Targets that don't have an internet-accessible endpoint need additional setup. We need a way to access the private network resources. Runops supports two models: self-hosted agents and Bastion hosts. This guide explains how to set up each one of them.
When Targets don't have public endpoints, one option is to set up self-hosted agents in your network, somewhere the target is accessible. Runops uses these agents to run tasks on private targets.
To use a self-hosted runner, you need to create the Target with the
runner flag set to
self-hosted. You will get the
RUNNER_TOKEN in the response.
Pasting the below snippets in the terminal will automatically create the Kubernetes resources. Make sure you update the variables and set the namespace of your choice before running them.
Create a Kubernetes Secret with the token and url of the Target:
Create a Kubernetes Deployment with the Runner image required for you Target. In this example we are using the Postgres runner image:
You can reach Targets in private networks using a Bastion host as the proxy for RunOps. To set up a Bastion proxy you need to do two things: create additional secrets in the Target, and sufix the type of the Target with
Add these secrets to the Target with the proxy configurations:
PROXY_KEY - A base64 encoded SSH key for the Bastion host user. You can encode the key using:
cat ~/.ssh/my-bastion-key | base64.
PROXY_USER - The SSH username configured in the Bastion host.
PROXY_HOST - The publicly accessible hostname of the Bastion host proxy.
This is how you would add these to your Target:
type (-t) flag with
-proxy when creating Targets.
Say you have a Mysql instance Target setup with the proxy Secrets and want to run a SQL query through the proxy, here is how you can do it: