AKS | FIPS

Hi,

The Federal Information Processing Standard (FIPS) 140-2 is a US government standard that defines minimum security requirements for cryptographic modules in information technology products and systems. AKS allows you to create Linux-based node pools with FIPS 140-2 enabled. Deployments running on FIPS-enabled node pools can use those cryptographic modules to provide increased security and help meet security controls as part of FedRAMP compliance. 

In this article, I will show you how you can add a FIPS Node pool to an existing AKS cluster:

Install the aks-preview extension
az extension add --name aks-preview

Update the extension to make sure you have the latest version installed
az extension update --name aks-preview
az feature register --namespace "Microsoft.ContainerService" --name "FIPSPreview"
az feature list -o table --query "[?contains(name,'Microsoft.ContainerService/FIPSPreview')].{Name:name,State:properties.state}"
az provider register --namespace Microsoft.ContainerService
 
Add FIPS Node Pool to an existing AKS cluster
az aks nodepool add \
     --resource-group myResourceGroup \
     --cluster-name myAKSCluster \
     --name fipsnp \
     --enable-fips-image

az aks show --resource-group myResourceGroup --cluster-name myAKSCluster --query="agentPoolProfiles[].{Name:name enableFips:enableFips}" -o table
 Name       enableFips
 ---------  ------------
 fipsnp     True
 nodepool1  False  

Maxime.

Démarrez une conversation

Votre adresse e-mail ne sera pas publiée.