Loading External Actions¶

Robusta can load playbook actions from external git repositories. This extends Robusta with additional actions for use in customPlaybooks.

Warning

Robusta does not watch for changes in git repositories. Playbooks are reloaded when:

Robusta starts
Robusta's configuration changes
robusta playbooks reload is run

External actions are loaded using the playbookRepos Helm value, with either HTTPs or SSH.

Loading Actions from Public Git Repo¶

Use HTTPs to load actions:

playbookRepos:
  # add playbooks from https://github.com/robusta-dev/robusta-chaos
  my_extra_playbooks:
    url: "https://github.com/robusta-dev/robusta-chaos.git"
    # optional
    # branch: some_branch

Loading Actions from Private Git Repos¶

For private repos, load actions using SSH not HTTPs.

This method works for public repos too:

playbookRepos:
  # add the same playbooks as above, this time over ssh
  my_extra_playbooks:
    url: "git@github.com:robusta-dev/robusta-chaos.git"
    key: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tL
    # optional
    # branch: some_branch

The key parameter must contain a base64 encoded deployment key with read access.

Example deployment key

-----BEGIN OPENSSH PRIVATE KEY-----
ewfrcfsfvC1rZXktdjEAAAAABG5vb.....
-----END OPENSSH PRIVATE KEY-----

Handling Secrets¶

To avoid including Secrets in playbookRepos, save your SSH key in a Kubernetes Secret. Then reference it using an environment variable:

additional_env_vars:
 - name: GITHUB_SSH_KEY
   valueFrom:
     secretKeyRef:
       name: ssh-key
       key: id_rsa

playbookRepos:
  my_extra_playbooks:
    url: "git@github.com:robusta-dev/robusta-chaos.git"
    key: "{{env.GITHUB_SSH_KEY}}"
    # optional
    # branch: some_branch