Skip to main content

DataOps Kubernetes Runner Additional Configuration

Populating the DataOps vault

By default, the chart will generate a secret with an empty {} vault.yml and a random salt when this secret is not specified. Learn more about the DataOps vault in our concepts section.

Optionally you can create a secret that holds the vault.yml and vault.salt files and specify the secret name in your dataops-values.yml file.

Create your vault files:

echo {} | sudo tee vault.yml > /dev/null
echo $RANDOM | md5sum | head -c 20 | sudo tee vault.salt > /dev/null

Create the secret in your cluster:

kubectl create secret generic dataops-vault --from-file=./vault.yml --from-file=./vault.salt

Then specify the secret in your dataops-values.yml under the key vaultSecret

dataops-values.yml
vaultSecret: "dataops-vault"

You can also pass vault content directly through your dataops-values.yml file by specifying the vault key as shown below.

dataops-values.yml
# Customize vault.yml content
vault:
CLIENT_SECRET: "ExampleSecret"
AWS:
ACCESS_KEY: "ExampleKey"
SECRET_ACCESS_KEY: "ExampleSecretKey"

Using a custom service account

If you would like to use your own Kubernetes service account instead of letting the chart create one, alter your dataops-values.yml file with the following:

dataops-values.yml
rbac:
create: false
serviceAccountName: <service_account> # Replace with the name of the service account you have created

Customizing the container registry

You can customize the DataOps Runner image through the image key in your values file. A the same time we need to change the source of the runner helper image:

dataops-values.yml
image:
registry: registry.example.com
image: "dataops-runner"
tag: "5-stable"
runners:
config: |
[[runners]]
[runners.kubernetes]
helper_image = "registry.example.com/gitlab/gitlab-runner-helper:latest"