Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
GitLab / GitLab Runner Demos / 17 Jan 2022
GitLab / GitLab Runner Demos / 17 Jan 2022
Previous Meeting
Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: FIPS 140-2 Compliant GitLab Runner Speed Run

Description

Overview of the FIPS 140-2 Compliant GitLab Runner released in GitLab Runner 14.7

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27886
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28814
https://docs.gitlab.com/runner/install/

A

Hey everyone darren eastman here, product manager for getlab runner in today's video, I'm going to briefly cover the fips 140-2 compliant good, get that runner, which is shipping in our github runner, fortinet 7 release.

A

So what is fips 14-2, well fips or federal information processing standards, which is defined by the united states, national institute of standards and technology, so fips 140-2 and its successor standard of standard successive publication to be more specific 14-3 is the united states federal government standard which specifies the security requirements for crypto or cryptographic modules and those specifically used in computer and telecommunication systems and within cyber systems protecting sensitive information.

A

So what does it mean for git lab runner to be fips? 140-2 compliance well to be compliant with flips. Guidelines typically means that a product or piece of software must only use flipped validated cryptography libraries so for gitlab runner. What this means is that we have had to distribute, and this is what's in 14.7- we've had to distribute a version of gitlab runner that uses a separate gold tool chain and replaces the standard crypto modules, with fixed validated modules.

A

Now note at this time, gitlab runner compliance with fips 14-2 guidelines does not mean that the github runner product itself has been independently validated by an approved national institute of status and technology or nest collab right. We are using um go library, a google tool chain that replaces the standard go cryptographic modules with modules that have been previously validated to be fips compliant modules. Our software itself has none, has not gone through a fixed validation or testing process.

A

So, what's available to get that runner for net seven well, a separate get that runner fixed, 1402, compliant binary, built with red hat score compiler.

A

It gets that run of 1402 compliant docker image then uses red hat's ubi based umea image as a space.

A

It's also a separate 140-2, combined rpm package that includes the phipps amd64 helper image and in addition to that kubernetes generic q a's and the gitlab runner operative, open shift are supported and I'll talk a bit in a couple signs and the nuances in terms of what's available in the 14.7 or, what's not now now for the 4.7 release, only amd 64, compute, architectures and red hat enterprise. Linux distributions are supported, so if you need a fips compliant gitlab runner. As of this time, it's only supporting amd64, compute and red hat enterprise linux distributions.

A

So this is going to cover basically a quick overview of how to use and how to get going um in future videos, we'll kind of think about um maybe going a little bit deeper in terms of configuration and installation as needed based on the feedback from from the customers in the community. But it's very basic.

A

This is a very, very basic table, stick stuff if you're, installing or looking to install the gitlab runner banner in the npm package, you're, basically using the same process that you use today for installing gitlab runner as document I'll, install github runner, docs page, the only thing that's calling out differently here in terms of installing using a deborah rpm package or below installing manually. You would see that in the installation command you're specifying the amd64 underscore fips package. So there is now a new package available. You know in our repository.

A

It specifically has fips in the title, so you'll be calling that package and then the same thing for installing manually. You can see it here and just go back, you'll be calling amb64-fits. So that's it. That's basically it if you're installing it um on when it applies to linux, if you're using it in terms of a docker or docker image, you simply have to use the animator fixer typo here, um just don't step, let's go ahead and fix that. So folks, I'm confused um you're, basically going to be using the image.

A

That's tagged: ubi dash fips, if you're going to be using the um the darker version of this um on kubernetes on generic kubernetes you'll need to configure the github runner container and help your image in your hem chart, values the yaml file and specifically as follows. So you'll be calling the github runner you behind that scripts image here, as as, basically as in this construct and then in the configuration section, you'll be specifying the helper image flavor as ubi fips, and so this helper image, synth flavor syntax as well as this syntax.

A

Here those pieces of syntax are again covered on our advanced documentation, page for getlab runner and I'll post links to all of those pages in the video on in the video description, so I'll be linking to our install get leverage docs starting point page and then I'll you'll be able to fan out from there into the different pieces.

A

The different pages that make sense for you, whether you're, installing it or not, enterprise linux, are using docker you're looking to use on kubernetes or you're looking to to use this on the get weapon operator for open shift um and, finally, for the github runner operator for openshift at this time, it's only possible with this release to change the helper image when using the gitlab and operator and you'll see here, you're using your yaml file, you'll be passing into the github operator.

A

What you'll be specifying here is just syntax, helper image and you're again you're calling the ubi fips helper image. So so that's it. So in gitlab on the 14.7, we are releasing a fix, 140 dash to compliant github runner, it's available on it for 64 and for red enterprise lags. If you have any questions or you want to follow along in terms of our progress for adding new additional distros or adding additional compute architectures, I will link the issue that you can use to follow along there at the bottom of the screen.

A

So this is chinese. Talk to you next time on our next video cheers.