Skip to main content

Kubernetes

Run your first Runops Task on your private Kubernetes cluster.

Setup#

Requirements

  • Access to create namespace, secrets and deployments in Kubernetes
  • Credentials for the internal system of choice

Install & signup#

Running this in the terminal will install Runops and setup your account.

npm install -g runops
runops signup

Agent Installation & Configuration#

Create a json file with a set of credentials to the internal system you will add to Runops. We will use a MySQL database in this example, if you want to use a different integration, check the required variables in the integrations page.

export AGENT_TOKEN= #-- change-me --#
export ENV_CONFIG=$(cat - <<EOF
{
"MYSQL_HOST": "db-ip-or-hostname",
"MYSQL_USER": "app-user",
"MYSQL_PASS": "db-password",
"MYSQL_PORT": "3306",
"MYSQL_DB": "app-db"
}
EOF)
curl -sL https://raw.githubusercontent.com/runopsio/agent/main/setup/k8s.sh | bash

If you want to just test it with a provisioned MySQL on Kubernetes, execute the steps below instead:

export AGENT_TOKEN= #-- change-me --#
export ENV_CONFIG=$(cat - <<EOF
{
"MYSQL_HOST": "mysql",
"MYSQL_USER": "root",
"MYSQL_PASS": "1a2b3c4d",
"MYSQL_PORT": "3306",
"MYSQL_DB": "testdb"
}
EOF)
curl -sL https://raw.githubusercontent.com/runopsio/agent/main/setup/k8s.sh | bash
kubectl apply -n runops -f https://github.com/runopsio/example-apps/blob/main/kubernetes/mysql-deploy.yaml

Create the Runops Target#

Create a Target in Runops that uses the values from the ENV_CONFIG Secret key as credentials to connect to your database or other internal systems.

runops targets create \
--name my-test-db \
--type mysql \
--secret_provider 'env-var' \
--secret_path 'ENV_CONFIG'

Run your first Tasks#

Now you can access this resource trough Runops. All sensitive data stays inside your infrastructure, with Secrets stored in your Kubernetes cluster and the connection to the database happening from your private VPC.

runops tasks create -t my-test-db -s 'SELECT NOW()'

Add Slack reviews to Targets#

We define review workflows on Targets, and reviews happen in Slack. Targets have 3 review modes: none, anyone, and teams. Use the runops signup command to install the Runops Slack app.

⚠️ Make sure to add the Slack bot to your Slack workspace before adding reviews.

none#

In this mode, tasks don’t have a review workflow. They are ready to run right after they are created. This mode is good for making Targets safe and easy to access. Use this mode for database read-replicas and development cloud accounts.

runops targets update \
--name 'my-test-db' \
--review 'none'

anyone#

The anyone mode lets anyone with access to the message in Slack review the Task. It’s suited for an optional peer review flow, and to notify other team members about tasks.

Required option: channel

ℹ️ For reviews on private Slack channels you must add the Runops bot to the channel.

runops targets update \
--name 'my-test-db' \
--review 'anyone' \
--channel 'runops-reviews'

team#

Use this mode when you need multiple groups to review Tasks for a Target. The team mode requires people from one or more teams to review the task. Every user is a member of a team in Runops. This is the team Runops uses to validate if a given user can make the review. The task is only fully approved after one member of each required team approves it.

Required options: channel & reviewers

ℹ️ For reviews on private Slack channels you must add the Runops bot to the channel.

runops targets update \
--name 'my-test-db' \
--review 'team' \
--channel 'runops-reviews' \
--reviewers 'DBA,SRE,Security'