Running a deployment-agent
- Create an agent pool and generate an authentication secret. See Creating an Agent Pool.
- Create your state encryption key. This is the base64 encoding of any string you choose — the value itself can be anything, it just has to be base64 encoded. The agent uses it to encrypt and decrypt the environment state and working directory before they are persisted, and env zero never has access to it. For example, generate one from a passphrase of your choice:
Read more about the state encryption key here.
- Run the agent:
Active and be ready to handle deployments.
Enabling Multi-ConcurrencyDo you have multiple deployments waiting to run and you don’t want to them to wait?Each container is designed to handle a single deployment at a time.To run multiple deployments in parallel, create another deployment agent using the
docker run command. You can run any number of containers to satisfy your deployment needs.Cloud Credential Configurations
These are optional configurations, and typically role authentication will be handled by native container service mechanisms. See note below regarding exposing Environment Variables for native authentication.
For GCP, and Azure you can embed the Environment Variables for GCP and Azure and use ADDITIONAL_ENV_VARS to expose them to the runner environment.
Secrets
These are optional configurations, and typically will be handled by native authentication mechanisms in AWS, GCP, Azure if you’re using the managed container services like ECS.Cost Estimation
Running a vcs-agent (for on-prem / self-hosted VCS)
In the case that you are using a self-hosted version control such as Bitbucket Server, GitLab Enterprise, GitHub Enterprise, you will need to run thevcs-agent.
It has to run in parallel with the deployment-agent to interact with private VCS.
- Set credentials for the relevant VCS as environment variables (see variables table below)
- Run docker:
docker run -e AGENT_ACCESS_TOKEN='<your-agent-access-token>' ghcr.io/env0/vcs-agent:latest
env zero has a public docker registry on GitHub which is maintained here.
Exposing Custom Environment Variables
By default, env zero’s runner will not expose all the environment variables defined in the container. This is to help ensure some safety, and isolating the container environment from the runner’s environment. However, in certain scenarios, you may still want to expose environment variables defined in the container. For example, if you’re running in AWS ECS, and you want to use the cluster role for authorization purposes.AWS ECS
When defining a role for the container, AWS sets an environmentAWS_CONTAINER_CREDENTIALS_RELATIVE_URI this variable should be added to the ADDITIONAL_ENV_VARS to be exposed to the runner environment.
For example, ADDITIONAL_ENV_VARS=["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
Next steps
- Self-Hosted Kubernetes Agent - Install the agent on a Kubernetes cluster with Helm.
- Self-Hosted Agents Overview - Create and manage agent pools and secrets.
- Custom/Optional Configuration - Review all available Helm configuration options.