Update Helm chart for new Go private action runner (#1527)

* staging changes for Go private action runner

* Update Helm chart for Go runner

* update port

* suggestions

* tweak wording

* delete mistake

* test with dummy private key

* test with kubeconform

* lint

charts/private-action-runner/CHANGELOG.md

@@ -1,12 +1,16 @@
 # Datadog changelog
 
+## 0.11.0
+
+* Added top level `port` configuration option, superseding `appBuilder.port`. Update the private action image to the beta image, `v0.1.0-beta`.
+
 ### 0.10.0
 
 * Update private action image version to `v0.0.1-alpha31`.
 
 ### 0.9.1
 
-- Added ability to configure connection credentials in `config.yaml`.
+* Added ability to configure connection credentials in `config.yaml`.
 
 ### 0.9.0
 

charts/private-action-runner/Chart.yaml

@@ -3,7 +3,7 @@ name: private-action-runner
 description: A Helm chart to deploy the private action runner
 
 type: application
-version: 0.10.0
+version: 0.11.0
 appVersion: "1.22.0"
 keywords:
 - app builder

charts/private-action-runner/README.md

@@ -1,6 +1,6 @@
 # Datadog Private Action Runner
 
-![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square)
+![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square)
 
 This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions.
 
@@ -41,16 +41,16 @@ helm repo update
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha31"}` | Current Datadog Private Action Runner image |
+| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.1.0-beta"}` | Current Datadog Private Action Runner image |
 | connectionCredentials.basicAuth.credentials | list | `[]` | List of credentials for Basic Auth |
 | connectionCredentials.jenkinsAuth.credentials | list | `[]` | List of credentials for Jenkins Auth |
 | connectionCredentials.postgresAuth.credentials | list | `[]` | List of credentials for Postgres Auth |
 | connectionCredentials.tokenAuth.credentials | list | `[]` | List of credentials for Token Auth |
-| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner |
+| runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner |
 | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute |
-| runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode |
 | runners[0].config.ddBaseURL | string | `"https://app.datadoghq.com"` | Base URL of the Datadog app |
 | runners[0].config.modes | list | `["workflowAutomation","appBuilder"]` | Modes that the runner can run in |
+| runners[0].config.port | int | `9016` | Port for HTTP server liveness checks and App Builder mode |
 | runners[0].config.privateKey | string | `"PRIVATE_KEY_FROM_CONFIG"` | The runner's privateKey from the enrollment page |
 | runners[0].config.urn | string | `"URN_FROM_CONFIG"` | The runner's URN from the enrollment page |
 | runners[0].kubernetesPermissions | list | `[{"apiGroups":[""],"resources":["pods"],"verbs":["list","get"]},{"apiGroups":["apps"],"resources":["deployments"],"verbs":["list","get"]}]` | List of Kubernetes permissions that the Datadog Private Action Runner has |

charts/private-action-runner/README.md.gotmpl

@@ -1,6 +1,6 @@
 # Datadog Private Action Runner
 
-![Version: 0.9.0](https://img.shields.io/badge/Version-0.9.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha29](https://img.shields.io/badge/AppVersion-v0.0.1--alpha29-informational?style=flat-square)
+![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![AppVersion: v0.1.0-beta](https://img.shields.io/badge/AppVersion-v0.1.0--beta-informational?style=flat-square)
 
 This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions.
 

charts/private-action-runner/ci/kubeconform-values.yaml

@@ -0,0 +1,9 @@
+runners:
+  - name: "default"
+    config:
+      # -- Base URL of the Datadog app
+      ddBaseURL: "https://app.datadoghq.com"
+      # -- The runner's URN from the enrollment page
+      urn: "urn:dd:apps:on-prem-runner:us1:2:runner-CI_TEST_ONLY"
+      # -- The runner's privateKey from the enrollment page
+      privateKey: "eyJ1c2UiOiJzaWciLCJrdHkiOiJFQyIsImtpZCI6IkxXbl9LLU9qbXQ4TFJ6TWdjbFY4dTRMYUVsdF9mZGpCN2RXdlJ2TkVhN2ciLCJjcnYiOiJQLTI1NiIsImFsZyI6IkVTMjU2IiwieCI6Imd3MVFKNVBQQXJmZk56XzdmWmZxX0xMYjhTV0MyaXhJUDFBbDh2SjJmVTgiLCJ5IjoiRjQ4VGRWZVhIRnpack05N1BwbnFMZFRUOG9iWDdKa2N5d3RzQ2RhLXRpayIsImQiOiJaczdDQ0MzMkRJQkpuaUZ5S1hFV0VvWThrZ1ZXMTVZbGdTYU9ISm5uX1drIn0"

charts/private-action-runner/examples/config.yaml → charts/private-action-runner/examples/values.yaml

@@ -1,5 +1,16 @@
 runners:
   - name: "custom-runner"
+    # Replace this section with the output of the private action runner enrollment process with the `--enroll-and-print-config` flag
+    config:
+      ddBaseURL: "https://app.datadoghq.com"
+      urn: "CHANGE_ME_URN_FROM_CONFIG"
+      privateKey: "CHANGE_ME_PRIVATE_KEY_FROM_CONFIG"
+      modes:
+        - appBuilder
+        - workflowAutomation
+      port: 9016
+      actionsAllowlist:
+        - com.datadoghq.http.request
     kubernetesPermissions:
       - apiGroups:
           - ""
@@ -23,18 +34,6 @@ runners:
           - "patch"
           - "update"
           - "delete"
-    config:
-      urn: "URN_FROM_CONFIG"
-      privateKey: "PRIVATE_KEY_FROM_CONFIG"
-      modes:
-        - "workflowAutomation"
-        - "appBuilder"
-      appBuilder:
-        port: 9016
-      actionsAllowlist:
-        - com.datadoghq.kubernetes.core.listPod
-        - com.datadoghq.http.request
-        - com.datadoghq.jenkins.buildJenkinsJob
 
 connectionCredentials:
   basicAuth:

charts/private-action-runner/templates/deployment.yaml

@@ -46,11 +46,6 @@ spec:
             - name: secrets
               mountPath: /etc/dd-action-runner
           env:
-            # Node memory limits
-            - name: NODE_OPTIONS
-              # See https://nodejs.org/docs/latest-v16.x/api/cli.html#--max-old-space-sizesize-in-megabytes
-              # 75% of memory limit/request
-              value: "--max-old-space-size=1536"
             - name: MANAGED_BY
               value: "helm"
       volumes:

charts/private-action-runner/templates/secrets.yaml

@@ -14,9 +14,13 @@ stringData:
     {{- range $mode := $runner.config.modes }}
       - {{ $mode }}
     {{- end }}
-    {{- if $runner.config.appBuilder }}
-    appBuilder:
-      port: {{ $runner.config.appBuilder.port }}
+    {{- if $runner.config.port }}
+    port: {{ $runner.config.port }}
+    {{- else if $runner.config.appBuilder }}
+    port: {{ $runner.config.appBuilder.port }}
+    {{- end }}
+    {{- if $runner.config.httpServerWriteTimeout }}
+    httpServerWriteTimeout: {{ $runner.config.httpServerWriteTimeout }}
     {{- end }}
     actionsAllowlist:
     {{- range $action := $runner.config.actionsAllowlist }}

charts/private-action-runner/values.yaml

@@ -6,7 +6,7 @@ common:
   # -- Current Datadog Private Action Runner image
   image:
     repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner
-    tag: v0.0.1-alpha31
+    tag: v0.1.0-beta
 
 runners:
   # runners[0].name -- Name of the Datadog Private Action Runner
@@ -49,9 +49,8 @@ runners:
       modes:
         - "workflowAutomation"
         - "appBuilder"
-      appBuilder:
-        # -- Required port for App Builder Mode
-        port: 9016
+      # -- Port for HTTP server liveness checks and App Builder mode
+      port: 9016
       # -- List of actions that the Datadog Private Action Runner is allowed to execute
       actionsAllowlist:
         - com.datadoghq.kubernetes.core.listPod