Open rosskirkpat opened 2 years ago
https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-ec2.html
AWS GovCloud has different endpoints than their commercial cloud. FIPS endpoints only work with https and not http, which is what all of Calico and rke2 default to (port 80 for 169.254.169.254)
https://github.com/projectcalico/calico/blob/master/api/pkg/apis/projectcalico/v3/felixconfig.go#L134-L142
https://github.com/projectcalico/calico/blob/master/api/pkg/apis/projectcalico/v3/felixconfig.go#L42 https://github.com/projectcalico/calico/blob/master/api/pkg/apis/projectcalico/v3/felixconfig.go#L462-L471
rosskirkpat
commented
2 years ago
https://aws.amazon.com/compliance/fips/#FIPS_Endpoints_by_Service https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/using-govcloud-endpoints.html https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-ec2.html
AWS GovCloud has different endpoints than their commercial cloud. FIPS endpoints only work with https and not http, which is what all of Calico and rke2 default to (port 80 for 169.254.169.254)