DataDog · ksun154 · Aug 15, 2024 · Aug 8, 2024 · Aug 9, 2024 · Aug 12, 2024
@@ -27,6 +27,10 @@ chart/synthetics-private-location:
     - changed-files:
         - any-glob-to-any-file: "charts/synthetics-private-location/**"
 
+chart/private-action-runner:
+    - changed-files:
+          - any-glob-to-any-file: "charts/private-action-runner/**"
+
 tools/tests:
     - changed-files:
         - any-glob-to-any-file: "tests/**"

@@ -1,5 +1,9 @@
 # Datadog changelog
 
+### 0.7.0
+
+* Simplify README instructions to reflect the new Kubernetes UI. Split image value to be consistent with other charts. Fix bug requiring port for Workflow mode. Open `/etc/dd-action-runner/` write access so template connection credential files can be generated.
+
 ### 0.6.0
 
 * Update private action image version to `v0.0.1-alpha27`.

@@ -3,7 +3,7 @@ name: private-action-runner
 description: A Helm chart to deploy the private action runner
 
 type: application
-version: 0.6.0
+version: 0.7.0
 appVersion: "1.22.0"
 keywords:
 - app builder

@@ -1,36 +1,94 @@
 # Datadog Private Action Runner
 
-![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square)
 
 This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions.
 
+## How to use Datadog Helm repository
+
+You need to add this repository to your Helm repositories:
+
+```
+helm repo add datadog https://helm.datadoghq.com
+helm repo update
+```
+
 ## Requirements
-* A Datadog account with private actions enabled
-* The `kubectl` cli
-* Helm
-* Sufficient permissions to the Kubernetes cluster
+* `kubectl` CLI is installed on my machine
+* Helm is installed on my machine
+* The permissions of my Kubernetes environment allow the Datadog Private Action Runner to read and write using a Kubernetes service account
 
 ## Use this chart
+1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners).
+2. Create a new Private Action Runner and follow the instructions for Kubernetes.
+
+## Use this chart with connection credentials
+1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners).
+2. Set up a new Private Action runner by following the Kubernetes instructions. When you reach step 4, instead of running `helm install`, make the following changes to the Helm chart.
+3. Download the chart locally.
+```bash
+helm pull datadog/private-action-runner --untar
+```
+4. Add connection credential json file to `templates/secrets.yaml` in the format corresponding to the credential and action types you want to use.
+
+HTTP Basic Auth:
+```
+{
+   auth_type: 'Basic Auth',
+   credentials: [
+      {
+         username: 'USERNAME',
+         password: 'PASSWORD',
+      },
+   ],
+}
+```
+HTTP Token Auth:
+```
+{
+   auth_type: 'Token Auth',
+   credentials: [
+      {
+         tokenName: 'TOKEN1',
+         tokenValue: 'VALUE1',
+      },
+   ],
+}
+```
+Jenkins:
+```
+{
+   auth_type: 'Token Auth',
+   credentials: [
+      {
+         username: 'USERNAME',
+         token: 'TOKEN',
+         domain: 'DOMAIN',
+      },
+   ],
+}
+```
+Postgres:
+```
+{
+   auth_type: 'Token Auth',
+   credentials: [
+      {
+         tokenName: 'connectionUri',
+         tokenValue: 'postgres://usr:password@example_host:5432/example_db',
+      },
+   ],
+}
+```
+5. Install the chart locally.
+```bash
+helm install <RELEASE_NAME> ./private-action-runner -f ./config.yaml
+```
 
-1. Go to the [private action runner tab](https://app.datadoghq.com/workflow/private-action-runners).
-2. Create a new private action runner.
-3. Follow the instructions. You now have a running docker container and `config/config.yaml` file.
-4. Stop the docker container (`docker stop <name-of-the-container>` or `docker compose stop`).
-5. Create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy.
-    * Replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container.
-    * You can reconfigure other values or use the defaults in the example.
-6. Add this repository to your Helm repositories:
-    ```
-    helm repo add datadog https://helm.datadoghq.com
-    helm repo update
-    ```
-7. Install the Helm chart:
-    ```bash
-        helm install <RELEASE_NAME> datadog/private-action-runner -f ./config.yaml
-    ```
-8. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections).
-9. Create a new connection, select your private action runner, and use **Service account authentication**.
-10. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**.
+## To use Kubernetes actions
+1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections).
+2. Create a new connection, select your private action runner, and use **Service account authentication**.
+3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**.
 
 ## Going further
 * Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac).
@@ -41,7 +99,7 @@ This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cl
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| common.image | string | `"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha27"` | Current Datadog Private Action Runner image |
+| common.image | object | `{"repository":"us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner","tag":"v0.0.1-alpha27"}` | Current Datadog Private Action Runner image |
 | runners[0].config | object | `{"actionsAllowlist":["com.datadoghq.kubernetes.core.listPod"],"appBuilder":{"port":9016},"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"privateKey":"PRIVATE_KEY_FROM_CONFIG","urn":"URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner |
 | runners[0].config.actionsAllowlist | list | `["com.datadoghq.kubernetes.core.listPod"]` | List of actions that the Datadog Private Action Runner is allowed to execute |
 | runners[0].config.appBuilder.port | int | `9016` | Required port for App Builder Mode |

@@ -1,36 +1,94 @@
 # Datadog Private Action Runner
 
-![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square)
+![Version: 0.7.0](https://img.shields.io/badge/Version-0.7.0-informational?style=flat-square) ![AppVersion: v0.0.1-alpha27](https://img.shields.io/badge/AppVersion-v0.0.1--alpha27-informational?style=flat-square)
 
 This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions.
 
+## How to use Datadog Helm repository
+
+You need to add this repository to your Helm repositories:
+
+```
+helm repo add datadog https://helm.datadoghq.com
+helm repo update
+```
+
 ## Requirements
-* A Datadog account with private actions enabled
-* The `kubectl` cli
-* Helm
-* Sufficient permissions to the Kubernetes cluster
+* `kubectl` CLI is installed on my machine
+* Helm is installed on my machine
+* The permissions of my Kubernetes environment allow the Datadog Private Action Runner to read and write using a Kubernetes service account
 
 ## Use this chart
+1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners).
+2. Create a new Private Action Runner and follow the instructions for Kubernetes.
+
+## Use this chart with connection credentials
+1. Go to the [Private Action Runner tab](https://app.datadoghq.com/workflow/private-action-runners).
+2. Set up a new Private Action runner by following the Kubernetes instructions. When you reach step 4, instead of running `helm install`, make the following changes to the Helm chart.
+3. Download the chart locally.
+```bash
+helm pull datadog/private-action-runner --untar
+```
+4. Add connection credential json file to `templates/secrets.yaml` in the format corresponding to the credential and action types you want to use.
+
+HTTP Basic Auth:
+```
+{
+   auth_type: 'Basic Auth',
+   credentials: [
+      {
+         username: 'USERNAME',
+         password: 'PASSWORD',
+      },
+   ],
+}
+```
+HTTP Token Auth:
+```
+{
+   auth_type: 'Token Auth',
+   credentials: [
+      {
+         tokenName: 'TOKEN1',
+         tokenValue: 'VALUE1',
+      },
+   ],
+}
+```
+Jenkins:
+```
+{
+   auth_type: 'Token Auth',
+   credentials: [
+      {
+         username: 'USERNAME',
+         token: 'TOKEN',
+         domain: 'DOMAIN',
+      },
+   ],
+}
+```
+Postgres:
+```
+{
+   auth_type: 'Token Auth',
+   credentials: [
+      {
+         tokenName: 'connectionUri',
+         tokenValue: 'postgres://usr:password@example_host:5432/example_db',
+      },
+   ],
+}
+```
+5. Install the chart locally.
+```bash
+helm install <RELEASE_NAME> ./private-action-runner -f ./config.yaml
+```
 
-1. Go to the [private action runner tab](https://app.datadoghq.com/workflow/private-action-runners).
-2. Create a new private action runner.
-3. Follow the instructions. You now have a running docker container and `config/config.yaml` file.
-4. Stop the docker container (`docker stop <name-of-the-container>` or `docker compose stop`).
-5. Create a `config.yaml` file with the appropriate values. An example `config.yaml` file is provided in the `examples` directory for you to copy.
-    * Replace the `URN_FROM_CONFIG` and the `PRIVATE_KEY_FROM_CONFIG` in the example file with with the `urn` and the `privateKey` from the `config/config.yaml` of the docker container.
-    * You can reconfigure other values or use the defaults in the example.
-6. Add this repository to your Helm repositories:
-    ```
-    helm repo add datadog https://helm.datadoghq.com
-    helm repo update
-    ```
-7. Install the Helm chart:
-    ```bash
-        helm install <RELEASE_NAME> datadog/private-action-runner -f ./config.yaml
-    ```
-8. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections).
-9. Create a new connection, select your private action runner, and use **Service account authentication**.
-10. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**.
+## To use Kubernetes actions
+1. Go to the [Workflow connections page](https://app.datadoghq.com/workflow/connections).
+2. Create a new connection, select your private action runner, and use **Service account authentication**.
+3. Create a new workflow and use a Kubernetes action like **List pod** or **List deployment**.
 
 ## Going further
 * Adjust the service account permissions according to your needs. Learn more about [Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac).

@@ -28,9 +28,18 @@ spec:
           key: node
           operator: Equal
           value: nodeless
+      initContainers:
+        - name: init-copy
+          image: "{{ $.Values.common.image.repository }}:{{ $.Values.common.image.tag }}"
+          command: [ 'sh', '-c', 'cp -r /etc/templates/* /etc/dd-action-runner/' ]
+          volumeMounts:
+            - name: secrets
+              mountPath: /etc/templates
+            - name: config
+              mountPath: /etc/dd-action-runner
       containers:
         - name: runner
-          image: {{ $.Values.common.image }}
+          image: "{{ $.Values.common.image.repository }}:{{ $.Values.common.image.tag }}"
           imagePullPolicy: IfNotPresent
           ports:
             - name: http
@@ -44,6 +53,8 @@ spec:
               memory: 2Gi
           volumeMounts:
             - name: secrets
+              mountPath: /etc/templates
+            - name: config
               mountPath: /etc/dd-action-runner
           env:
             # Node memory limits
@@ -55,4 +66,7 @@ spec:
         - name: secrets
           secret:
             secretName: {{ include "chart.secretName" $runner.name }}
+        - name: config
+          emptyDir:
+            medium: Memory
 {{- end }}
@@ -14,8 +14,10 @@ stringData:
     {{- range $mode := $runner.config.modes }}
       - {{ $mode }}
     {{- end }}
+    {{- if $runner.config.appBuilder }}
     appBuilder:
       port: {{ $runner.config.appBuilder.port }}
+    {{- end }}
     actionsAllowlist:
     {{- range $action := $runner.config.actionsAllowlist }}
       - {{ $action }}

@@ -4,7 +4,9 @@
 
 common:
   # -- Current Datadog Private Action Runner image
-  image: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner:v0.0.1-alpha27
+  image:
+    repository: us-east4-docker.pkg.dev/datadog-sandbox/apps-on-prem/onprem-runner
+    tag: v0.0.1-alpha27
 
 runners:
   # runners[0].name -- Name of the Datadog Private Action Runner

@@ -3,6 +3,7 @@ schema-version: v1
 kind: mergequeue
 gitlab_check_enable: false
 github_teams_restrictions:
+  - action-platform
   - agent-all
   - container-app
   - container-ecosystems