►
From YouTube: FIPS 140-2 Compliant GitLab Runner Speed Run
Description
Overview of the FIPS 140-2 Compliant GitLab Runner released in GitLab Runner 14.7
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27886
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28814
https://docs.gitlab.com/runner/install/
A
So
what
does
it
mean
for
git
lab
runner
to
be
fips?
140-2
compliance
well
to
be
compliant
with
flips.
Guidelines
typically
means
that
a
product
or
piece
of
software
must
only
use
flipped
validated
cryptography
libraries
so
for
gitlab
runner.
What
this
means
is
that
we
have
had
to
distribute,
and
this
is
what's
in
14.7-
we've
had
to
distribute
a
version
of
gitlab
runner
that
uses
a
separate
gold
tool
chain
and
replaces
the
standard
crypto
modules,
with
fixed
validated
modules.
A
Now
note
at
this
time,
gitlab
runner
compliance
with
fips
14-2
guidelines
does
not
mean
that
the
github
runner
product
itself
has
been
independently
validated
by
an
approved
national
institute
of
status
and
technology
or
nest
collab
right.
We
are
using
go
library,
a
google
tool
chain
that
replaces
the
standard
go
cryptographic
modules
with
modules
that
have
been
previously
validated
to
be
fips
compliant
modules.
Our
software
itself
has
none,
has
not
gone
through
a
fixed
validation
or
testing
process.
A
A
It's
also
a
separate
140-2,
combined
rpm
package
that
includes
the
phipps
amd64
helper
image
and
in
addition
to
that
kubernetes
generic
q
a's
and
the
gitlab
runner
operative,
open
shift
are
supported
and
I'll
talk
a
bit
in
a
couple
signs
and
the
nuances
in
terms
of
what's
available
in
the
14.7
or,
what's
not
now
now
for
the
4.7
release,
only
amd
64,
compute,
architectures
and
red
hat
enterprise.
Linux
distributions
are
supported,
so
if
you
need
a
fips
compliant
gitlab
runner.
As
of
this
time,
it's
only
supporting
amd64,
compute
and
red
hat
enterprise
linux
distributions.
A
So
this
is
going
to
cover
basically
a
quick
overview
of
how
to
use
and
how
to
get
going
in
future
videos,
we'll
kind
of
think
about
maybe
going
a
little
bit
deeper
in
terms
of
configuration
and
installation
as
needed
based
on
the
feedback
from
from
the
customers
in
the
community.
But
it's
very
basic.
A
This
is
a
very,
very
basic
table,
stick
stuff
if
you're,
installing
or
looking
to
install
the
gitlab
runner
banner
in
the
npm
package,
you're,
basically
using
the
same
process
that
you
use
today
for
installing
gitlab
runner
as
document
I'll,
install
github
runner,
docs
page,
the
only
thing
that's
calling
out
differently
here
in
terms
of
installing
using
a
deborah
rpm
package
or
below
installing
manually.
You
would
see
that
in
the
installation
command
you're
specifying
the
amd64
underscore
fips
package.
So
there
is
now
a
new
package
available.
You
know
in
our
repository.
A
It
specifically
has
fips
in
the
title,
so
you'll
be
calling
that
package
and
then
the
same
thing
for
installing
manually.
You
can
see
it
here
and
just
go
back,
you'll
be
calling
amb64-fits.
So
that's
it.
That's
basically
it
if
you're
installing
it
on
when
it
applies
to
linux,
if
you're
using
it
in
terms
of
a
docker
or
docker
image,
you
simply
have
to
use
the
animator
fixer
typo
here,
just
don't
step,
let's
go
ahead
and
fix
that.
So
folks,
I'm
confused
you're,
basically
going
to
be
using
the
image.
A
That's
tagged:
ubi
dash
fips,
if
you're
going
to
be
using
the
the
darker
version
of
this
on
kubernetes
on
generic
kubernetes
you'll
need
to
configure
the
github
runner
container
and
help
your
image
in
your
hem
chart,
values
the
yaml
file
and
specifically
as
follows.
So
you'll
be
calling
the
github
runner
you
behind
that
scripts
image
here,
as
as,
basically
as
in
this
construct
and
then
in
the
configuration
section,
you'll
be
specifying
the
helper
image
flavor
as
ubi
fips,
and
so
this
helper
image,
synth
flavor
syntax
as
well
as
this
syntax.
A
The
different
pages
that
make
sense
for
you,
whether
you're,
installing
it
or
not,
enterprise
linux,
are
using
docker
you're
looking
to
use
on
kubernetes
or
you're
looking
to
to
use
this
on
the
get
weapon
operator
for
open
shift
and,
finally,
for
the
github
runner
operator
for
openshift
at
this
time,
it's
only
possible
with
this
release
to
change
the
helper
image
when
using
the
gitlab
and
operator
and
you'll
see
here,
you're
using
your
yaml
file,
you'll
be
passing
into
the
github
operator.
A
What
you'll
be
specifying
here
is
just
syntax,
helper
image
and
you're
again
you're
calling
the
ubi
fips
helper
image.
So
so
that's
it.
So
in
gitlab
on
the
14.7,
we
are
releasing
a
fix,
140
dash
to
compliant
github
runner,
it's
available
on
it
for
64
and
for
red
enterprise
lags.
If
you
have
any
questions
or
you
want
to
follow
along
in
terms
of
our
progress
for
adding
new
additional
distros
or
adding
additional
compute
architectures,
I
will
link
the
issue
that
you
can
use
to
follow
along
there
at
the
bottom
of
the
screen.