diff --git a/packages/kubernetes-1.29/kubernetes-1.29.spec b/packages/kubernetes-1.29/kubernetes-1.29.spec
index 441ee9eb9..601f59685 100644
--- a/packages/kubernetes-1.29/kubernetes-1.29.spec
+++ b/packages/kubernetes-1.29/kubernetes-1.29.spec
@@ -160,11 +160,6 @@ export KUBE_CGO_OVERRIDES="kube-proxy"
 make WHAT="cmd/kubelet"
 make WHAT="cmd/kube-proxy"
 
-export KUBE_OUTPUT_SUBPATH="_fips_output/local"
-export GOEXPERIMENT="boringcrypto"
-make WHAT="cmd/kubelet"
-make WHAT="cmd/kube-proxy"
-
 # build the pause container
 cd build/pause/linux/
 
@@ -188,10 +183,9 @@ install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_bindir}
 
-fips_output="./_fips_output/local/bin/linux/%{_cross_go_arch}"
 install -d %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kubelet %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir}
diff --git a/packages/kubernetes-1.30/kubernetes-1.30.spec b/packages/kubernetes-1.30/kubernetes-1.30.spec
index 83337c518..f46d65f1b 100644
--- a/packages/kubernetes-1.30/kubernetes-1.30.spec
+++ b/packages/kubernetes-1.30/kubernetes-1.30.spec
@@ -161,11 +161,6 @@ export KUBE_CGO_OVERRIDES="kube-proxy"
 make WHAT="cmd/kubelet"
 make WHAT="cmd/kube-proxy"
 
-export KUBE_OUTPUT_SUBPATH="_fips_output/local"
-export GOEXPERIMENT="boringcrypto"
-make WHAT="cmd/kubelet"
-make WHAT="cmd/kube-proxy"
-
 # build the pause container
 cd build/pause/linux/
 
@@ -189,10 +184,9 @@ install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_bindir}
 
-fips_output="./_fips_output/local/bin/linux/%{_cross_go_arch}"
 install -d %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kubelet %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir}
diff --git a/packages/kubernetes-1.31/kubernetes-1.31.spec b/packages/kubernetes-1.31/kubernetes-1.31.spec
index 1eafaad29..2bfda81ae 100644
--- a/packages/kubernetes-1.31/kubernetes-1.31.spec
+++ b/packages/kubernetes-1.31/kubernetes-1.31.spec
@@ -161,11 +161,6 @@ export KUBE_CGO_OVERRIDES="kube-proxy"
 make WHAT="cmd/kubelet"
 make WHAT="cmd/kube-proxy"
 
-export KUBE_OUTPUT_SUBPATH="_fips_output/local"
-export GOEXPERIMENT="boringcrypto"
-make WHAT="cmd/kubelet"
-make WHAT="cmd/kube-proxy"
-
 # build the pause container
 cd build/pause/linux/
 
@@ -189,10 +184,9 @@ install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_bindir}
 
-fips_output="./_fips_output/local/bin/linux/%{_cross_go_arch}"
 install -d %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kubelet %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir}
diff --git a/packages/kubernetes-1.32/kubernetes-1.32.spec b/packages/kubernetes-1.32/kubernetes-1.32.spec
index f9829e645..f2d51d20d 100644
--- a/packages/kubernetes-1.32/kubernetes-1.32.spec
+++ b/packages/kubernetes-1.32/kubernetes-1.32.spec
@@ -160,11 +160,6 @@ export KUBE_CGO_OVERRIDES="kube-proxy"
 make WHAT="cmd/kubelet"
 make WHAT="cmd/kube-proxy"
 
-export KUBE_OUTPUT_SUBPATH="_fips_output/local"
-export GOEXPERIMENT="boringcrypto"
-make WHAT="cmd/kubelet"
-make WHAT="cmd/kube-proxy"
-
 # build the pause container
 cd build/pause/linux/
 
@@ -188,10 +183,9 @@ install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_bindir}
 
-fips_output="./_fips_output/local/bin/linux/%{_cross_go_arch}"
 install -d %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kubelet %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir}
diff --git a/packages/kubernetes-1.33/kubernetes-1.33.spec b/packages/kubernetes-1.33/kubernetes-1.33.spec
index d4077f8d7..01cee78a3 100644
--- a/packages/kubernetes-1.33/kubernetes-1.33.spec
+++ b/packages/kubernetes-1.33/kubernetes-1.33.spec
@@ -162,11 +162,6 @@ export KUBE_CGO_OVERRIDES="kube-proxy"
 make WHAT="cmd/kubelet"
 make WHAT="cmd/kube-proxy"
 
-export KUBE_OUTPUT_SUBPATH="_fips_output/local"
-export GOEXPERIMENT="boringcrypto"
-make WHAT="cmd/kubelet"
-make WHAT="cmd/kube-proxy"
-
 # build the pause container
 cd build/pause/linux/
 
@@ -190,10 +185,9 @@ install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_bindir}
 
-fips_output="./_fips_output/local/bin/linux/%{_cross_go_arch}"
 install -d %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kubelet %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir}
diff --git a/packages/kubernetes-1.34/kubernetes-1.34.spec b/packages/kubernetes-1.34/kubernetes-1.34.spec
index ea7fc03bd..54f90160b 100644
--- a/packages/kubernetes-1.34/kubernetes-1.34.spec
+++ b/packages/kubernetes-1.34/kubernetes-1.34.spec
@@ -162,11 +162,6 @@ export KUBE_CGO_OVERRIDES="kube-proxy"
 make WHAT="cmd/kubelet"
 make WHAT="cmd/kube-proxy"
 
-export KUBE_OUTPUT_SUBPATH="_fips_output/local"
-export GOEXPERIMENT="boringcrypto"
-make WHAT="cmd/kubelet"
-make WHAT="cmd/kube-proxy"
-
 # build the pause container
 cd build/pause/linux/
 
@@ -190,10 +185,9 @@ install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_bindir}
 
-fips_output="./_fips_output/local/bin/linux/%{_cross_go_arch}"
 install -d %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kubelet %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir}
diff --git a/packages/kubernetes-1.35/kubernetes-1.35.spec b/packages/kubernetes-1.35/kubernetes-1.35.spec
index 1820b3d94..627288995 100644
--- a/packages/kubernetes-1.35/kubernetes-1.35.spec
+++ b/packages/kubernetes-1.35/kubernetes-1.35.spec
@@ -162,11 +162,6 @@ export KUBE_CGO_OVERRIDES="kube-proxy"
 make WHAT="cmd/kubelet"
 make WHAT="cmd/kube-proxy"
 
-export KUBE_OUTPUT_SUBPATH="_fips_output/local"
-export GOEXPERIMENT="boringcrypto"
-make WHAT="cmd/kubelet"
-make WHAT="cmd/kube-proxy"
-
 # build the pause container
 cd build/pause/linux/
 
@@ -190,10 +185,9 @@ install -d %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_bindir}
 install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_bindir}
 
-fips_output="./_fips_output/local/bin/linux/%{_cross_go_arch}"
 install -d %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kubelet %{buildroot}%{_cross_fips_bindir}
-install -p -m 0755 ${fips_output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kubelet %{buildroot}%{_cross_fips_bindir}
+install -p -m 0755 ${output}/kube-proxy %{buildroot}%{_cross_fips_bindir}
 
 install -d %{buildroot}%{_cross_unitdir}
 install -p -m 0644 %{S:1} %{S:10} %{S:13} %{buildroot}%{_cross_unitdir}
diff --git a/packages/release/fips-go.conf b/packages/release/fips-go.conf
new file mode 100644
index 000000000..15baa0b1d
--- /dev/null
+++ b/packages/release/fips-go.conf
@@ -0,0 +1,4 @@
+[Service]
+# Enable Go FIPS 140-3 mode for all services. This restricts Go's crypto
+# packages to use only FIPS-approved algorithms.
+Environment=GODEBUG=fips140=only
diff --git a/packages/release/release.spec b/packages/release/release.spec
index 6c930dde9..206f33195 100644
--- a/packages/release/release.spec
+++ b/packages/release/release.spec
@@ -110,6 +110,7 @@ Source1108: systemd-sysusers-selinux.conf
 Source1109: modprobe-no-exit.conf
 Source1110: tmp-mount-noexec.conf
 Source1111: network-pre-target-dbus-dep.conf
+Source1112: fips-go.conf
 
 # network link rules
 Source1200: 80-release.link
@@ -231,6 +232,9 @@ install -p -m 0644 %{S:81} %{buildroot}%{_cross_sysctldir}/81-release-swap.conf
 install -d %{buildroot}%{_cross_unitdir}/service.d
 install -p -m 0644 %{S:1104} %{buildroot}%{_cross_unitdir}/service.d/00-aws-config.conf
 
+install -d %{buildroot}%{_cross_unitdir}/service.d
+install -p -m 0644 %{S:1112} %{buildroot}%{_cross_unitdir}/service.d/00-fips-go.conf
+
 install -d %{buildroot}%{_cross_libdir}/systemd/system.conf.d
 install -p -m 0644 %{S:98} %{buildroot}%{_cross_libdir}/systemd/system.conf.d/80-release.conf
 
@@ -467,6 +471,7 @@ ln -s preconfigured.target %{buildroot}%{_cross_unitdir}/default.target
 %files fips
 %{_cross_bootconfigdir}/10-fips.conf
 %{_cross_tmpfilesdir}/release-fips.conf
+%{_cross_unitdir}/service.d/00-fips-go.conf
 %{_cross_unitdir}/*-bin.mount
 %{_cross_unitdir}/*-libexec.mount
 %{_cross_unitdir}/fipscheck.target