Securing Self Hosted GHActions ARC NSomersall.pdf

《Securing Self Hosted GHActions ARC NSomersall.pdf》由会员分享，可在线阅读，更多相关《Securing Self Hosted GHActions ARC NSomersall.pdf（32页珍藏版）》请在三个皮匠报告上搜索。

1、Natalie SomersallSenior Solutions Engineer,GitHubSecuring Self-Hosted GitHub Actions With Kubernetes and Actions-Runner-ControllerAbout meSenior Solutions Engineer,GitHubLoveEmpowering developers to change the worldDoing cutting-edge stuff in highly regulated environmentsAutomating everythingGitHub

2、some-natalieWeb https:/some-natalie.devWhere are we headed?1.Why would I ever want to do this?2.Kubernetes cluster settings3.GitHub settings and deployment scopes4.Multi-tenancy in actions-runner-controller5.Runner images6.ConclusionsAll the normal container and Kubernetes security guidelines still

3、apply!I have a bias!Friction is the largest driver of admins,users,and developers doing insecure things.Whats GitHub Actions?GitHubs native automation platform,frequently used for CI/CD and running most of GitHub Reusable,modular workflows from an open-source marketplace or your internal organizatio

4、nCloud folks can use our hosted runners as a SaaS-Ephemeral VMs-Lots and lots of dependencies pre-loaded( readily available for each release-Updated(weekly),automatic scaling,caching,etc.all handled for youBring your own compute!(free-ish)-Needs the agent-Security operations is all on your team1 Why

5、 self-hosted?GitHub Enterprise Server(self-hosted GitHub)Custom hardware-ARM processors-GPU compute-Testing hardware attached to a real machineCustom software beyond whats available or installable on the hosted runners-Red Hat Enterprise Linux-In-house Linux distributionsNeeding to run jobs in a spe

6、cific environment,such as“gold load”type imaged machinesBecause you want to and Im not here to judge you Actions-Runner-ControllerOpen-source project https:/ Officially the auto-scaling solution for self-hosted runners for GitHub!Also ships some images for runners,most users build their ownUnique se