What's on this page
Auditing Linkerd proxies for FIPS modules
The BEL CLI includes a command to verify that all Linkerd proxies on your Kubernetes cluster are built with FIPS-validated cryptographic modules.
Prerequisites
- Buoyant Enterprise for Linkerd installed with FIPS enabled
- The
BUOYANT_LICENSEenvironment variable set, with functioning BEL CLI
Audit Linkerd proxies for FIPS modules
To audit all Linkerd proxies on your Kubernetes cluster for use of FIPS-validated modules, run the following command:
linkerd fips audit
If all Linkerd proxies on the cluster use FIPS-validated modules, you will see output similar to this:
√ Found 24 proxies. All proxies are FIPS.
If some Linkerd proxies on the cluster do not use FIPS-validated cryptographic modules, they will be listed:
× non-FIPS proxy found: emoji-5b74dbfc6-998f2 (enterprise-2.17.1)
× 1 non-FIPS proxy found
Learning more
For more information about using linkerd fips audit, see the BEL CLI
reference page.