/envoy --version

Look for "BoringSSL-FIPS" at the end

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment