privateactionrunner

package
v1.25.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2026 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DDPAREnabled               = "DD_PRIVATE_ACTION_RUNNER_ENABLED"
	DDPARSelfEnroll            = "DD_PRIVATE_ACTION_RUNNER_SELF_ENROLL"
	DDPARIdentityUseK8sSecret  = "DD_PRIVATE_ACTION_RUNNER_IDENTITY_USE_K8S_SECRET"
	DDPARIdentitySecretName    = "DD_PRIVATE_ACTION_RUNNER_IDENTITY_SECRET_NAME"
	DDPARIdentityFilePath      = "DD_PRIVATE_ACTION_RUNNER_IDENTITY_FILE_PATH"
	DDPARURN                   = "DD_PRIVATE_ACTION_RUNNER_URN"
	DDPARPrivateKey            = "DD_PRIVATE_ACTION_RUNNER_PRIVATE_KEY"
	DDPARActionsAllowlist      = "DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST"
	DDPARTaskConcurrency       = "DD_PRIVATE_ACTION_RUNNER_TASK_CONCURRENCY"
	DDPARTaskTimeoutSeconds    = "DD_PRIVATE_ACTION_RUNNER_TASK_TIMEOUT_SECONDS"
	DDPARHTTPTimeoutSeconds    = "DD_PRIVATE_ACTION_RUNNER_HTTP_TIMEOUT_SECONDS"
	DDPARHTTPAllowlist         = "DD_PRIVATE_ACTION_RUNNER_HTTP_ALLOWLIST"
	DDPARHTTPAllowIMDSEndpoint = "DD_PRIVATE_ACTION_RUNNER_HTTP_ALLOW_IMDS_ENDPOINT"
	DDPARLogFile               = "DD_PRIVATE_ACTION_RUNNER_LOG_FILE"
)

Environment variable names for Private Action Runner configuration

View Source 
const (
	PrivateActionRunnerConfigPath = "/etc/datadog-agent/privateactionrunner.yaml"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type PrivateActionRunnerConfig added in v1.25.0 

type PrivateActionRunnerConfig struct {
	// Enabled controls whether the Private Action Runner is enabled
	Enabled bool `yaml:"enabled"`

	// SelfEnroll controls whether the runner should automatically enroll with Datadog
	// When true, the runner will automatically register and obtain credentials
	// When false, urn and private_key must be provided
	SelfEnroll bool `yaml:"self_enroll"`

	// IdentityUseK8sSecret controls whether to use a Kubernetes secret for identity storage
	// Defaults to true. When enabled, identity is stored in a K8s secret for persistence.
	IdentityUseK8sSecret *bool `yaml:"identity_use_k8s_secret,omitempty"`

	// IdentitySecretName is the name of the Kubernetes secret to use for identity storage
	// Defaults to "private-action-runner-identity"
	IdentitySecretName string `yaml:"identity_secret_name,omitempty"`

	// IdentityFilePath is the path to a file containing the identity (URN and private key)
	// Alternative to using K8s secrets for identity storage
	IdentityFilePath string `yaml:"identity_file_path,omitempty"`

	// URN is the Unique Resource Name identifying this Private Action Runner instance
	// Format: urn:dd:apps:on-prem-runner:<site>:<org_id>:runner-<runner_id>
	// Required if self_enroll is false
	URN string `yaml:"urn,omitempty"`

	// PrivateKey is the base64-encoded ECDSA private key for authentication
	// Required if self_enroll is false
	PrivateKey string `yaml:"private_key,omitempty"`

	// ActionsAllowlist is a list of action patterns that the runner is allowed to execute
	// Supports wildcard patterns like "com.datadoghq.kubernetes.core.*"
	// Example: ["com.datadoghq.http.request", "com.datadoghq.kubernetes.core.*"]
	ActionsAllowlist []string `yaml:"actions_allowlist,omitempty"`

	// TaskConcurrency controls how many tasks can run concurrently
	// Defaults to 5
	TaskConcurrency *int32 `yaml:"task_concurrency,omitempty"`

	// TaskTimeoutSeconds is the maximum time in seconds a task can run
	// Defaults to 60 seconds
	TaskTimeoutSeconds *int32 `yaml:"task_timeout_seconds,omitempty"`

	// HTTPTimeoutSeconds is the timeout for HTTP requests made by actions
	// Defaults to 30 seconds
	HTTPTimeoutSeconds *int32 `yaml:"http_timeout_seconds,omitempty"`

	// HTTPAllowlist is a list of hostname patterns that HTTP actions can access
	// Supports glob patterns like "*.datadoghq.com"
	// Empty list means all hosts are allowed
	HTTPAllowlist []string `yaml:"http_allowlist,omitempty"`

	// HTTPAllowIMDSEndpoint controls whether HTTP actions can access cloud metadata endpoints
	// (e.g., AWS EC2 instance metadata at 169.254.169.254)
	// Defaults to false for security
	HTTPAllowIMDSEndpoint *bool `yaml:"http_allow_imds_endpoint,omitempty"`

	// LogFile is the path to the log file for Private Action Runner
	// If not specified, logs go to the standard agent log location
	LogFile string `yaml:"log_file,omitempty"`
}

PrivateActionRunnerConfig represents the parsed configuration from YAML for Private Action Runner

func (*PrivateActionRunnerConfig) ToEnvVars added in v1.25.0 

func (c *PrivateActionRunnerConfig) ToEnvVars() []*corev1.EnvVar

ToEnvVars converts the PrivateActionRunnerConfig to a list of environment variables

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.