Runners are deployed into each Install, and are responsible for updating, monitoring and managing your running application.

How do you configure a Runner?

The Runner is a VM created in the customer’s cloud account, and is defined in the cloud provider’s Infrastructure as code (IaC) language. e.g., as an AWS CloudFormation stack. When you create an Install in the Dashboard, Nuon outputs a link to a AWS CloudFormation stack that you can use to create the Runner in the AWS Console or CLI using your cloud credentials. This template is generated by Nuon based on the App’s configuration, and includes the Runner configuration.

Runner Responsibilities

The Runner performs the following jobs, inside of an Install:
  • provisioning or deprovisioning Components
  • syncing container images into the local artifact store
  • monitoring running Components by way of Actions e.g., health checks
  • running Actions, which can be used to perform Day 2 operational tasks
  • executing Terraform
  • returning telemetry and log data upon request

Runner Permissions

Each Runner works by listening for jobs from the Nuon managed data plane server it belongs too. This server dispatches jobs, which the runner will pick up and then run tasks to perform. The Runner will use different IAM roles for different component jobs, to minimize the permissions available on each job. These IAM roles are defined in each Sandbox, and Outputs are used to allow the Runner to use them. Since the Runner is deployed into the customer install, no long-lived permissions are required after the initial Install. This creates a more secure operating environment, as the only thing that can dispatch work to the runner is the data plane server it belongs to.