Ken Muse
Why You Should Use Dedicated Clusters For GitHub ARC
GitHub ARC is a great way to run your GitHub Actions runners in your own Kubernetes cluster. ARC has its own set of requirements and best practices. One of the most important best practices I recommend is to use a dedicated Kubernetes cluster. This post will explain why.

Read more

GitHub Actions Injection Attacks
Security is at the heart of what we do in DevOps (if we’re doing it right). This includes protecting our CI/CD processes from malicious users and behaviors. One of the more interesting exploit vectors with build and release pipelines is a classic: the injection attack. This post reviews the basics of injection exploits and shows you how to easily avoid them.

Read more

The Two GitHub ARCs
I’ve been spending a lot of time helping companies to adopt GitHub ARC over the last few months. They are excited to be able to create self-hosted runners on-demand on Kubernetes. The biggest challenge many of them have is getting started, and the root of this problem often starts with realizing there are two different versions of ARC. In many cases, they started with the wrong one. This post will explain the difference.

Read more

Enabling GitHub ARC Metrics
GitHub’s Actions Runner Controller (ARC) offers a lot of great features, including metrics. These metrics give you visibility to the processing queue as well as the performance of runners and jobs. Enabling this feature is surprisingly easy. This post will show you how.

Read more

Understanding OIDC and Identity Federation
With the rise of OIDC, we no longer need to rely on secret keys or passwords to connect two services together. Instead, we can configure a trust relationship between the services and use that to securely request tokens for accessing resources. Adopting this approach can simplify things, but it can be scary for security teams and developers; they want to understand what makes this process work. In this post, walk through what’s happening under the covers.

Read more