Build pipelines for fips compliant variants of serverless runtimes

[kwiatekus]

Description

Implement a build pipeline for FIPS compliant images variants for serverless runtimes (python and nodejs)

Reasons

On restricted markets requiring FIPS compliance, serverless controller should schedule function pods based on fips compliant runtimes (python and nodejs)

Acceptance Criteria

• implement build pipelines for FIPS variants of serverles images (based on fips compliant base)
  • python runtime (fips) (flask python only)
  • node runtime (fips) (nodejs22 and nodejs24)
• Replace mock images in envs described in this ticket with true values
• Cleanup non-fips image for nodejs as we already made some efforts (openssl.cnf file and COPY func in Dockerfile)

Testing strategy

Enhance existing integration tests to run scenarios for FIPS and non-FIPS runtime versions. Follow this document to get access to pull internal images.

Attachments

How to build based on restricted base-image

• https://github.com/kyma-project/test-infra/blob/main/cmd/image-builder/README.md#example-dockerfile-to-build-restricted-images
• https://pages.github.tools.sap/kyma/documentation/kyma-internal/how-to-guides/80-kyma-restricted-registry.html#image-builder-environment

Related Issues

#2233

[halamix2]

• FIPS is partially removed from Nodejs images in Remove fips from Node images #2261 ; the base images are still unchanged