Категории

Deploy from GitHub Actions without Passwords | Watch Me Work

Опубликовано: 14 Октябрь 2024
на канале: Julie Ng
1,192
52

Watch me fix a broken GitHub Actions pipeline where I misconfigured federated identity so that I can deploy to Azure without any passwords. Learn conceptually how that works using OpenID Connect (OIDC) and OAuth standards. At the end of the video the login works as expected. The next error is related to me being a security nut and using principle of least privilege (PILP) and Role Based Access Control (RBAC) for shared Kubernetes clusters.

If you're interested in the RBAC and Kubernetes video, let me know and subscribe to the channel.

====== Contents ======

00:00 Intro
01:28 GitHub Actions Error Message
01:51 Whiteboard - Federated Identity Concept
03:52 YAML & Fix the Bug
04:58 Configure Credential in Azure AD
08:15 Re-run failed jobs
09:52 Explanation Subject Assertion
10:34 Explanation RBAC Error

====== Documentation ======

AZURE DOCS

Configure an app to trust a GitHub repo (preview)
https://docs.microsoft.com/en-us/azur...

GITHUB DOCS

Configuring OpenID Connect in Azure
https://docs.github.com/en/actions/de...

About security hardening with OpenID Connect
https://docs.github.com/en/actions/de...

play_arrow
6,644
94

Ноты Cadillac - MORGENSHTERN & Элджей | Караоке на гитаре KARAOKE + Ноты для гитары

Ноты Cadillac - MORGENSHTERN & Элджей | Караоке на гитаре KARAOKE + Ноты для гитары
play_arrow
478,436
14 тыс

Як зробити 🇺🇦ДОМАШНЄ солодковершкове МАСЛО своїми руками! Простий РЕЦЕПТ! Передача авто для 30 ОМБр

Як зробити 🇺🇦ДОМАШНЄ солодковершкове МАСЛО своїми руками! Простий РЕЦЕПТ! Передача авто для 30 ОМБр
play_arrow
17,517
181

Губкин карьер

Губкин карьер
play_arrow
No
0

Biológia (Litovčina) (sk-lt)

Biológia (Litovčina) (sk-lt)
play_arrow
6,057,653
121 тыс

DangMattSmith Didn't Make It.. (FACING ANXIETY)

DangMattSmith Didn't Make It.. (FACING ANXIETY)
play_arrow
65,033
1.7 тыс

My team flamed me for playing Twitch Support... so I carried them all

My team flamed me for playing Twitch Support... so I carried them all
play_arrow
859
12

Якщо людина просить про допомогу, сумнівів, допомагати чи ні, у поліцейського не повинно бути...

Якщо людина просить про допомогу, сумнівів, допомагати чи ні, у поліцейського не повинно бути...
play_arrow
810
68

КрасоткаПро, товары для маникюра. Отличные гель-лаки по акции!!

КрасоткаПро, товары для маникюра. Отличные гель-лаки по акции!!
Похожие видео
play_arrow
Can AI help me deploy to Kubernetes?

Can AI help me deploy to Kubernetes?
play_arrow
Why you can't impersonate me on GitHub

Why you can't impersonate me on GitHub
play_arrow
How to do (chunked) cloud uploads

How to do (chunked) cloud uploads
play_arrow
Git Branching for Docker Image Promotion across Environments 🚀 - Live Coding Walkthrough

Git Branching for Docker Image Promotion across Environments 🚀 - Live Coding Walkthrough
play_arrow
YAML Pipelines Walkthrough - GitHub Actions & Workflows

YAML Pipelines Walkthrough - GitHub Actions & Workflows
play_arrow
Deploy Feature Branches to Kubernetes

Deploy Feature Branches to Kubernetes
play_arrow
Deploy from GitHub Actions without Passwords | Watch Me Work

Deploy from GitHub Actions without Passwords | Watch Me Work
play_arrow
Version and Automate ⚡️ Releases like a Pro - Walkthrough and Demo

Version and Automate ⚡️ Releases like a Pro - Walkthrough and Demo
play_arrow
Too much security? Locked myself out with Pull Requests

Too much security? Locked myself out with Pull Requests
play_arrow
Moving, Bad Luck in August and Ask Me Anything

Moving, Bad Luck in August and Ask Me Anything
play_arrow
How I Resolve Git Merge Conflicts with Rebasing (Abort!)

How I Resolve Git Merge Conflicts with Rebasing (Abort!)
play_arrow
Managing 3 Kubernetes Clusters with Terraform + Makefiles in 1 Repo

Managing 3 Kubernetes Clusters with Terraform + Makefiles in 1 Repo
play_arrow
(Simple?) Real World Azure Pipelines YAML Walkthrough

(Simple?) Real World Azure Pipelines YAML Walkthrough
play_arrow
Debugging and Fixing Terraform State - Watch Me Work

Debugging and Fixing Terraform State - Watch Me Work
play_arrow
DevOps in Real Life - what an Experienced Architect Looks for

DevOps in Real Life - what an Experienced Architect Looks for
play_arrow
Block User AAD Sign-In takes HOURS…to debug

Block User AAD Sign-In takes HOURS…to debug
play_arrow
Vlog #2 - Why you'll never see this on official Microsoft Channels

Vlog #2 - Why you'll never see this on official Microsoft Channels
play_arrow
Azure Pipelines - Service Connections and Requiring Human Approval for Deployment

Azure Pipelines - Service Connections and Requiring Human Approval for Deployment
play_arrow
Azure Pipelines - Service Connections in YAML and Naming Conventions

Azure Pipelines - Service Connections in YAML and Naming Conventions
play_arrow
Azure Pipelines - Sharing Service Connections / Credentials across Projects

Azure Pipelines - Sharing Service Connections / Credentials across Projects
play_arrow
Azure DevOps #1 Best Practice - Identity!

Azure DevOps #1 Best Practice - Identity!
play_arrow
Azure Pipelines Variables - Naming, Reuse and Secrets

Azure Pipelines Variables - Naming, Reuse and Secrets
play_arrow
Azure Pipelines - Use YAML not Classic UI

Azure Pipelines - Use YAML not Classic UI
play_arrow
Did you close this CI/CD Security Backdoor? Pull Requests!

Did you close this CI/CD Security Backdoor? Pull Requests!