Encryption clarification #5419
-
As asked over here concourse/docs#304. With reference to: https://github.com/concourse/docs/blob/master/lit/docs/auth.lit#L55 I have some confusion about what the docs are actually telling me. Can someone explain it like I’m 5? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
Essentially, Concourse should not (yet) be used in situations where you anticipate having potentially malicious actors configure pipelines. While we run workloads in containers, this is primarily to protect your builds from themselves by providing a clean, isolated environment on each run, and not to protect your cluster from arbitrary user-submitted workloads that pipelines may run. For example, if you were to run a central Concourse with open registration in order to run something like a hosted CI offering, you could quickly run into trouble as Concourse does not enforce safeguards that would prevent a user from submitting a build that is a "noisy neighbor" (i.e. starving your workers of CPU or memory) or tries to access sensitive networks that it shouldn't. In fact, pipelines can even enable their tasks to run with In order to provide that level of safety, more work would have to be done to enforce limits and perhaps disable or limit the use of Does that help? |
Beta Was this translation helpful? Give feedback.
Essentially, Concourse should not (yet) be used in situations where you anticipate having potentially malicious actors configure pipelines. While we run workloads in containers, this is primarily to protect your builds from themselves by providing a clean, isolated environment on each run, and not to protect your cluster from arbitrary user-submitted workloads that pipelines may run.
For example, if you were to run a central Concourse with open registration in order to run something like a hosted CI offering, you could quickly run into trouble as Concourse does not enforce safeguards that would prevent a user from submitting a build that is a "noisy neighbor" (i.e. starving your workers o…