Context
Part of the FIPS-removal effort. See REMOVE_FIPS_PLAN.md for the full plan and premise.
Premise: Coder is not a FIPS boundary component. All traffic entering/leaving the Coder deployment is terminated by upstream load balancers and proxies that perform TLS with FIPS-validated crypto modules. We therefore do not need custom FIPS-mode container images.
Scope
Delete all three custom FIPS workspace/server image directories.
Files to delete
images/base-fips/ (entire directory — RHEL 9 UBI with update-crypto-policies --set FIPS)images/desktop-fips/ (entire directory — XFCE+KasmVNC on top of base-fips)images/coder-fips/ (entire directory — Alpine image wrapping the FIPS Coder binary)
If this empties images/, delete the directory too.
Acceptance criteria
Dependencies
None. Logically paired with the FIPS-workflows removal (separate issue), but file sets are disjoint so the two PRs can be worked in parallel.
Notes for downstream issues
After this merges, two GitHub Actions workflows (coder-fips.yml, images.yml) will have dangling paths: filters referencing deleted directories. That is handled by the workflow-removal issue.
Context
Part of the FIPS-removal effort. See
REMOVE_FIPS_PLAN.mdfor the full plan and premise.Premise: Coder is not a FIPS boundary component. All traffic entering/leaving the Coder deployment is terminated by upstream load balancers and proxies that perform TLS with FIPS-validated crypto modules. We therefore do not need custom FIPS-mode container images.
Scope
Delete all three custom FIPS workspace/server image directories.
Files to delete
images/base-fips/(entire directory — RHEL 9 UBI withupdate-crypto-policies --set FIPS)images/desktop-fips/(entire directory — XFCE+KasmVNC on top of base-fips)images/coder-fips/(entire directory — Alpine image wrapping the FIPS Coder binary)If this empties
images/, delete the directory too.Acceptance criteria
find images/ -type freturns empty (or the directory is removed).grep -rin fips images/ 2>/dev/nullreturns nothing.terraform fmt -check -recursive infra/terraform/andtflint(neither reference these paths, so this should already pass).Dependencies
None. Logically paired with the FIPS-workflows removal (separate issue), but file sets are disjoint so the two PRs can be worked in parallel.
Notes for downstream issues
After this merges, two GitHub Actions workflows (
coder-fips.yml,images.yml) will have danglingpaths:filters referencing deleted directories. That is handled by the workflow-removal issue.