1 files changed, 47 insertions, 30 deletions
diff --git a/doc/development/fips_compliance.md b/doc/development/fips_compliance.md
index d4274c6275b..5b6f6ba0d98 100644
--- a/doc/development/fips_compliance.md
+++ b/doc/development/fips_compliance.md
@@ -1,6 +1,6 @@
 ---
-stage: none
-group: unassigned
+stage: Create
+group: Source Code
 info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
 ---
 
@@ -100,7 +100,7 @@ fips-mode-setup --disable
 
 #### Detect FIPS enablement in code
 
-You can query `GitLab::FIPS` in Ruby code to determine if the instance is FIPS-enabled:
+You can query `Gitlab::FIPS` in Ruby code to determine if the instance is FIPS-enabled:
 
 ```ruby
 def default_min_key_size(name)
@@ -191,11 +191,11 @@ to ignore AMI changes.
 
 #### Ansible: Specify the FIPS Omnibus builds
 
-The standard Omnibus GitLab releases build their own OpenSSL library,
-which is not FIPS-validated. However, we have nightly builds that create
-Omnibus packages that link against the operating system's OpenSSL library. To
-use this package, update the `gitlab_repo_script_url` field in the
-Ansible `vars.yml`. For example, you might modify
+The standard Omnibus GitLab releases build their own OpenSSL library, which is
+not FIPS-validated. However, we have nightly builds that create Omnibus packages
+that link against the operating system's OpenSSL library. To use this package,
+update the `gitlab_edition` and `gitlab_repo_script_url` fields in the Ansible
+`vars.yml`. For example, you might modify
 `gitlab-environment-toolkit/ansible/environments/gitlab-10k/inventory/vars.yml`
 in this way:
 
@@ -204,6 +204,7 @@ all:
   vars:
     ...
     gitlab_repo_script_url: "https://packages.gitlab.com/install/repositories/gitlab/nightly-fips-builds/script.deb.sh"
+    gitlab_edition: "gitlab-fips"
 ```
 
 ### Cloud Native Hybrid
@@ -300,7 +301,7 @@ all:
     gitlab_charts_custom_config_file: '/path/to/gitlab-environment-toolkit/ansible/environments/gitlab-10k/inventory/charts.yml'
 ```
 
-Now create `charts.yml` in the location specified above and specify tags with a `-ubi8` suffix. For example:
+Now create `charts.yml` in the location specified above and specify tags with a `-fips` suffix. For example:
 
 ```yaml
 global:
@@ -308,35 +309,38 @@ global:
     pullPolicy: Always
   certificates:
     image:
-      tag: master-ubi8
+      tag: master-fips
+  kubectl:
+    image:
+      tag: master-fips
 
 gitlab:
   gitaly:
     image:
-      tag: master-ubi8
+      tag: master-fips
   gitlab-exporter:
     image:
-      tag: master-ubi8
+      tag: master-fips
   gitlab-shell:
     image:
-      tag: main-ubi8 # The default branch is main, not master
+      tag: main-fips # The default branch is main, not master
   gitlab-mailroom:
     image:
-      tag: master-ubi8
+      tag: master-fips
   migrations:
     image:
-      tag: master-ubi8
+      tag: master-fips
   sidekiq:
     image:
-      tag: master-ubi8
+      tag: master-fips
   toolbox:
     image:
-      tag: master-ubi8
+      tag: master-fips
   webservice:
     image:
-      tag: master-ubi8
+      tag: master-fips
     workhorse:
-      tag: master-ubi8
+      tag: master-fips
 
 nginx-ingress:
   controller:
@@ -352,41 +356,44 @@ See [this issue](https://gitlab.com/gitlab-org/charts/gitlab/-/issues/3153#note_
 how to build NGINX and the Ingress Controller.
 
 You can also use release tags, but the versioning is tricky because each
-component may use its own versioning scheme. For example, for GitLab v14.10:
+component may use its own versioning scheme. For example, for GitLab v15.1:
 
 ```yaml
 global:
   certificates:
     image:
-      tag: 20191127-r2-ubi8
+      tag: 20211220-r0-fips
+  kubectl:
+    image:
+      tag: 1.18.20-fips
 
 gitlab:
   gitaly:
     image:
-      tag: v14.10.0-ubi8
+      tag: v15.1.0-fips
   gitlab-exporter:
     image:
-      tag: 11.14.0-ubi8
+      tag: 11.15.2-fips
   gitlab-shell:
     image:
-      tag: v13.25.1-ubi8
+      tag: v15.1.0-fips
   gitlab-mailroom:
     image:
-      tag: v14.10.0-ubi8
+      tag: v15.1.0-fips
   migrations:
     image:
-      tag: v14.10.0-ubi8
+      tag: v15.1.0-fips
   sidekiq:
     image:
-      tag: v14.10.0-ubi8
+      tag: v15.1.0-fips
   toolbox:
     image:
-      tag: v14.10.0-ubi8
+      tag: v15.1.0-fips
   webservice:
     image:
-      tag: v14.10.0-ubi8
+      tag: v15.1.0-fips
     workhorse:
-      tag: v14.10.0-ubi8
+      tag: v15.1.0-fips
 ```
 
 ## Verify FIPS
@@ -508,3 +515,13 @@ the `webservice` container has the following tags:
 - `master`
 - `master-ubi8`
 - `master-fips`
+
+### Testing merge requests with a FIPS pipeline
+
+Merge requests that can trigger Package and QA, can trigger a FIPS package and a
+Reference Architecture test pipeline. The base image used for the trigger is
+Ubuntu 20.04 FIPS:
+
+1. Trigger `package-and-qa`, if not already triggered.
+1. On the `gitlab-omnibus-mirror` child pipeline, manually trigger `Trigger:package:fips`.
+1. When the package job is complete, manually trigger the `RAT:FIPS` job.