Explore the intricacies of securing self-hosted GitHub Actions using Kubernetes and Actions-Runner-Controller in this comprehensive conference talk. Delve into the challenges and best practices for integrating these technologies securely, with a focus on regulated environments. Learn about typical deployment architectures and discover three critical areas where security risks intersect with usability. Examine cluster settings to limit potential security breaches, review controller settings for proper runner deployment and permission management, and dissect the runner pod to implement supply chain security. Gain valuable insights on topics such as Docker-in-Docker risks, rootless configurations, multi-tenant practices, and secure runner images. Benefit from practical recommendations, examples, and often-overlooked considerations like logging and mount sharing to enhance your GitHub Actions security posture within a Kubernetes environment.