Skip to content

[ACTP] add private action runner to datadog operator #2516

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dd-gplassard wants to merge 12 commits into
base: main
Choose a base branch
from
+1,016 −24
Open

[ACTP] add private action runner to datadog operator #2516

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
51e48a6
[ACTP] add private action runner to datadog operator
dd-gplassard Jan 23, 2026
476d5ec
[ACTP] fix PAR spec
dd-gplassard Jan 27, 2026
c461829
[ACTP] add support for selfEnroll and actionsAllowlist and properly p…
dd-gplassard Jan 27, 2026
db04b3a
[ACTP] make auth volume writable
dd-gplassard Jan 27, 2026
25d580f
cleanup
dd-gplassard Jan 28, 2026
5ba4ecd
remove unused custom config
dd-gplassard Jan 28, 2026
53cbbea
[ACTP] wrap configuration into a nodeAgent property to prepare for cl…
dd-gplassard Jan 28, 2026
4170319
cleanup
dd-gplassard Jan 28, 2026
27612a6
code review feedback
dd-gplassard Jan 29, 2026
539502d
remove dead test code for better coverage
dd-gplassard Jan 29, 2026
4f62a28
fix after rebase
dd-gplassard Jan 29, 2026
84f84b2
consistency
dd-gplassard Jan 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions api/datadoghq/common/types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ const (
HostProfiler AgentContainerName = "host-profiler"
// AgentDataPlaneContainerName is the name of the Agent Data Plane container
AgentDataPlaneContainerName AgentContainerName = "agent-data-plane"
// PrivateActionRunnerContainerName is the name of the Private Action Runner container
PrivateActionRunnerContainerName AgentContainerName = "private-action-runner"
// AllContainers is used internally to reference all containers in the pod
AllContainers AgentContainerName = "all"
// ClusterAgentContainerName is the name of the Cluster Agent container
Expand Down
31 changes: 31 additions & 0 deletions api/datadoghq/v2alpha1/datadogagent_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,8 @@ type DatadogFeatures struct {
ServiceDiscovery *ServiceDiscoveryFeatureConfig `json:"serviceDiscovery,omitempty"`
// GPU monitoring
GPU *GPUFeatureConfig `json:"gpu,omitempty"`
// PrivateActionRunner configuration.
PrivateActionRunner *PrivateActionRunnerFeatureConfig `json:"privateActionRunner,omitempty"`

// Cluster-level features

Expand Down Expand Up @@ -657,6 +659,35 @@ type GPUFeatureConfig struct {
PatchCgroupPermissions *bool `json:"patchCgroupPermissions,omitempty"`
}

// PrivateActionRunnerFeatureConfig contains configuration for the Private Action Runner.
type PrivateActionRunnerFeatureConfig struct {
// Enables Private Action Runner.
// Default: false
// +optional
Enabled *bool `json:"enabled,omitempty"`

// NodeAgent configures Private Action Runner on the Node Agent.
// Runs one instance per node for node-level actions.
// +optional
NodeAgent *PrivateActionRunnerNodeConfig `json:"nodeAgent,omitempty"`
}

// PrivateActionRunnerNodeConfig contains configuration for Private Action Runner on the Node Agent.
type PrivateActionRunnerNodeConfig struct {
// Enables Private Action Runner on the Node Agent.
// Default: true
// +optional
Enabled *bool `json:"enabled,omitempty"`

// Enables automatic self-enrollment for the Node Agent runner.
// +optional
SelfEnroll *bool `json:"selfEnroll,omitempty"`

// Specifies the list of actions that are allowed to be executed.
// +optional
ActionsAllowlist []string `json:"actionsAllowlist,omitempty"`
}

// DogstatsdFeatureConfig contains the Dogstatsd configuration parameters.
// +k8s:openapi-gen=true
type DogstatsdFeatureConfig struct {
Expand Down
60 changes: 60 additions & 0 deletions api/datadoghq/v2alpha1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 7 additions & 1 deletion api/datadoghq/v2alpha1/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

56 changes: 56 additions & 0 deletions config/crd/bases/v1/datadoghq.com_datadogagentinternals.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2255,6 +2255,34 @@ spec:
type: object
type: object
type: object
privateActionRunner:
description: PrivateActionRunner configuration.
properties:
enabled:
description: |-
Enables Private Action Runner.
Default: false
type: boolean
nodeAgent:
description: |-
NodeAgent configures Private Action Runner on the Node Agent.
Runs one instance per node for node-level actions.
properties:
actionsAllowlist:
description: Specifies the list of actions that are allowed to be executed.
items:
type: string
type: array
enabled:
description: |-
Enables Private Action Runner on the Node Agent.
Default: true
type: boolean
selfEnroll:
description: Enables automatic self-enrollment for the Node Agent runner.
type: boolean
type: object
type: object
processDiscovery:
description: ProcessDiscovery configuration.
properties:
Expand Down Expand Up @@ -10255,6 +10283,34 @@ spec:
type: object
type: object
type: object
privateActionRunner:
description: PrivateActionRunner configuration.
properties:
enabled:
description: |-
Enables Private Action Runner.
Default: false
type: boolean
nodeAgent:
description: |-
NodeAgent configures Private Action Runner on the Node Agent.
Runs one instance per node for node-level actions.
properties:
actionsAllowlist:
description: Specifies the list of actions that are allowed to be executed.
items:
type: string
type: array
enabled:
description: |-
Enables Private Action Runner on the Node Agent.
Default: true
type: boolean
selfEnroll:
description: Enables automatic self-enrollment for the Node Agent runner.
type: boolean
type: object
type: object
processDiscovery:
description: ProcessDiscovery configuration.
properties:
Expand Down
66 changes: 66 additions & 0 deletions config/crd/bases/v1/datadoghq.com_datadogagentinternals_v1alpha1.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2361,6 +2361,39 @@
},
"type": "object"
},
"privateActionRunner": {
"additionalProperties": false,
"description": "PrivateActionRunner configuration.",
"properties": {
"enabled": {
"description": "Enables Private Action Runner.\nDefault: false",
"type": "boolean"
},
"nodeAgent": {
"additionalProperties": false,
"description": "NodeAgent configures Private Action Runner on the Node Agent.\nRuns one instance per node for node-level actions.",
"properties": {
"actionsAllowlist": {
"description": "Specifies the list of actions that are allowed to be executed.",
"items": {
"type": "string"
},
"type": "array"
},
"enabled": {
"description": "Enables Private Action Runner on the Node Agent.\nDefault: true",
"type": "boolean"
},
"selfEnroll": {
"description": "Enables automatic self-enrollment for the Node Agent runner.",
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
},
"processDiscovery": {
"additionalProperties": false,
"description": "ProcessDiscovery configuration.",
Expand Down Expand Up @@ -10220,6 +10253,39 @@
},
"type": "object"
},
"privateActionRunner": {
"additionalProperties": false,
"description": "PrivateActionRunner configuration.",
"properties": {
"enabled": {
"description": "Enables Private Action Runner.\nDefault: false",
"type": "boolean"
},
"nodeAgent": {
"additionalProperties": false,
"description": "NodeAgent configures Private Action Runner on the Node Agent.\nRuns one instance per node for node-level actions.",
"properties": {
"actionsAllowlist": {
"description": "Specifies the list of actions that are allowed to be executed.",
"items": {
"type": "string"
},
"type": "array"
},
"enabled": {
"description": "Enables Private Action Runner on the Node Agent.\nDefault: true",
"type": "boolean"
},
"selfEnroll": {
"description": "Enables automatic self-enrollment for the Node Agent runner.",
"type": "boolean"
}
},
"type": "object"
}
},
"type": "object"
},
"processDiscovery": {
"additionalProperties": false,
"description": "ProcessDiscovery configuration.",
Expand Down
28 changes: 28 additions & 0 deletions config/crd/bases/v1/datadoghq.com_datadogagentprofiles.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2255,6 +2255,34 @@ spec:
type: object
type: object
type: object
privateActionRunner:
description: PrivateActionRunner configuration.
properties:
enabled:
description: |-
Enables Private Action Runner.
Default: false
type: boolean
nodeAgent:
description: |-
NodeAgent configures Private Action Runner on the Node Agent.
Runs one instance per node for node-level actions.
properties:
actionsAllowlist:
description: Specifies the list of actions that are allowed to be executed.
items:
type: string
type: array
enabled:
description: |-
Enables Private Action Runner on the Node Agent.
Default: true
type: boolean
selfEnroll:
description: Enables automatic self-enrollment for the Node Agent runner.
type: boolean
type: object
type: object
processDiscovery:
description: ProcessDiscovery configuration.
properties:
Expand Down
Loading
Loading