Skip to main content

Kubernetes

Run your first Runops Task on your private Kubernetes cluster.

Setup#

Requirements

  • Access to create a deployment in Kubernetes
  • Credentials for the internal system of choice

Install & signup#

Running this in the terminal will install Runops and setup your account.

npm install -g runops
runops signup

Internal system setup#

Create a json file with a set of credentials to the internal system you will add to Runops. We will use a Mysql database in this example, check the integrations to find the variables you need for your system.

{
"MYSQL_HOST": "db-ip-or-hostname",
"MYSQL_USER": "runops-user",
"MYSQL_PASS": "mysecretpassword",
"MYSQL_PORT": "3306",
"MYSQL_DB": "my-db"
}

Export variables#

Add your internal system configs and your Runops to variables to facilitate the next steps. Get your TOKEN in the Runops dashboard.

export MY_TEST_DB=$(cat mysql-db.json)
export TOKEN=#changeme

Create a Kubernetes Secret#

Add your system configs and token to a Kubernetes Secret.

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Secret
metadata:
name: runops-agent
namespace: runops
type: Opaque
data:
MY_TEST_DB: $(echo -n ${MY_TEST_DB} | base64)
TOKEN: $(echo -n ${TOKEN} | base64)
EOF

Deploy the Runops agent#

Create a Kubernetes deployment for the Runops agent using the Secret we just created.

cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: runops-agent
namespace: runops
labels:
app: runops-agent
spec:
replicas: 1
selector:
matchLabels:
app: runops-agent
template:
metadata:
labels:
app: runops-agent
spec:
containers:
- name: runops-agent
image: runops/agent:latest
resources:
requests:
memory: "1G"
cpu: "500m"
imagePullPolicy: Always
envFrom:
- secretRef:
name: runops-agent
EOF

Remember to restart the deployment after adding new configurations to the Secret on your next Targets.

Create the Runops Target#

Create a Target in Runops that uses the values from the MY_TEST_DB Secret key as credentials to connect to your database or other internal systems.

runops targets create \
--name my-test-db \
--type mysql \
--secret_provider 'env-var' \
--secret_path 'MY_TEST_DB'

Run your first Tasks#

Now you can access this resource trough Runops. All sensitive data stays inside your infrastructure, with Secrets stored in your Kubernetes cluster and the connection to the database happening from your private VPC.

runops tasks create -t my-test-db -s 'select 1'

Add Slack reviews to Targets#

We define review workflows on Targets, and reviews happen in Slack. Targets have 3 review modes: none, anyone, and teams. Use the runops signup command to install the Runops Slack app.

⚠️ Make sure to add the Slack bot to your Slack workspace before adding reviews.

none#

In this mode, tasks don’t have a review workflow. They are ready to run right after they are created. This mode is good for making Targets safe and easy to access. Use this mode for database read-replicas and development cloud accounts.

runops targets update \
--name 'my-test-db' \
--review 'none'

anyone#

The anyone mode lets anyone with access to the message in Slack review the Task. It’s suited for an optional peer review flow, and to notify other team members about tasks.

Required option: channel

ℹ️ For reviews on private Slack channels you must add the Runops bot to the channel.

runops targets update \
--name 'my-test-db' \
--review 'anyone' \
--channel 'runops-reviews'

team#

Use this mode when you need multiple groups to review Tasks for a Target. The team mode requires people from one or more teams to review the task. Every user is a member of a team in Runops. This is the team Runops uses to validate if a given user can make the review. The task is only fully approved after one member of each required team approves it.

Required options: channel & reviewers

ℹ️ For reviews on private Slack channels you must add the Runops bot to the channel.

runops targets update \
--name 'my-test-db' \
--review 'team' \
--channel 'runops-reviews' \
--reviewers 'DBA,SRE,Security'
Custom markup