github.com/openshift/installer@v1.4.17/pkg/asset/machines/machineconfig/fips.go

github.com/openshift/installer@v1.4.17/pkg/asset/machines/machineconfig/fips.go (about)

     1  package machineconfig
     2  
     3  import (
     4  	"fmt"
     5  
     6  	igntypes "github.com/coreos/ignition/v2/config/v3_2/types"
     7  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
     8  
     9  	mcfgv1 "github.com/openshift/api/machineconfiguration/v1"
    10  	"github.com/openshift/installer/pkg/asset/ignition"
    11  )
    12  
    13  // ForFIPSEnabled creates the MachineConfig to enable FIPS.
    14  // See also https://github.com/openshift/machine-config-operator/pull/889
    15  func ForFIPSEnabled(role string) (*mcfgv1.MachineConfig, error) {
    16  	ignConfig := igntypes.Config{
    17  		Ignition: igntypes.Ignition{
    18  			Version: igntypes.MaxVersion.String(),
    19  		},
    20  	}
    21  
    22  	rawExt, err := ignition.ConvertToRawExtension(ignConfig)
    23  	if err != nil {
    24  		return nil, err
    25  	}
    26  
    27  	return &mcfgv1.MachineConfig{
    28  		TypeMeta: metav1.TypeMeta{
    29  			APIVersion: "machineconfiguration.openshift.io/v1",
    30  			Kind:       "MachineConfig",
    31  		},
    32  		ObjectMeta: metav1.ObjectMeta{
    33  			Name: fmt.Sprintf("99-%s-fips", role),
    34  			Labels: map[string]string{
    35  				"machineconfiguration.openshift.io/role": role,
    36  			},
    37  		},
    38  		Spec: mcfgv1.MachineConfigSpec{
    39  			Config: rawExt,
    40  			FIPS:   true,
    41  		},
    42  	}, nil
    43  }