[build] Add Docker images with FIPS (#175946)

## Summary Closes elastic/kibana-operations/issues/24 This adds a second flavor of UBI image (`kibana-ubi-fips`) which has a FIPS compliant version of OpenSSL compiled and linked to Node. Using the label `ci:build-docker-fips` will create the image in CI and push to the registry. The FIPS image start the Kibana NodeJS process using the FIPS compliant OpenSSL version. Kibana will start in this state but crash during runtime because there are many code changes required for it to be FIPS compliant, including `node_module` usage. I attempted numerous ways to load other OpenSSL providers alongside the FIPS provider, but it always led to Kibana crashing on invalid algorithm usage. --------- Co-authored-by: Tiago Costa <tiago.costa@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-06-28 11:05:39 -04:00 · 2024-02-07 13:09:52 -07:00 · 2024-02-07 13:09:52 -07:00 · e448334950
commit e448334950
parent 558d1f60f7
21 changed files with 220 additions and 6 deletions
--- a/dev_docs/tutorials/ci.mdx
+++ b/dev_docs/tutorials/ci.mdx
@ -51,6 +51,10 @@ Build an archive that can be used to serve Kibana's static assets.

 Build cloud Docker images that can be used for testing deployments on Elastic Cloud.

+#### `ci:build-docker-fips`
+
+Build Docker UBI x64 image with FIPS enabled.
+
 #### `ci:build-os-packages`

 Build Docker images, and Debian and RPM packages.