[ACTP-745] update PAR configuration file location (#1909)

Author: dd-gplassard

charts/private-action-runner/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Datadog changelog
 
+## 1.3.0
+
+* Change the configuration directory to be `/etc/dd-action-runner/config`.
+
 ## 1.2.3
 
 * Add ability to include livenessProbe and readinessProbe configurations.

charts/private-action-runner/Chart.yaml

@@ -3,7 +3,7 @@ name: private-action-runner
 description: A Helm chart to deploy the private action runner
 
 type: application
-version: 1.2.3
+version: 1.3.0
 appVersion: "v1.4.0"
 keywords:
 - app builder

charts/private-action-runner/README.md

@@ -1,6 +1,6 @@
 # Datadog Private Action Runner
 
-![Version: 1.2.3](https://img.shields.io/badge/Version-1.2.3-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square)
+![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![AppVersion: v1.4.0](https://img.shields.io/badge/AppVersion-v1.4.0-informational?style=flat-square)
 
 ## Overview
 
@@ -164,10 +164,10 @@ Reference these secrets in your values.yaml:
 ```yaml
 runner:
   credentialSecrets:
-    # Mount all files from the secret at /etc/dd-action-runner/credentials/
+    # Mount all files from the secret at /etc/dd-action-runner/config/credentials/
     - secretName: action-credentials
       directoryName: ""
-    # Mount files in a subdirectory at /etc/dd-action-runner/credentials/jenkins/
+    # Mount files in a subdirectory at /etc/dd-action-runner/config/credentials/jenkins/
     - secretName: jenkins-credentials
       directoryName: "jenkins"
 ```
@@ -204,9 +204,9 @@ If actions requiring credentials fail:
 1. Verify that your credential files are properly formatted
 2. Check that the credentials are mounted correctly in the pod:
    ```bash
-   kubectl exec <pod-name> -- ls /etc/dd-action-runner/credentials/
+   kubectl exec <pod-name> -- ls /etc/dd-action-runner/config/credentials/
    ## Depending on how you pass the credentials they might appear in a different directory
-   kubectl exec <pod-name> -- ls /etc/dd-action-runner/
+   kubectl exec <pod-name> -- ls /etc/dd-action-runner/config
    ```
 
 3. Check the pod logs for credential-related errors
@@ -229,7 +229,7 @@ If actions requiring credentials fail:
 | runner.config.urn | string | `"CHANGE_ME_URN_FROM_CONFIG"` | The runner's URN from the enrollment page |
 | runner.credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner |
 | runner.credentialSecrets | list | `[]` | References to kubernetes secrets that contain credentials to be used by the Datadog Private Action Runner |
-| runner.env | list | `[]` | Environment variables to be passed to the Datadog Private Action Runner |
+| runner.env | list | `[{"name":"DD_PRIVATE_RUNNER_CONFIG_DIR","value":"/etc/dd-action-runner/config"}]` | Environment variables to be passed to the Datadog Private Action Runner |
 | runner.kubernetesActions | object | `{"configMaps":[],"controllerRevisions":[],"cronJobs":[],"customObjects":[],"customResourceDefinitions":[],"daemonSets":[],"deployments":[],"endpoints":[],"events":[],"jobs":[],"limitRanges":[],"namespaces":[],"nodes":[],"persistentVolumeClaims":[],"persistentVolumes":[],"podTemplates":[],"pods":["get","list"],"replicaSets":[],"replicationControllers":[],"resourceQuotas":[],"serviceAccounts":[],"services":[],"statefulSets":[]}` | Add Kubernetes actions to the `config.actionsAllowlist` and corresponding permissions for the service account |
 | runner.kubernetesActions.configMaps | list | `[]` | Actions related to configMaps (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") |
 | runner.kubernetesActions.controllerRevisions | list | `[]` | Actions related to controllerRevisions (options: "get", "list", "create", "update", "patch", "delete", "deleteMultiple") |

charts/private-action-runner/README.md.gotmpl

@@ -165,10 +165,10 @@ Reference these secrets in your values.yaml:
 ```yaml
 runner:
   credentialSecrets:
-    # Mount all files from the secret at /etc/dd-action-runner/credentials/
+    # Mount all files from the secret at /etc/dd-action-runner/config/credentials/
     - secretName: action-credentials
       directoryName: ""
-    # Mount files in a subdirectory at /etc/dd-action-runner/credentials/jenkins/
+    # Mount files in a subdirectory at /etc/dd-action-runner/config/credentials/jenkins/
     - secretName: jenkins-credentials
       directoryName: "jenkins"
 ```
@@ -205,9 +205,9 @@ If actions requiring credentials fail:
 1. Verify that your credential files are properly formatted
 2. Check that the credentials are mounted correctly in the pod:
    ```bash
-   kubectl exec <pod-name> -- ls /etc/dd-action-runner/credentials/
+   kubectl exec <pod-name> -- ls /etc/dd-action-runner/config/credentials/
    ## Depending on how you pass the credentials they might appear in a different directory
-   kubectl exec <pod-name> -- ls /etc/dd-action-runner/
+   kubectl exec <pod-name> -- ls /etc/dd-action-runner/config
    ```
 
 3. Check the pod logs for credential-related errors

charts/private-action-runner/UPGRADING.md

@@ -1,3 +1,8 @@
+# Upgrade to version 1.3.0
+
+In version 1.3.0 the chart has been updated to change the default location for the runner's configuration and credentials files. The configuration file has been moved from `/etc/datadog-runner/config.yaml` to `/etc/datadog-runner/config/config.yaml`. 
+Credentials have been moved from `/etc/datadog-runner/credentials` to `/etc/datadog-runner/config/credentials` so you might need to update your connection configurations to point to the new location.
+
 # Upgrade from version 0.x to version 1.x
 
 Version 1.0.0 introduces changes to simplify the chart and better align with Helm best practices. The most significant change is the restructuring of the values.yaml file.

charts/private-action-runner/examples/values.yaml

@@ -17,8 +17,8 @@ runner:
   # Use a "Role" to scope the permissions to the runner's namespace or a "ClusterRole" to give permissions to the entire cluster
   roleType: "Role"
   env:
-    - name: "ENV_VAR_NAME"
-      value: "ENV_VAR_VALUE"
+    - name: DD_PRIVATE_RUNNER_CONFIG_DIR
+      value: /etc/dd-action-runner/config
   livenessProbe:
     httpGet:
       path: /liveness
@@ -73,7 +73,7 @@ runner:
   #        - "patch"
   #        - "update"
   #        - "delete"
-  # credential files provided here will be mounted in /etc/dd-action-runner/
+  # credential files provided here will be mounted in /etc/dd-action-runner/config/
   # it is safe to remove unneeded files from this section
   credentialFiles:
     - fileName: "http_basic.json"
@@ -212,9 +212,9 @@ runner:
         }
 
   credentialSecrets: []
-    # a kubernetes secret containing multiple credentials files mounted at /etc/dd-action-runner/credentials/<filename-from-secret> see https://github.com/DataDog/helm-charts/blob/main/charts/private-action-runner/README.md
+    # a kubernetes secret containing multiple credentials files mounted at /etc/dd-action-runner/config/credentials/<filename-from-secret> see https://github.com/DataDog/helm-charts/blob/main/charts/private-action-runner/README.md
     # - secretName: all-secrets-at-once
     #   directoryName: ""
-    # a kubernetes secret containing a single credentials file mounted at /etc/dd-action-runner/credentials/jenkins/<filename-from-secret> see https://github.com/DataDog/helm-charts/blob/main/charts/private-action-runner/README.md
+    # a kubernetes secret containing a single credentials file mounted at /etc/dd-action-runner/config/credentials/jenkins/<filename-from-secret> see https://github.com/DataDog/helm-charts/blob/main/charts/private-action-runner/README.md
     # - secretName: jenkins-secret
     #   directoryName: jenkins

charts/private-action-runner/templates/deployment.yaml

@@ -38,10 +38,10 @@ spec:
             {{- toYaml $.Values.runner.resources | nindent 12 }}
           volumeMounts:
             - name: secrets
-              mountPath: /etc/dd-action-runner
+              mountPath: /etc/dd-action-runner/config
             {{- range $_, $credentialSecret := $.Values.runner.credentialSecrets }}
             - name: {{ $credentialSecret.secretName }}
-              mountPath: /etc/dd-action-runner/credentials/{{ $credentialSecret.directoryName }}
+              mountPath: /etc/dd-action-runner/config/credentials/{{ $credentialSecret.directoryName }}
             {{- end }}
           {{- if $.Values.runner.env }}
           env: {{ $.Values.runner.env | toYaml | nindent 12 }}

charts/private-action-runner/values.yaml

@@ -37,7 +37,9 @@ runner:
     # -- List of actions that the Datadog Private Action Runner is allowed to execute
     actionsAllowlist: []
   # -- Environment variables to be passed to the Datadog Private Action Runner
-  env: []
+  env:
+    - name: DD_PRIVATE_RUNNER_CONFIG_DIR
+      value: /etc/dd-action-runner/config
   # -- Allow the private action runner pods to schedule on selected nodes
   nodeSelector: {}
   # -- Kubernetes affinity settings for the runner pods
@@ -113,8 +115,8 @@ runner:
   # -- List of credential files to be used by the Datadog Private Action Runner
   credentialFiles: []
   # see examples/values.yaml for examples on how to specify secrets
-  # credential files provided here will be mounted in /etc/dd-action-runner/
+  # credential files provided here will be mounted in /etc/dd-action-runner/config/
   # -- References to kubernetes secrets that contain credentials to be used by the Datadog Private Action Runner
   credentialSecrets: []
-  # credential files provided here will be mounted in /etc/dd-action-runner/credentials/
+  # credential files provided here will be mounted in /etc/dd-action-runner/config/credentials/
   # see examples/values.yaml for examples on how to specify secrets

test/private-action-runner/__snapshot__/config-overrides.yaml

@@ -77,7 +77,7 @@ metadata:
   name: custom-full-name
   namespace: datadog-agent
   labels:
-    helm.sh/chart: private-action-runner-1.2.3
+    helm.sh/chart: private-action-runner-1.3.0
     app.kubernetes.io/name: private-action-runner
     app.kubernetes.io/instance: override-test
     app.kubernetes.io/version: "v1.4.0"
@@ -92,7 +92,7 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: private-action-runner-1.2.3
+        helm.sh/chart: private-action-runner-1.3.0
         app.kubernetes.io/name: private-action-runner
         app.kubernetes.io/instance: override-test
         app.kubernetes.io/version: "v1.4.0"
@@ -117,7 +117,7 @@ spec:
               memory: 1Gi
           volumeMounts:
             - name: secrets
-              mountPath: /etc/dd-action-runner
+              mountPath: /etc/dd-action-runner/config
           env: 
             - name: FOO
               value: foo

test/private-action-runner/__snapshot__/custom-pod-scheduling.yaml

@@ -77,7 +77,7 @@ metadata:
   name: resources-test-private-action-runner
   namespace: datadog-agent
   labels:
-    helm.sh/chart: private-action-runner-1.2.3
+    helm.sh/chart: private-action-runner-1.3.0
     app.kubernetes.io/name: private-action-runner
     app.kubernetes.io/instance: resources-test
     app.kubernetes.io/version: "v1.4.0"
@@ -92,13 +92,13 @@ spec:
   template:
     metadata:
       labels:
-        helm.sh/chart: private-action-runner-1.2.3
+        helm.sh/chart: private-action-runner-1.3.0
         app.kubernetes.io/name: private-action-runner
         app.kubernetes.io/instance: resources-test
         app.kubernetes.io/version: "v1.4.0"
         app.kubernetes.io/managed-by: Helm
       annotations:
-        checksum/values: f42d26f7e0b678aa3235b43bcd592b9e213fbe2dbb95009c20262347abc6f70f
+        checksum/values: 80cf8a4e558b434efcb5ed7013d2495a6ecdf4d5dbba496f0971b7d023f02497
     spec:
       serviceAccountName: resources-test-private-action-runner
       containers:
@@ -117,7 +117,10 @@ spec:
               memory: 1Gi
           volumeMounts:
             - name: secrets
-              mountPath: /etc/dd-action-runner
+              mountPath: /etc/dd-action-runner/config
+          env: 
+            - name: DD_PRIVATE_RUNNER_CONFIG_DIR
+              value: /etc/dd-action-runner/config
       nodeSelector:
         kubernetes.io/os: linux
       affinity: