Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

CNCF [Cloud Native Computing Foundation]

Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the intricacies of securing self-hosted GitHub Actions using Kubernetes and Actions-Runner-Controller in this comprehensive conference talk. Delve into the challenges and best practices for integrating these technologies securely, with a focus on regulated environments. Learn about typical deployment architectures and discover three critical areas where security risks intersect with usability. Examine cluster settings to limit potential security breaches, review controller settings for proper runner deployment and permission management, and dissect the runner pod to implement supply chain security. Gain valuable insights on topics such as Docker-in-Docker risks, rootless configurations, multi-tenant practices, and secure runner images. Benefit from practical recommendations, examples, and often-overlooked considerations like logging and mount sharing to enhance your GitHub Actions security posture within a Kubernetes environment.

Syllabus

Intro
Where are we headed?
I have a bias!
What's GitHub Actions?
Why self-hosted?
Unique security challenges
types of Actions
3 types of security concerns
2- Do you trust your neighbors?
Docker-in-Docker is risky, but...
Rootless?
Firecracker
Runner with Kubernetes jobs
3- Right-sizing your runners
Controller authorizations
Multi-tenant in practice
Recommendations
Secure runner images
Examples to get started!
You may have forgotten
Logging is easy to overlook
Sharing (mounts) isn't caring!
Building and deploying
Sharing is caring!
in)conclusions
Questions!

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.