红帽全球峰会2.2. 在启用了 FIPS 的集群中运行 AMQ Streams
现在,您可以在启用了 FIPS 的集群中运行 AMQ Streams,但目前没有在 FIPS 兼容配置中。
AMQ Streams 容器镜像中使用的 OpenJDK 会自动切换到启用了 FIPS 的集群中的 FIPS 模式。这可防止 AMQ Streams 在集群中运行。
要在启用了 FIPS 的集群中运行 AMQ Streams,您可以通过在 Cluster Operator 部署配置中禁用 FIPS_MODE 环境变量来禁用 OpenJDK FIPS 模式。AMQ Streams 部署不兼容 FIPS,但 AMQ Streams operator 及其所有操作对象都可以在启用了 FIPS 的 Kubernetes 集群中运行。
Cluster Operator 的 FIPS 配置示例
apiVersion: apps/v1
kind: Deployment
spec:
# ...
template:
spec:
serviceAccountName: strimzi-cluster-operator
containers:
# ...
env:
# ...
- name: "FIPS_MODE"
value: "disabled"
# ...- 1
- 禁用 FIPS 模式。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}