FIPS 140-2 Enablement

[retr0h]

Any chance of building this project with FIPS 140-2 crypto, such that this could be used with RKE2 in the future?

[brandond]

Is there anything here that needs to change? The RKE2 FIPS enablement is 99% on the build side. If we ever to enable kine in RKE2, it would be built in to the main RKE2 binary in the same way as it is in K3s, and covered by the same processes (goboring, SLE BCI) that provide RKE2 with its FIPS crypto bits.

[retr0h]

Given RKE2 isn't likely to embed Kine, was thinking Kine would need to be built with the FIPS crypto bits, if running along side an RKE2 deployment, and point RKE2 to an external etcd backend (Kine).

[brandond]

Yes, at the moment we're unlikely to allow for anything other than the embedded etcd. If we changed that, we would likely embed kine. It's actually already in the binary (inherited from k3s), it's just that the configuration hard-codes use of the embedded etcd datastore.