Palette complies with FIPS certification and supports the FIPS-compliant versions of Kubernetes (PXK and PXK-E) for enhanced security for your mission-critical workload. You can enable FIPS mode for Palette at three scopes: tenant, project, or cluster scope.
Platform FIPS enables FIPS support at the Tenant and Project scope. The cluster scope FIPS support is for deploying FIPS-enabled infrastructure layers for cluster profiles. When platform FIPS support is enabled you must ensure the infrastructure layers is FIPS compliant.
To enable FIPS compliance for Palette's platform internal components, you must enable FIPS mode at the Tenant level. The tenant level compliance covers all the projects under the tenant.
To enable Tenant Scope FIPS compliance:
- Log in to Palette as Tenant Admin and go to Tenant Settings from the left Main Menu.
- Click Platform Settings and toggle Platform FIPS Support button.
If you need to disable FIPS support, toggle back the Platform FIPS Support button.
You can enable FIPS Mode for individual projects. This can be achieved by enabling FIPS at the project scope.
To enable Project scope FIPS compliance
- Log in to Palette as Project Admin and go to Project Settings from the left main menu.
- Click Platform Settings and toggle Platform FIPS Support button.
If you need to disable FIPS support, toggle back the Platform FIPS Support button.
Cluster scope FIPS mode provides FIPS-compliant Palette infrastructure layers. Palette supports the FIPS-compliant versions of Kubernetes (PXK and PXK-E) for the cluster profiles. Clusters by default run with Palette-enabled security features. When clusters are enabled in FIPS mode the cluster is deployed with FIPS-compliant Kubernetes versions and Palette components. Palette provisions FIPS-compliant images for all cluster deployments.
To enable cluster-level FIPS mode while creating cluster profile add the layers from the FIPS-compliant pack registry. To access the FIPS registry, contact Spectro Cloud support.
The FIPS mode can cover different use cases as below:
| Use Cases | FIPS Mode | Mandatory Condition |
|---|---|---|
| All the projects under a tenant needs to be in FIPS mode | Tenant FIPS Support | Cluster Scope FIPS |
| Only selected projects under a tenant needs to be FIPS enabled | Enable Project FIPS Support for the selected projects | Cluster Scope FIPS |
| Only cluster scope FIPS to be enabled | Tenant and Project scope are not required | Enable only cluster scope FIPS mode |
Note: when platform FIPS supported is enabled, infra layers must be FIPS complaint.
FIPS enablement at the tenant or project scope can be disabled or enabled during cluster creation. Toggle the FIPS Mode button while creating the cluster configurations of cluster deployment.
Palette supports FIPS compliance for the following platforms:
- AWS
- VMware