You are viewing docs for an older version of Buoyant Enterprise for Linkerd.
You may want the latest documentation instead.
What's on this page
Auditing Linkerd proxies for FIPS modules
The BEL CLI includes a command to verify that all Linkerd proxies on your Kubernetes cluster are built with FIPS-validated cryptographic modules.
Prerequisites
- Buoyant Enterprise for Linkerd installed with FIPS enabled
- The
BUOYANT_LICENSEenvironment variable set, with functioning BEL CLI
Audit Linkerd proxies for FIPS modules
To audit all Linkerd proxies on your Kubernetes cluster for use of FIPS-validated modules, run the following command:
linkerd fips audit
If all Linkerd proxies on the cluster use FIPS-validated modules, you will see output similar to this:
√ Found 24 proxies. All proxies are FIPS-compliant.
If some Linkerd proxies on the cluster do not use FIPS-validated cryptographic modules, they will be listed:
× non FIPS-compliant proxy found: emoji-5b74dbfc6-998f2 (enterprise-2.15.7)
× 1 non FIPS-compliant proxy found
Learning more
For more information about using linkerd fips audit, see the BEL CLI
reference page.