Install FIPS images

To install the FIPS-compliant build of Service Mesh Manager, complete the following steps.

  1. Download the following YAML file. It contains the list of FIPS-compliant images the installer should use.

    apiVersion: servicemesh.cisco.com/v1alpha1
    kind: IstioControlPlane
    metadata:
      name: cp-v113x
    spec:
      version: 1.13.2
      mode: ACTIVE
      istiod:
        deployment:
          image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-pilot:v1.13.2-bzc.2-fips
      proxy:
        image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.13.2-bzc.2-fips
      proxyInit:
        cni:
          daemonset:
            image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-install-cni:v1.13.2-bzc.2-fips
        image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-proxyv2:v1.13.2-bzc.2-fips
      sidecarInjector:
        deployment:
          image: 033498657557.dkr.ecr.us-east-2.amazonaws.com/banzaicloud/istio-sidecar-injector:v1.13.2-bzc.2-fips
    
  2. Follow any of the regular installation guides (for example, Create single cluster mesh or Create multi-cluster mesh), but use the following customized YAML file with the initial installation command to use the FIPS-compliant versions of the images. For example, for a non-interactive single-cluster installation, run:

    smm install  -a --cluster-name <name-of-your-cluster> --istio-cr-file istio-fips.yaml