Go to Chainguard.dev
Send feedback Contact
Chainguard Images Reference

Image Overview: tekton-cli-fips

Overview: tekton-cli-fips Chainguard Image
Reference Chainguard Images Product

tekton-fips

This image is a variant of the Tekton images that is FIPS-compliant.

Note: Tekton’s entrypoint image has requirements that are incompatible with how we normally enable FIPS-validated crypto in Go binaries. In order for it to work with Tekton, the binary must be statically linked. Luckily, this binary does no crypto – and we ensure that it does no crypto. This means we believe that the regular Tekton entrypoint image can be used in a FIPS environment, alongside the regular FIPS-variant Tekton images.

Usage

These images a drop-in replacement for the upstream images.

You can use an upstream release and replace the released images with those from Chainguard.

curl -sL https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-controller-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-entrypoint-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-events-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-nop-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-resolvers-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-sidecarlogresults-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-webhook-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-workingdirinit-fips|g" | \
    kubectl apply -f -

For Tekton Chains:

curl -sL https://storage.googleapis.com/tekton-releases/chains/latest/release.yaml | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/chains/cmd/controller[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-chains-fips|g" | \
    kubectl apply -f -

For Tekton CLI:

docker run cgr.dev/chainguard-private/tekton-cli-fips version

Last updated: 2024-03-29 00:47