Merge pull request #199633 from leebeasley-v/openshift-enable-fips

enabling fips on openshift cluster

Author: denrea

articles/openshift/howto-enable-fips-openshift.md

@@ -0,0 +1,40 @@
+---
+title: Enable FIPS on an Azure Red Hat OpenShift cluster
+description: Learn how to enable FIPS on an Azure Red Hat OpenShift cluster.
+ms.service: azure-redhat-openshift
+ms.topic: article
+ms.date: 5/5/2022
+author: rahulm23
+ms.author: rahulmehta
+keywords: aro, openshift, az aro, red hat, cli, azure, FIPS
+#Customer intent: I need to understand how to enable FIPS on an Azure Red Hat OpenShift cluster.
+---
+
+# Enable FIPS for an Azure Red Hat OpenShift cluster
+
+This article explains how to enable Federal Information Processing Standard (FIPS) for an Azure Red Hat OpenShift cluster. 
+
+The Federal Information Processing Standard (FIPS) 140 is a US government standard that defines minimum security requirements for cryptographic modules in information technology products, and systems. Testing against the FIPS 140 standard is maintained by the Cryptographic Module Validation Program (CMVP), a joint effort between the US National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security, a branch of the Communications Security Establishment (CSE) of Canada.
+
+## Support for FIPS cryptography
+
+Starting with Release 4.10, you can deploy an Azure Red Hat OpenShift cluster in FIPS mode. FIPS mode ensures the control plane is using FIPS 140-2 cryptographic modules. All workloads and operators deployed on a cluster need to use FIPS 140-2 in order to be FIPS compliant.
+ 
+You can install an Azure Red Hat OpenShift cluster that uses FIPS Validated / Modules in Process cryptographic libraries on the x86_64 architecture.
+
+> [!NOTE]
+> If you're using Azure File storage, you can't enable FIPS mode.
+
+## To enable FIPS on your Azure Red Hat OpenShift cluster
+
+To enable FIPs on your Azure Red Hat OpeShift cluster, define the following parameters as environment variables:
+
+```azurecli-interactive
+az aro create \
+  --resource-group $RESOURCEGROUP \
+  --name $CLUSTER \
+  --vnet aro-vnet \
+  --master-subnet master-subnet \
+  --worker-subnet worker-subnet 
+  --fips
+```

articles/openshift/toc.yml

@@ -8,29 +8,29 @@
 - name: Tutorials
   expanded: true
   items:
-    - name: 1 - Create an ARO cluster
+    - name: 1 - Create an Azure Red Hat OpenShift cluster
       href: tutorial-create-cluster.md
-    - name: 2 - Connect to an ARO cluster
+    - name: 2 - Connect to an Azure Red Hat OpenShift cluster
       href: tutorial-connect-cluster.md
-    - name: 3 - Delete an ARO cluster
+    - name: 3 - Delete an Azure Red Hat OpenShift cluster
       href: tutorial-delete-cluster.md
 - name: Quickstarts
   items:
-    - name: Deploy an ARO cluster with Azure portal 
+    - name: Deploy an Azure Red Hat OpenShift cluster with Azure portal 
       href: quickstart-portal.md
     - name: Deploy an Azure Red Hat OpenShift cluster with an ARM template or Bicep
       href: quickstart-openshift-arm-bicep-template.md
 - name: How-to guides
   items:
     - name: Cluster operations
       items:
-        - name: Upgrade an ARO cluster
+        - name: Upgrade an Azure Red Hat OpenShift cluster
           href: howto-upgrade.md
         - name: Use spot nodes
           href: howto-spot-nodes.md
     - name: Networking 
       items:
-        - name: Create a private ARO cluster
+        - name: Create a private Azure Red Hat OpenShift cluster
           href: howto-create-private-cluster-4x.md
         - name: Configure custom DNS
           href: howto-custom-dns.md
@@ -56,10 +56,12 @@
           href: howto-create-service-principal.md
         - name: Configure Azure Active Directory authentication (Portal)
           href: configure-azure-ad-ui.md
-        - name: Update pull secret for an ARO cluster
+        - name: Update pull secret for an Azure Red Hat OpenShift cluster
           href: howto-add-update-pull-secret.md
-        - name: Rotate service principal credentials for an Azure Red Hat OpenShift (ARO) cluster
+        - name: Rotate service principal credentials for an Azure Red Hat OpenShift cluster
           href: howto-service-principal-credential-rotation.md
+        - name: Enable FIPs on a cluster
+          href: howto-enable-fips-openshift.md
     - name: Back up and restore
       items:
         - name: Create a backup of a cluster application with Velero
@@ -70,9 +72,9 @@
       items:
         - name: Azure Monitor for containers
           items:
-            - name: Configure Azure Monitor for containers for ARO 4 (preview)
+            - name: Configure Azure Monitor for containers for Azure Red Hat OpenShift 4 (preview)
               href : ../azure-monitor/insights/container-insights-azure-redhat4-setup.md
-            - name: Disable Azure Monitor for containers in ARO 4 (preview)
+            - name: Disable Azure Monitor for containers in Azure Red Hat OpenShift 4 (preview)
               href: ../azure-monitor/containers/container-insights-optout-openshift-v4.md
     - name: Develop and run applications
       items:
@@ -124,7 +126,7 @@
       items:
       - name: Overview of egress lockdown
         href: concepts-egress-lockdown.md
-    - name: Migrate from ARO 3.11 to ARO 4
+    - name: Migrate from Azure Red Hat OpenShift 3.11 to Azure Red Hat OpenShift 4
       href: migration.md
 - name: Reference
   items:
@@ -142,9 +144,9 @@
       href: openshift-service-definitions.md
     - name: Troubleshooting
       href: troubleshoot.md
-    - name: Support policies for ARO 4
+    - name: Support policies for Azure Red Hat OpenShift 4
       href: support-policies-v4.md
-    - name: Support lifecycle for ARO 4
+    - name: Support lifecycle for Azure Red Hat OpenShift 4
       href: support-lifecycle.md
     - name: Responsibility matrix
       href: responsibility-matrix.md