docs: Update FIPS documentation to reference k8s-snap docs (#62)

bschimke95 · web-flow · commit c88b6fd72795 · 2026-01-16T20:37:42.000+01:00
- Remove duplicate general FIPS information
- Keep CoreDNS-specific details (extended crypto module usage)
- Reference comprehensive k8s-snap FIPS documentation
diff --git a/docs/fips.md b/docs/fips.md
@@ -1,43 +1,11 @@
-## Overview
-This document provides an analysis of CoreDNS's cryptographic implementation with respect to FIPS 140 compliance requirements.
+# CoreDNS FIPS Compliance
 
-> **Note:** As of now, pebble is not built in a FIPS-compliant way. This document will be updated once it is.
-
-## FIPS Compliance Status
-
-CoreDNS uses both standard Go `crypto` and the extended `https://pkg.go.dev/golang.org/x/crypto` modules. To address the FIPS compliance for the standard package, the following steps are required:
-
-1. **Go Toolchain**: Must use the modified [Go toolchain from Microsoft](https://github.com/microsoft/go/blob/microsoft/release-branch.go1.23/eng/doc/fips/README.md) that links against FIPS-validated cryptographic modules.
-2. **OpenSSL**: Must link against a FIPS-validated OpenSSL implementation.
-
-**NOTE**: This ROCK is bundled with a FIPS-validated OpenSSL library which is described in the ROCK manifest (see [this discourse post]).
-```yaml
-...
-parts:
-  openssl:
-    plugin: nil
-    stage-packages:
-      - openssl-fips-module-3
-      - openssl
-...
-```
-
-For the extended module, enduring the non-approved algorithms are not executed would suffice.  
+For comprehensive information about FIPS 140-3 compliance in Canonical Kubernetes, including how ROCKs are built with FIPS support, please refer to the [k8s-snap FIPS documentation](https://github.com/canonical/k8s-snap/blob/main/docs/dev/fips.md).
 
-## Manual build
-
-**Prerequisites**:
-
-- a `rockcraft` version that allows building with Ubuntu Pro services (refer to [this discourse post]).
-
-**Building the Image**:
-
-Use the following command to build the image:
-
-```bash
-sudo rockcraft pack --pro=fips-updates
-```
+> **Note:** As of now, pebble is not built in a FIPS-compliant way. This document will be updated once it is.
 
-<!-- LINKS -->
+CoreDNS's cryptographic usage includes:
 
-[this discourse post]: https://discourse.ubuntu.com/t/build-rocks-with-ubuntu-pro-services/57578
+- **DNS-over-TLS (DoT)**: Secure DNS queries using TLS
+- **DNS-over-HTTPS (DoH)**: Secure DNS queries over HTTPS
+- **Backend Communication**: Secure communication with backend services using TLS
