|
1 | 1 | # Private action runner Helm chart |
2 | 2 |
|
3 | | -This Helm Chart will deploy the Datadog Private Action runner inside a Kubernetes cluster. |
4 | | -You will be able to use private actions from the Datadog Workflow and Datadog App Builder products. |
5 | | -When deploying this chart, you will be able to give permissions to the runner in order to be able to run Kubernetes actions. |
| 3 | +This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. |
6 | 4 |
|
7 | 5 | ## Requirements |
8 | 6 | * A Datadog account with private actions enabled |
9 | | -* The kubectl cli |
| 7 | +* The `kubectl` cli |
10 | 8 | * Helm |
11 | | -* Sufficient permissions to the kubernetes cluster |
| 9 | +* Sufficient permissions to the Kubernetes cluster |
12 | 10 |
|
13 | | -## In order to use this chart |
| 11 | +## Use this chart |
14 | 12 |
|
15 | | -* Go to the private action runner tab https://app.datadoghq.com/workflow/private-action-runners |
16 | | -* Create a new private action runner |
17 | | -* Follow the instructions and you should have a running docker container and `config/config.yaml` file |
18 | | -* Stop the docker container (`docker stop <name-of-the-container>` or `docker compose stop`) |
19 | | -* You must create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy. |
20 | | - * You must replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container |
21 | | - * Other values can be re-configured as well, but you can also choose to stick with the defaults in the example |
22 | | -* You need to add this repository to your Helm repositories: |
| 13 | +1. Go to the [private action runner tab](https://app.datadoghq.com/workflow/private-action-runners). |
| 14 | +2. Create a new private action runner. |
| 15 | +3. Follow the instructions. You now have a running docker container and `config/config.yaml` file. |
| 16 | +4. Stop the docker container (`docker stop <name-of-the-container>` or `docker compose stop`). |
| 17 | +5. Create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy. |
| 18 | + * Replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container. |
| 19 | + * You can reconfigure other values or use the defaults in the example. |
| 20 | +6. Add this repository to your Helm repositories: |
23 | 21 | ``` |
24 | 22 | helm repo add datadog https://helm.datadoghq.com |
25 | 23 | helm repo update |
26 | 24 | ``` |
27 | | -* Install the Helm chart: |
| 25 | +7. Install the Helm chart: |
28 | 26 | ```bash |
29 | 27 | helm install <RELEASE_NAME> datadog/private-action-runner -f ./config.yaml |
30 | 28 | ``` |
31 | | -* Go to the workflow connections https://app.datadoghq.com/workflow/connections |
32 | | -* Create a new connection, select your private action runner and use `Service account authentication` |
33 | | -* Create a new workflow and use a kubernetes action like `List pod` / `List deployment` |
| 29 | +8. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections). |
| 30 | +9. Create a new connection, select your private action runner, and use **Service account authentication**. |
| 31 | +10. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**. |
34 | 32 |
|
35 | 33 | ## Going further |
36 | | -* Adjust the service account permissions according to your needs, you can find more informations about kubernetes RBAC here https://kubernetes.io/docs/reference/access-authn-authz/rbac |
37 | | -* Deploy several runners with different permissions / create different connections according to your needs |
38 | | -* Private actions documentation https://docs.datadoghq.com/service_management/app_builder/private_actions |
| 34 | +* Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac). |
| 35 | +* Deploy several runners with different permissions or create different connections according to your needs. |
| 36 | +* Learn more about [Private actions](https://docs.datadoghq.com/service_management/app_builder/private_actions). |
39 | 37 |
|
40 | 38 | ## Values |
41 | 39 |
|
42 | | -| Key | Type | Default | Description | |
43 | | -|-----|------|---------|-------------| |
44 | | -| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha22"` | Current Datadog Private Action Runner image | |
45 | | -| runners[0] | object | `{"config":{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"},"kubernetesPermissions":[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}],"name":"default","replicas":1}` | Name of the Datadog Private Action Runner | |
46 | | -| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | This is the configuration for the Datadog Private Action Runner | |
47 | | -| runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute | |
48 | | -| runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode | |
49 | | -| runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | The base URL of the Datadog | |
50 | | -| runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in | |
51 | | -| runners[0].config.privateKey | string | `"PRIVATE_KEY_FROM_CONFIG"` | User to specify the runner's privateKey from the enrollment page | |
52 | | -| runners[0].config.urn | string | `"URN_FROM_CONFIG"` | User to specify the runner's URN from the enrollment page | |
53 | | -| runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner will have | |
54 | | -| runners[0].replicas | int | `1` | Number of instances of Datadog Private Action Runner | |
| 40 | +| Key | Description | Type | Default | |
| 41 | +|--------------------------------------|------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| |
| 42 | +| `common.image` | Current Datadog Private Action Runner image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha22"` | |
| 43 | +| `runners[0]` | Name of the Datadog Private Action Runner | object | `{"config":{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"},"kubernetesPermissions":[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}],"name":"default","replicas":1}` | |
| 44 | +| `runners[0].config` | Configuration for the Datadog Private Action Runner | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | |
| 45 | +| `runners[0].config.actionsAllowlist` | List of actions that the Datadog Private Action Runner is allowed to execute | list | `["com.datadoghq.kubernetes.core.listPod"]` | |
| 46 | +| `runners[0].config.appBuilder.port` | Required port for App Builder Mode | int | `9016` | |
| 47 | +| `runners[0].config.ddBaseURL` | The base URL of the Datadog app | string | `"https://app.datadoghq.com"` | |
| 48 | +| `runners[0].config.modes` | Modes that the runner can run in | list | `["workflowAutomation","appBuilder"]` | |
| 49 | +| `runners[0].config.privateKey` | The runner's privateKey from the enrollment page | string | `"PRIVATE_KEY_FROM_CONFIG"` | |
| 50 | +| `runners[0].config.urn` | The runner's URN from the enrollment page | string | `"URN_FROM_CONFIG"` | |
| 51 | +| `runners[0].kubernetesPermissions` | List of Kubernetes permissions that the Datadog Private Action Runner has | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | |
| 52 | +| `runners[0].replicas` | Number of instances of the Datadog Private Action Runner | int | `1` | |
0 commit comments