YoVDO

Securing Self-Hosted GitHub Actions with Kubernetes and Actions-Runner-Controller

Offered By: CNCF [Cloud Native Computing Foundation] via YouTube

Tags

GitHub Actions Courses Kubernetes Courses Supply Chain Security Courses Multi-Tenancy Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of securing self-hosted GitHub Actions using Kubernetes and Actions-Runner-Controller in this comprehensive conference talk. Delve into the challenges and best practices for integrating these technologies securely, with a focus on regulated environments. Learn about typical deployment architectures and discover three critical areas where security risks intersect with usability. Examine cluster settings to limit potential security breaches, review controller settings for proper runner deployment and permission management, and dissect the runner pod to implement supply chain security. Gain valuable insights on topics such as Docker-in-Docker risks, rootless configurations, multi-tenant practices, and secure runner images. Benefit from practical recommendations, examples, and often-overlooked considerations like logging and mount sharing to enhance your GitHub Actions security posture within a Kubernetes environment.

Syllabus

Intro
Where are we headed?
I have a bias!
What's GitHub Actions?
Why self-hosted?
Unique security challenges
types of Actions
3 types of security concerns
2- Do you trust your neighbors?
Docker-in-Docker is risky, but...
Rootless?
Firecracker
Runner with Kubernetes jobs
3- Right-sizing your runners
Controller authorizations
Multi-tenant in practice
Recommendations
Secure runner images
Examples to get started!
You may have forgotten
Logging is easy to overlook
Sharing (mounts) isn't caring!
Building and deploying
Sharing is caring!
in)conclusions
Questions!


Taught by

CNCF [Cloud Native Computing Foundation]

Related Courses

Introduction to Cloud Infrastructure Technologies
Linux Foundation via edX
Scalable Microservices with Kubernetes
Google via Udacity
Google Cloud Fundamentals: Core Infrastructure
Google via Coursera
Introduction to Kubernetes
Linux Foundation via edX
Fundamentals of Containers, Kubernetes, and Red Hat OpenShift
Red Hat via edX