This product is not supported for your selected
Datadog site. (
).
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Overview
Private actions allow your Datadog workflows and apps to interact with services hosted on your private network without exposing your services to the public internet. To use private actions, you must install a private action runner on a host in your network, then pair the runner with a Datadog Connection.
For more information about how private actions work, see the full overview page.
Supported private actions
The following integrations support private actions:
Prerequisites
Choose your installation method based on your environment:
- Agent-based installation (recommended)
- Linux or Windows host with Datadog Agent version 7.77.0 or later
- Or Kubernetes cluster with Datadog Operator version 1.24.0 or later
- Network access to Datadog:
https://
- An Application key with
on_prem_runner_write scope and Actions API Access enabled
- Standalone installation
- Linux host with 2GB of RAM
- Network access to Datadog:
https://, https://config.
- Docker (with Docker Compose if preferred) or Kubernetes
- To use App Builder with private actions, you must be able to point a hostname to the private action runner’s container. This hostname must be resolvable by your App users. App Builder calls the hostname using HTTPS, so you must bring your own SSL termination.
Set up a private action runner
Agent-based installation
The recommended way to install a private action runner is through the Datadog Agent. The runner automatically enrolls with Datadog and appears on the Private Action Runners page.
Using Fleet Automation (recommended)
- Go to the Fleet Automation install page for Linux.
- In Customize your Agent coverage, go to the Optimization & Remediation section and enable the toggle Enable Agent to take action. This creates an Application key with the
on_prem_runner_write scope and Actions API Access enabled. - In Install the Agent, add an API key and follow the instructions to run the installation command.
- After installation, go to the Private Action Runners page to verify your runner appears on the list.
Manual installation
Create an Application key
- Go to Application Keys.
- Click New Key and enter a name.
- Under Scopes, select on_prem_runner_write.
- Enable Actions API Access.
- Click Create Key and copy the key value.
Install or upgrade the Datadog Agent
Run the following command to install or upgrade the Agent and enable the private action runner. Replace the placeholder values:
<API_KEY>: Your Datadog API key<APP_KEY>: The Application key you createdDD_SITE: Your Datadog site (for example, datadoghq.com)DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST: Comma-separated list of actions to allow. See Available actions for the full list.
DD_API_KEY=<API_KEY> \
DD_APP_KEY=<APP_KEY> \
DD_SITE="datadoghq.com" \
DD_PRIVATE_ACTION_RUNNER_ENABLED=true \
DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST=com.datadoghq.script.runPredefinedScript,com.datadoghq.kubernetes.core.listPod \
bash -c "$(curl -L https://install.datadoghq.com/scripts/install_script_agent7.sh)"
Verify the installation
Go to the Private Action Runners page. You should see a new runner on the list. You can create new connections or start using existing ones.
Install or upgrade the Datadog Agent
If you already have the Datadog Agent installed, upgrade to version 7.77.0 or later. See Upgrade to Agent v7 for instructions.
For new installations, download and run the MSI installer. Replace <API_KEY> with your Datadog API key and update DD_SITE if you’re not using the “datadoghq.com”.
# Download the installer
Invoke-WebRequest -Uri "https://windows-agent.datadoghq.com/datadog-agent-7-latest.amd64.msi" -OutFile datadog-agent-7-latest.amd64.msi
# Install the Agent
Start-Process -Wait -PassThru msiexec -ArgumentList '/qn /l*v install.log /i datadog-agent-7-latest.amd64.msi APIKEY="<API_KEY>" DD_SITE="datadoghq.com"'
Create an Application key
- Go to Application Keys.
- Click New Key and enter a name.
- Under Scopes, select on_prem_runner_write.
- Enable Actions API Access.
- Click Create Key and copy the key value.
Edit the C:\ProgramData\Datadog\datadog.yaml file and add the following configuration:
app_key: <YOUR_APP_KEY>
private_action_runner:
enabled: true
self_enroll: true
actions_allowlist:
- "com.datadoghq.script.runPredefinedPowershellScript"
- "com.datadoghq.http.request"
See Available actions for the full list of actions you can add to the allowlist. Not all actions are supported on Windows yet. Safe choices for Windows include HTTP and runPredefinedPowershellScript.
Restart the Agent
Restart the Agent to apply the configuration and enroll the runner:
Restart-Service -Force datadogagent
Verify the installation
Go to the Private Action Runners page. You should see a new runner on the list. You can create new connections or start using existing ones.
Follow these steps to install the Private Action Runner on your Datadog Node Agents and Datadog Cluster Agent.
Using Fleet Automation (recommended)
- Go to the Fleet Automation install page.
- In Select Agent install method, choose Datadog Operator.
- In Select your Kubernetes distribution, choose the distribution that matches your environment.
- In Customize your Agent coverage, go to the Optimization & Remediation section and enable the toggle Enable Agent to take action. This creates an Application key with the
on_prem_runner_write scope and Actions API Access enabled. - In Add the Datadog Helm repository, add an API key.
- Follow the remaining Fleet instructions to complete the installation.
Manual installation
Install the Datadog Operator
Install the Datadog Operator version 1.24.0 or later:
helm repo add datadog https://helm.datadoghq.com
helm repo update
helm install datadog-operator datadog/datadog-operator \
--set image.repository=datadog/operator \
--set image.tag=1.24.0
Create an API key and Application key
- Create or choose an API key.
- Go to Application Keys and create a new key:
- Under Scopes, select on_prem_runner_write. This scope is required to register the runner and automatically create connections.
- Enable Actions API Access.
Create Kubernetes secrets
kubectl create secret generic datadog-secret \
--from-literal api-key=<YOUR_API_KEY> \
--from-literal app-key=<YOUR_APP_KEY>
Create a datadog-agent.yaml file with the following content:
- Set
clusterName to a meaningful name for your cluster. - Update
site to your Datadog site if you’re not using datadoghq.com. - The
app-key in the secret is required for the Private Action Runner. - Adjust
actions_allowlist and DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST based on your needs. See Available actions for the full list.
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
name: datadog
annotations:
agent.datadoghq.com/private-action-runner-enabled: "true"
agent.datadoghq.com/private-action-runner-configdata: |
private_action_runner:
enabled: true
actions_allowlist:
- "com.datadoghq.script.runPredefinedScript"
- "com.datadoghq.kubernetes.core.listPod"
spec:
global:
clusterName: <YOUR_CLUSTER_NAME>
site: datadoghq.com
credentials:
apiSecret:
secretName: datadog-secret
keyName: api-key
appSecret:
secretName: datadog-secret
keyName: app-key
kubelet:
tlsVerify: false
override:
nodeAgent:
image:
name: datadog/agent:7.77.0
pullPolicy: IfNotPresent
clusterAgent:
replicas: 2
image:
name: datadog/cluster-agent:7.77.0
pullPolicy: IfNotPresent
env:
- name: DD_PRIVATE_ACTION_RUNNER_ENABLED
value: "true"
- name: DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST
value: "com.datadoghq.script.runPredefinedScript,com.datadoghq.kubernetes.core.listPod"
features:
logCollection:
enabled: true
containerCollectAll: true
liveContainerCollection:
enabled: true
Deploy the Agent:
kubectl apply -f datadog-agent.yaml
Verify the deployment
Check that the cluster agent pods are running:
Check the Private Action Runner logs:
kubectl logs -l app.kubernetes.io/component=cluster-agent --tail=1000 | grep private
You should see logs indicating PAR identity secret creation, self-enrollment success, and the runner starting with its URN.
Go to the Private Action Runners page. You should see a new runner on the list.
Follow these steps to install the Private Action Runner on your Datadog Node Agents and Datadog Cluster Agent using Terraform.
Create an API key and Application key
- Create or choose an API key.
- Go to Application Keys and create a new key:
- Under Scopes, select on_prem_runner_write. This scope is required to register the runner and automatically create connections.
- Enable Actions API Access.
Note: You must first deploy without the kubernetes_manifest.datadog_agent resource for the CRDs to be created, then add it back.
Create a Terraform file with the following content. Update eks_cluster and other values as needed:
locals {
helm_operator_version = "2.19.0"
agent_version = "7.77.0"
eks_cluster = "<YOUR_CLUSTER_NAME>"
}
variable "datadog_api_key" {
type = string
}
variable "datadog_app_key" {
type = string
}
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.56.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 3.0.1"
}
helm = {
source = "hashicorp/helm"
version = "~> 3.1.1"
}
}
}
provider "aws" {
region = "us-east-1"
}
provider "kubernetes" {
host = data.aws_eks_cluster.target.endpoint
token = data.aws_eks_cluster_auth.target.token
cluster_ca_certificate = base64decode(data.aws_eks_cluster.target.certificate_authority[0].data)
}
provider "helm" {
helm_driver = "configmap"
kubernetes = {
host = data.aws_eks_cluster.target.endpoint
token = data.aws_eks_cluster_auth.target.token
cluster_ca_certificate = base64decode(data.aws_eks_cluster.target.certificate_authority[0].data)
}
}
data "aws_eks_cluster" "target" {
name = local.eks_cluster
}
data "aws_eks_cluster_auth" "target" {
name = local.eks_cluster
}
resource "kubernetes_namespace_v1" "namespace" {
metadata {
name = "datadog"
}
}
resource "kubernetes_secret_v1" "datadog" {
metadata {
name = "datadog-secret"
namespace = "datadog"
}
data = {
"api-key" = var.datadog_api_key
"app-key" = var.datadog_app_key
}
depends_on = [kubernetes_namespace_v1.namespace]
}
resource "helm_release" "datadog_operator" {
name = "datadog-operator"
repository = "https://helm.datadoghq.com"
chart = "datadog-operator"
version = local.helm_operator_version
namespace = "datadog"
create_namespace = false
depends_on = [kubernetes_namespace_v1.namespace]
}
resource "kubernetes_manifest" "datadog_agent" {
manifest = {
apiVersion = "datadoghq.com/v2alpha1"
kind = "DatadogAgent"
metadata = {
name = "datadog"
namespace = "datadog"
annotations = {
"agent.datadoghq.com/private-action-runner-enabled" = true
"agent.datadoghq.com/private-action-runner-configdata" = <<EOF
private_action_runner:
enabled: true
actions_allowlist:
- com.datadoghq.script.runPredefinedScript
- com.datadoghq.kubernetes.core.listPod
EOF
}
}
spec = {
global = {
clusterName = local.eks_cluster
site = "datadoghq.com"
credentials = {
apiSecret = {
secretName = "datadog-secret"
keyName = "api-key"
}
appSecret = {
secretName = "datadog-secret"
keyName = "app-key"
}
}
}
features = {
apm = {
enabled = true
}
liveProcessCollection = {
enabled = true
}
logCollection = {
enabled = true
containerCollectAll = true
}
processDiscovery = {
enabled = true
}
}
override = {
clusterAgent = {
image = {
tag = local.agent_version
}
env = [
{
name = "DD_PRIVATE_ACTION_RUNNER_ENABLED"
value = "true"
},
{
name = "DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST"
value = join(",", [
"com.datadoghq.script.runPredefinedScript",
"com.datadoghq.kubernetes.core.listPod",
])
},
]
}
nodeAgent = {
image = {
tag = local.agent_version
}
}
}
}
}
depends_on = [helm_release.datadog_operator]
}
Deploy
terraform init
terraform apply -var="datadog_api_key=<YOUR_API_KEY>" -var="datadog_app_key=<YOUR_APP_KEY>"
Verify the deployment
Check that the cluster agent pods are running:
kubectl get pods -n datadog
Check the Private Action Runner logs:
kubectl logs -l app.kubernetes.io/component=cluster-agent -n datadog --tail=1000 | grep private
Go to the Private Action Runners page. You should see a new runner on the list.
Using Fleet Automation (recommended)
- Go to the Fleet Automation install page.
- In Select Agent install method, choose Helm Chart.
- In Select your Kubernetes distribution, choose the distribution that matches your environment.
- In Customize your Agent coverage, go to the Optimization & Remediation section and enable the toggle Enable Agent to take action. This creates an Application key with the
on_prem_runner_write scope and Actions API Access enabled. - In Add the Datadog Helm repository, add an API key.
- Follow the remaining Fleet instructions to complete the installation.
Manual installation
Prerequisites
- Helm 3+
- Kubernetes cluster with access to kubectl
Create a Kubernetes secret
Create a secret containing your API key and Application key. The Application key must have the on_prem_runner_write scope and Actions API Access enabled.
kubectl create secret generic datadog-secret \
--from-literal=api-key=<API_KEY> \
--from-literal=app-key=<APP_KEY>
Add the Datadog Helm repository:
helm repo add datadog https://helm.datadoghq.com
helm repo update
Create a values.yaml file with the following content:
Note: To customize the actions allowlist, use datadog.privateActionRunner.actionsAllowlist for the node agent and clusterAgent.privateActionRunner.actionsAllowlist for the cluster agent. For all available configuration options, see datadog.privateActionRunner and clusterAgent.privateActionRunner in the Helm chart.
datadog:
apiKeyExistingSecret: datadog-secret
appKeyExistingSecret: datadog-secret
site: datadoghq.com
clusterName: <YOUR_CLUSTER_NAME>
remoteConfiguration:
enabled: true
privateActionRunner:
enabled: true
clusterAgent:
enabled: true
env:
- name: DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST
value: "com.datadoghq.http.request,com.datadoghq.kubernetes.core.listPod"
agents:
enabled: true
containers:
agent:
env:
- name: DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST
value: "com.datadoghq.http.request,com.datadoghq.kubernetes.core.listPod"
Install the Datadog Agent with Helm:
helm install datadog-agent datadog/datadog -f values.yaml
Verify the installation
Go to the Private Action Runners page. You should see a new runner on the list.
Standalone installation
As an alternative to the agent-based installation, you can run the private action runner as a standalone Docker container or Kubernetes deployment.
- Go to Actions Catalog > Private Action Runners, and click New Private Action Runner.
- Enter a name for your runner and select the allowed actions.
- Create a directory on your host where the runner can store its configuration, such as
./config. - Deploy your runner by following the steps for your container platform:
Click Docker.
Run the provided docker run command on your host, replacing ./config with the path to the directory you created for the runner configuration.
You can safely ignore the error DATADOG TRACER DIAGNOSTIC - Agent Error: connect ECONNREFUSED.
Click Docker Compose.
Create a docker-compose.yaml file and add the provided YAML, or add the runner stanza to an existing Docker Compose file. For information on creating a Docker Compose file, see the official Compose documentation.
Replace ./config with the path to the directory you created for the runner configuration.
Run docker compose up -d.
You can safely ignore the error DATADOG TRACER DIAGNOSTIC - Agent Error: connect ECONNREFUSED.
- Click Kubernetes.
- Confirm that you have installed
kubectl on your machine: run kubectl version and verify that there is output. - Confirm that you have installed
helm on your machine: run helm version and verify that there is output. - Confirm that you have sufficient permissions to create Kubernetes resources in your cluster.
- Follow the instructions provided in the app to:
- Enroll the runner and generate the config.
- Add the Private Action Runner to your Helm repositories.
- Install the Helm chart.
- Run
kubectl get pods -w and verify that the status of the Private Action Runner pod becomes Ready.
Programmatic installation
As an alternative to the UI-based setup, you can enroll and configure a private action runner programmatically using your API key and Application key. This approach is ideal for automated deployments, CI/CD pipelines, and infrastructure-as-code workflows.
To set up the runner programmatically:
- Provide your Datadog API and App keys through the
DD_API_KEY and DD_APP_KEY environment variables. - Pass the
--with-api-key flag to the runner container.
The runner uses these credentials to register itself with your Datadog organization and assign the App key author as the runner editor.
Example commands
Use the following commands to create an auto-enrollment script that can be rerun for automated deployments. After the runner enrolls successfully, it appears on the Private Action Runners page.
Before running the commands, update the following values:
RUNNER_NAME: A unique name for your runner.DD_BASE_URL: Your Datadog site URL (for example, https://app.datadoghq.com)../config: The path to your runner configuration directory.- (Optional) Image version: The container image tag to use for the runner.
export DD_API_KEY="<YOUR_API_KEY>"
export DD_APP_KEY="<YOUR_APP_KEY>"
docker run -d \
-e DD_BASE_URL=<YOUR_DD_SITE> \
-e DD_PRIVATE_RUNNER_CONFIG_DIR=/etc/dd-action-runner/config \
-e DD_API_KEY="$DD_API_KEY" \
-e DD_APP_KEY="$DD_APP_KEY" \
-e RUNNER_NAME=<YOUR_RUNNER_NAME> \
-e 'ACTIONS_ALLOWLIST=com.datadoghq.http.request' \
-v ./config:/etc/dd-action-runner/config \
gcr.io/datadoghq/private-action-runner:v1.17.1 \
--with-api-key
Create a docker-compose.yaml file with the following content. For more information, see the official Compose documentation.
# docker-compose.yaml
version: '3.8'
services:
private-runner:
image: gcr.io/datadoghq/private-action-runner:v1.17.1
command: ["--with-api-key"]
environment:
DD_API_KEY: ${DD_API_KEY}
DD_APP_KEY: ${DD_APP_KEY}
DD_BASE_URL: <YOUR_DD_SITE>
DD_PRIVATE_RUNNER_CONFIG_DIR: /etc/dd-action-runner/config
RUNNER_NAME: my-compose-runner
RUNNER_MODES: pull
ACTIONS_ALLOWLIST: "com.datadoghq.http.request"
volumes:
- "./config:/etc/dd-action-runner/config"
Run with:
export DD_API_KEY="<YOUR_API_KEY>"
export DD_APP_KEY="<YOUR_APP_KEY>"
DD_API_KEY=$DD_API_KEY DD_APP_KEY=$DD_APP_KEY docker compose up -d
- Generate the runner configuration:
export DD_API_KEY="<YOUR_API_KEY>"
export DD_APP_KEY="<YOUR_APP_KEY>"
docker run \
-e DD_BASE_URL=<YOUR_DD_SITE> \
-e DD_PRIVATE_RUNNER_CONFIG_DIR=/etc/dd-action-runner/config \
-e DD_API_KEY="$DD_API_KEY" \
-e DD_APP_KEY="$DD_APP_KEY" \
-e RUNNER_NAME="my-runner" \
-e 'ACTIONS_ALLOWLIST=com.datadoghq.http.request' \
-v ./config:/etc/dd-action-runner/config \
gcr.io/datadoghq/private-action-runner:v1.17.1 \
--with-api-key --enroll -f helm-values > values.yaml
- Deploy the Helm chart:
helm upgrade --install datadog-par datadog/private-action-runner -f values.yaml
When you see the Ready to use status, you can create a new connection for the runner or see it on the Private Action Runners page:
- To create a new connection for the runner, click Link Runner to New Connection and select an integration.
- Click View Runner to see the runner on the Private Action Runners page.
See Connect a runner for more information on pairing your runner with a connection.
Manage access
Use role-based access control (RBAC) to control access to your private action runner. To see the list of permissions that apply to private action runner, see Datadog Role Permissions.
You can set permissions on the runner to restrict modifications or prevent new connections from being attached. Available granular permissions include Viewer, Contributor, and Editor.
By default, only the runner’s creator has Editor access. The creator can grant access to additional users, service accounts, roles, or teams.
Permission levels
- Viewer
- Can view the runner and the connections attached to it
- Contributor
- Can view and contribute to the runner by attaching new connections to it
- Editor
- Can view, contribute (attach new connections), and edit the runner
Set permissions on a runner
- Navigate to the Edit page of the runner.
- In the Who Has Access? section, click Edit access.
- Select a user, service account, role, or team from the dropdown menu, then click Add. The selected principal appears at the bottom of the dialog box.
- Next to the principal name, select your desired permission from the dropdown menu.
- To remove access from a principal, select Remove access from the permissions dropdown menu.
- Click Done to finalize the permissions setup.
- Click Save to apply the new permissions to the runner.
Connect a runner
Before you can use an action runner, you must pair it with one or more connections.
To pair a runner to a connection:
- From the Workflow Automation or App Builder Connections page, click New Connection.
- Select the integration you want to connect with your private action runner. For a list of integrations that support private actions, see Supported private actions.
- Add a Connection Name and select your runner from the Private Action Runner dropdown.
- Add the paths to any required credential files. For more information on credentials, see Handling Private Action Credentials.
Use a private action
To use a private action in your Workflow Automation workflow or App Builder app:
- From the Workflow Automation page, create a workflow, or open an existing workflow. For information on creating or editing a workflow, see Build Workflows.
- Click Add Step and search for the private action you want to add to your workflow. For a list of integrations that support private actions, see Supported private actions.
- Enter a name for the step.
- Select a Connection from the dropdown or click the plus (+) icon to add a new connection. Using a private action requires a private action runner that is paired with a connection. See Connect a runner for more information.
- Complete any required fields and click Save to save your workflow.
- From the App Builder page, create an app, or open an existing app. For information on creating or editing an app, see Build Apps.
- Click New Query and search for the private action you want to add to your app. For a list of integrations that support private actions, see Supported private actions.
- Select a Connection from the dropdown or click the plus (+) icon to add a new connection. Using a private action requires a private action runner paired with a connection. See Connect a runner for more information.
- Complete any required fields and click Save to save your query.
Edit private runners
Edit connections or delete runners
From the Private Action Runner page in Actions Catalog, you can view all of your private runners together with the workflows or apps that use each runner. To edit the connection for a runner, click View Details. Click the trash can icon to delete a runner.
Change the allowlist of a runner
To edit the allowlist for an agent-based private action runner:
Linux:
- Edit the
private_action_runner.actions_allowlist section in /etc/datadog-agent/datadog.yaml. - Restart the Agent:
sudo systemctl restart datadog-agent
Windows:
- Edit the
private_action_runner.actions_allowlist section in C:\ProgramData\Datadog\datadog.yaml. - Restart the Agent:
Restart-Service -Force datadogagent
Kubernetes (Operator):
- Update the
actions_allowlist in the DatadogAgent manifest annotations and the DD_PRIVATE_ACTION_RUNNER_ACTIONS_ALLOWLIST environment variable. - Apply the updated manifest:
kubectl apply -f datadog-agent.yaml
To edit the allowlist for a standalone private action runner:
- Edit the
actionsAllowlist section of the config.yaml file in your runner’s environment and add or remove the relevant actions. - Restart the runner by restarting your container or deployment.
Available actions
HTTP
"com.datadoghq.http.request"
Jenkins
"com.datadoghq.jenkins.buildJenkinsJob"
"com.datadoghq.jenkins.deleteJenkinsJob"
"com.datadoghq.jenkins.getJobStatus"
PostgreSQL
"com.datadoghq.postgresql.cancelQuery"
"com.datadoghq.postgresql.explain"
Script
"com.datadoghq.script.runPredefinedPowershellScript"
"com.datadoghq.script.runPredefinedScript"
Temporal
"com.datadoghq.temporal.getWorkflowResult"
"com.datadoghq.temporal.listWorkflows"
"com.datadoghq.temporal.runWorkflow"
Kubernetes
Kubernetes Api Extensions
"com.datadoghq.kubernetes.apiextensions.createCustomResourceDefinition"
"com.datadoghq.kubernetes.apiextensions.deleteCustomResourceDefinition"
"com.datadoghq.kubernetes.apiextensions.deleteMultipleCustomResourceDefinitions"
"com.datadoghq.kubernetes.apiextensions.getCustomResourceDefinition"
"com.datadoghq.kubernetes.apiextensions.listCustomResourceDefinition"
"com.datadoghq.kubernetes.apiextensions.patchCustomResourceDefinition"
"com.datadoghq.kubernetes.apiextensions.updateCustomResourceDefinition"
Kubernetes Apps
"com.datadoghq.kubernetes.apps.createControllerRevision"
"com.datadoghq.kubernetes.apps.createDaemonSet"
"com.datadoghq.kubernetes.apps.createDeployment"
"com.datadoghq.kubernetes.apps.createReplicaSet"
"com.datadoghq.kubernetes.apps.createStatefulSet"
"com.datadoghq.kubernetes.apps.deleteControllerRevision"
"com.datadoghq.kubernetes.apps.deleteDaemonSet"
"com.datadoghq.kubernetes.apps.deleteDeployment"
"com.datadoghq.kubernetes.apps.deleteMultipleControllerRevisions"
"com.datadoghq.kubernetes.apps.deleteMultipleDaemonSets"
"com.datadoghq.kubernetes.apps.deleteMultipleDeployments"
"com.datadoghq.kubernetes.apps.deleteMultipleReplicaSets"
"com.datadoghq.kubernetes.apps.deleteMultipleStatefulSets"
"com.datadoghq.kubernetes.apps.deleteReplicaSet"
"com.datadoghq.kubernetes.apps.deleteStatefulSet"
"com.datadoghq.kubernetes.apps.getControllerRevision"
"com.datadoghq.kubernetes.apps.getDaemonSet"
"com.datadoghq.kubernetes.apps.getDeployment"
"com.datadoghq.kubernetes.apps.getReplicaSet"
"com.datadoghq.kubernetes.apps.getStatefulSet"
"com.datadoghq.kubernetes.apps.listControllerRevision"
"com.datadoghq.kubernetes.apps.listDaemonSet"
"com.datadoghq.kubernetes.apps.listDeployment"
"com.datadoghq.kubernetes.apps.listReplicaSet"
"com.datadoghq.kubernetes.apps.listStatefulSet"
"com.datadoghq.kubernetes.apps.patchControllerRevision"
"com.datadoghq.kubernetes.apps.patchDaemonSet"
"com.datadoghq.kubernetes.apps.patchDeployment"
"com.datadoghq.kubernetes.apps.patchReplicaSet"
"com.datadoghq.kubernetes.apps.patchStatefulSet"
"com.datadoghq.kubernetes.apps.restartDeployment"
"com.datadoghq.kubernetes.apps.rollbackDeployment"
"com.datadoghq.kubernetes.apps.scaleDeployment"
"com.datadoghq.kubernetes.apps.scaleDeploymentVertically"
"com.datadoghq.kubernetes.apps.updateControllerRevision"
"com.datadoghq.kubernetes.apps.updateDaemonSet"
"com.datadoghq.kubernetes.apps.updateDeployment"
"com.datadoghq.kubernetes.apps.updateReplicaSet"
"com.datadoghq.kubernetes.apps.updateStatefulSet"
Kubernetes Batch
"com.datadoghq.kubernetes.batch.createCronJob"
"com.datadoghq.kubernetes.batch.createJob"
"com.datadoghq.kubernetes.batch.deleteCronJob"
"com.datadoghq.kubernetes.batch.deleteJob"
"com.datadoghq.kubernetes.batch.deleteMultipleCronJobs"
"com.datadoghq.kubernetes.batch.deleteMultipleJobs"
"com.datadoghq.kubernetes.batch.getCronJob"
"com.datadoghq.kubernetes.batch.getJob"
"com.datadoghq.kubernetes.batch.listCronJob"
"com.datadoghq.kubernetes.batch.listJob"
"com.datadoghq.kubernetes.batch.patchCronJob"
"com.datadoghq.kubernetes.batch.patchJob"
"com.datadoghq.kubernetes.batch.updateCronJob"
"com.datadoghq.kubernetes.batch.updateJob"
Kubernetes Core
"com.datadoghq.kubernetes.core.createConfigMap"
"com.datadoghq.kubernetes.core.createEndpoints"
"com.datadoghq.kubernetes.core.createEvent"
"com.datadoghq.kubernetes.core.createLimitRange"
"com.datadoghq.kubernetes.core.createNamespace"
"com.datadoghq.kubernetes.core.createNode"
"com.datadoghq.kubernetes.core.createPersistentVolume"
"com.datadoghq.kubernetes.core.createPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.createPod"
"com.datadoghq.kubernetes.core.createPodTemplate"
"com.datadoghq.kubernetes.core.createReplicationController"
"com.datadoghq.kubernetes.core.createResourceQuota"
"com.datadoghq.kubernetes.core.createService"
"com.datadoghq.kubernetes.core.createServiceAccount"
"com.datadoghq.kubernetes.core.deleteConfigMap"
"com.datadoghq.kubernetes.core.deleteEndpoints"
"com.datadoghq.kubernetes.core.deleteEvent"
"com.datadoghq.kubernetes.core.deleteLimitRange"
"com.datadoghq.kubernetes.core.deleteMultipleConfigMaps"
"com.datadoghq.kubernetes.core.deleteMultipleEndpoints"
"com.datadoghq.kubernetes.core.deleteMultipleEvents"
"com.datadoghq.kubernetes.core.deleteMultipleLimitRanges"
"com.datadoghq.kubernetes.core.deleteMultipleNodes"
"com.datadoghq.kubernetes.core.deleteMultiplePersistentVolumeClaims"
"com.datadoghq.kubernetes.core.deleteMultiplePersistentVolumes"
"com.datadoghq.kubernetes.core.deleteMultiplePods"
"com.datadoghq.kubernetes.core.deleteMultiplePodTemplates"
"com.datadoghq.kubernetes.core.deleteMultipleReplicationControllers"
"com.datadoghq.kubernetes.core.deleteMultipleResourceQuotas"
"com.datadoghq.kubernetes.core.deleteMultipleServiceAccounts"
"com.datadoghq.kubernetes.core.deleteNamespace"
"com.datadoghq.kubernetes.core.deleteNode"
"com.datadoghq.kubernetes.core.deletePersistentVolume"
"com.datadoghq.kubernetes.core.deletePersistentVolumeClaim"
"com.datadoghq.kubernetes.core.deletePod"
"com.datadoghq.kubernetes.core.deletePodTemplate"
"com.datadoghq.kubernetes.core.deleteReplicationController"
"com.datadoghq.kubernetes.core.deleteResourceQuota"
"com.datadoghq.kubernetes.core.deleteService"
"com.datadoghq.kubernetes.core.deleteServiceAccount"
"com.datadoghq.kubernetes.core.getConfigMap"
"com.datadoghq.kubernetes.core.getEndpoints"
"com.datadoghq.kubernetes.core.getEvent"
"com.datadoghq.kubernetes.core.getLimitRange"
"com.datadoghq.kubernetes.core.getNamespace"
"com.datadoghq.kubernetes.core.getNode"
"com.datadoghq.kubernetes.core.getPersistentVolume"
"com.datadoghq.kubernetes.core.getPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.getPod"
"com.datadoghq.kubernetes.core.getPodTemplate"
"com.datadoghq.kubernetes.core.getReplicationController"
"com.datadoghq.kubernetes.core.getResourceQuota"
"com.datadoghq.kubernetes.core.getService"
"com.datadoghq.kubernetes.core.getServiceAccount"
"com.datadoghq.kubernetes.core.listConfigMap"
"com.datadoghq.kubernetes.core.listEndpoints"
"com.datadoghq.kubernetes.core.listEvent"
"com.datadoghq.kubernetes.core.listLimitRange"
"com.datadoghq.kubernetes.core.listNamespace"
"com.datadoghq.kubernetes.core.listNode"
"com.datadoghq.kubernetes.core.listPersistentVolume"
"com.datadoghq.kubernetes.core.listPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.listPod"
"com.datadoghq.kubernetes.core.listPodTemplate"
"com.datadoghq.kubernetes.core.listReplicationController"
"com.datadoghq.kubernetes.core.listResourceQuota"
"com.datadoghq.kubernetes.core.listService"
"com.datadoghq.kubernetes.core.listServiceAccount"
"com.datadoghq.kubernetes.core.patchConfigMap"
"com.datadoghq.kubernetes.core.patchEndpoints"
"com.datadoghq.kubernetes.core.patchEvent"
"com.datadoghq.kubernetes.core.patchLimitRange"
"com.datadoghq.kubernetes.core.patchNamespace"
"com.datadoghq.kubernetes.core.patchNode"
"com.datadoghq.kubernetes.core.patchPersistentVolume"
"com.datadoghq.kubernetes.core.patchPersistentVolumeClaim"
"com.datadoghq.kubernetes.core.patchPod"
"com.datadoghq.kubernetes.core.patchPodTemplate"
"com.datadoghq.kubernetes.core.patchReplicationController"
"com.datadoghq.kubernetes.core.patchResourceQuota"
"com.datadoghq.kubernetes.core.patchService"
"com.datadoghq.kubernetes.core.patchServiceAccount"
"com.datadoghq.kubernetes.core.updateConfigMap"
"com.datadoghq.kubernetes.core.updateEndpoints"
"com.datadoghq.kubernetes.core.updateEvent"
"com.datadoghq.kubernetes.core.updateLimitRange"
"com.datadoghq.kubernetes.core.updateNamespace"
"com.datadoghq.kubernetes.core.updateNode"
"com.datadoghq.kubernetes.core.updatePersistentVolume"
"com.datadoghq.kubernetes.core.updatePersistentVolumeClaim"
"com.datadoghq.kubernetes.core.updatePod"
"com.datadoghq.kubernetes.core.updatePodTemplate"
"com.datadoghq.kubernetes.core.updateReplicationController"
"com.datadoghq.kubernetes.core.updateResourceQuota"
"com.datadoghq.kubernetes.core.updateService"
"com.datadoghq.kubernetes.core.updateServiceAccount"
Kubernetes Custom Resources
"com.datadoghq.kubernetes.customresources.createCustomObject"
"com.datadoghq.kubernetes.customresources.deleteCustomObject"
"com.datadoghq.kubernetes.customresources.deleteMultipleCustomObjects"
"com.datadoghq.kubernetes.customresources.getCustomObject"
"com.datadoghq.kubernetes.customresources.listCustomObject"
"com.datadoghq.kubernetes.customresources.patchCustomObject"
"com.datadoghq.kubernetes.customresources.updateCustomObject"
GitLab
GitLab Branches
"com.datadoghq.gitlab.branches.createBranch"
"com.datadoghq.gitlab.branches.deleteBranch"
"com.datadoghq.gitlab.branches.deleteMergedBranches"
"com.datadoghq.gitlab.branches.getBranch"
"com.datadoghq.gitlab.branches.listBranches"
GitLab Commits
"com.datadoghq.gitlab.commits.cherryPickCommit"
"com.datadoghq.gitlab.commits.createCommit"
"com.datadoghq.gitlab.commits.getCommit"
"com.datadoghq.gitlab.commits.getCommitComments"
"com.datadoghq.gitlab.commits.getCommitDiff"
"com.datadoghq.gitlab.commits.getCommitRefs"
"com.datadoghq.gitlab.commits.getCommitStatuses"
"com.datadoghq.gitlab.commits.getGPGSignature"
"com.datadoghq.gitlab.commits.listCommits"
"com.datadoghq.gitlab.commits.listMergeRequestsByCommit"
"com.datadoghq.gitlab.commits.revertCommit"
"com.datadoghq.gitlab.commits.setCommitStatus"
GitLab Custom Attributes
"com.datadoghq.gitlab.customattributes.deleteCustomGroupAttribute"
"com.datadoghq.gitlab.customattributes.deleteCustomProjectAttribute"
"com.datadoghq.gitlab.customattributes.deleteCustomUserAttribute"
"com.datadoghq.gitlab.customattributes.getCustomGroupAttribute"
"com.datadoghq.gitlab.customattributes.getCustomProjectAttribute"
"com.datadoghq.gitlab.customattributes.getCustomUserAttribute"
"com.datadoghq.gitlab.customattributes.listCustomGroupAttributes"
"com.datadoghq.gitlab.customattributes.listCustomProjectAttributes"
"com.datadoghq.gitlab.customattributes.listCustomUserAttributes"
"com.datadoghq.gitlab.customattributes.setCustomGroupAttribute"
"com.datadoghq.gitlab.customattributes.setCustomProjectAttribute"
"com.datadoghq.gitlab.customattributes.setCustomUserAttribute"
GitLab Deployments
"com.datadoghq.gitlab.deployments.approveOrRejectProjectDeployment"
"com.datadoghq.gitlab.deployments.createProjectDeployment"
"com.datadoghq.gitlab.deployments.deleteProjectDeployment"
"com.datadoghq.gitlab.deployments.getProjectDeployment"
"com.datadoghq.gitlab.deployments.listProjectDeployments"
"com.datadoghq.gitlab.deployments.updateProjectDeployment"
GitLab Environments
"com.datadoghq.gitlab.environments.listEnvironments"
GitLab GraphQL
"com.datadoghq.gitlab.graphql.graphql"
GitLab Groups
"com.datadoghq.gitlab.groups.createGroup"
"com.datadoghq.gitlab.groups.deleteGroup"
"com.datadoghq.gitlab.groups.getGroup"
"com.datadoghq.gitlab.groups.listGroups"
"com.datadoghq.gitlab.groups.updateGroup"
GitLab Issues
"com.datadoghq.gitlab.issues.addSpentTime"
"com.datadoghq.gitlab.issues.createIssue"
"com.datadoghq.gitlab.issues.createTodo"
"com.datadoghq.gitlab.issues.deleteIssue"
"com.datadoghq.gitlab.issues.getIssue"
"com.datadoghq.gitlab.issues.getParticipants"
"com.datadoghq.gitlab.issues.getTimeSpent"
"com.datadoghq.gitlab.issues.listGroupIssues"
"com.datadoghq.gitlab.issues.listIssues"
"com.datadoghq.gitlab.issues.listMergeRequestsClosingIssue"
"com.datadoghq.gitlab.issues.listMergeRequestsRelatedToIssue"
"com.datadoghq.gitlab.issues.listProjectIssues"
"com.datadoghq.gitlab.issues.moveIssue"
"com.datadoghq.gitlab.issues.reorderIssue"
"com.datadoghq.gitlab.issues.resetSpentTime"
"com.datadoghq.gitlab.issues.resetTimeEstimate"
"com.datadoghq.gitlab.issues.setTimeEstimate"
"com.datadoghq.gitlab.issues.subscribeToIssue"
"com.datadoghq.gitlab.issues.unsubscribeFromIssue"
"com.datadoghq.gitlab.issues.updateIssue"
GitLab Jobs
"com.datadoghq.gitlab.jobs.cancelJob"
"com.datadoghq.gitlab.jobs.deleteArtifacts"
"com.datadoghq.gitlab.jobs.deleteProjectArtifacts"
"com.datadoghq.gitlab.jobs.eraseJob"
"com.datadoghq.gitlab.jobs.getJob"
"com.datadoghq.gitlab.jobs.keepArtifacts"
"com.datadoghq.gitlab.jobs.listPipelineBridges"
"com.datadoghq.gitlab.jobs.listPipelineJobs"
"com.datadoghq.gitlab.jobs.listProjectJobs"
"com.datadoghq.gitlab.jobs.playJob"
"com.datadoghq.gitlab.jobs.retryJob"
GitLab Labels
"com.datadoghq.gitlab.labels.createLabel"
"com.datadoghq.gitlab.labels.deleteLabel"
"com.datadoghq.gitlab.labels.getLabel"
"com.datadoghq.gitlab.labels.listLabels"
"com.datadoghq.gitlab.labels.promoteLabel"
"com.datadoghq.gitlab.labels.subscribeToLabel"
"com.datadoghq.gitlab.labels.unsubscribeFromLabel"
"com.datadoghq.gitlab.labels.updateLabel"
GitLab Members
"com.datadoghq.gitlab.members.listProjectMembers"
GitLab Merge Requests
"com.datadoghq.gitlab.mergerequests.acceptMergeRequest"
"com.datadoghq.gitlab.mergerequests.addSpentTime"
"com.datadoghq.gitlab.mergerequests.approveMergeRequest"
"com.datadoghq.gitlab.mergerequests.cancelMergeWhenPipelineSucceeds"
"com.datadoghq.gitlab.mergerequests.createMergeRequest"
"com.datadoghq.gitlab.mergerequests.createMergeRequestPipeline"
"com.datadoghq.gitlab.mergerequests.deleteMergeRequest"
"com.datadoghq.gitlab.mergerequests.getMergeRequest"
"com.datadoghq.gitlab.mergerequests.getMergeRequestApprovals"
"com.datadoghq.gitlab.mergerequests.getMergeRequestCommits"
"com.datadoghq.gitlab.mergerequests.getMergeRequestDiffVersions"
"com.datadoghq.gitlab.mergerequests.getMergeRequestParticipants"
"com.datadoghq.gitlab.mergerequests.getMergeRequestReviewers"
"com.datadoghq.gitlab.mergerequests.getSingleMergeRequestDiffVersion"
"com.datadoghq.gitlab.mergerequests.getTimeSpent"
"com.datadoghq.gitlab.mergerequests.listGroupMergeRequests"
"com.datadoghq.gitlab.mergerequests.listMergeRequestDiffs"
"com.datadoghq.gitlab.mergerequests.listMergeRequestPipelines"
"com.datadoghq.gitlab.mergerequests.listMergeRequests"
"com.datadoghq.gitlab.mergerequests.listProjectMergeRequests"
"com.datadoghq.gitlab.mergerequests.rebaseMergeRequest"
"com.datadoghq.gitlab.mergerequests.resetSpentTime"
"com.datadoghq.gitlab.mergerequests.resetTimeEstimate"
"com.datadoghq.gitlab.mergerequests.setTimeEstimate"
"com.datadoghq.gitlab.mergerequests.subscribeToMergeRequest"
"com.datadoghq.gitlab.mergerequests.unapproveMergeRequest"
"com.datadoghq.gitlab.mergerequests.unsubscribeFromMergeRequest"
"com.datadoghq.gitlab.mergerequests.updateMergeRequest"
GitLab Notes
"com.datadoghq.gitlab.notes.createMergeRequestNote"
GitLab Pipelines
"com.datadoghq.gitlab.pipelines.cancelPipelineBuild"
"com.datadoghq.gitlab.pipelines.createPipeline"
"com.datadoghq.gitlab.pipelines.deletePipeline"
"com.datadoghq.gitlab.pipelines.getLatestPipeline"
"com.datadoghq.gitlab.pipelines.getPipeline"
"com.datadoghq.gitlab.pipelines.getPipelineTestReport"
"com.datadoghq.gitlab.pipelines.getPipelineVariables"
"com.datadoghq.gitlab.pipelines.listProjectPipelines"
"com.datadoghq.gitlab.pipelines.retryPipelineBuild"
GitLab Projects
"com.datadoghq.gitlab.projects.archiveProject"
"com.datadoghq.gitlab.projects.createProject"
"com.datadoghq.gitlab.projects.createProjectForUser"
"com.datadoghq.gitlab.projects.deleteProject"
"com.datadoghq.gitlab.projects.deleteSharedProjectFromGroup"
"com.datadoghq.gitlab.projects.editProject"
"com.datadoghq.gitlab.projects.getProject"
"com.datadoghq.gitlab.projects.getProjectLanguages"
"com.datadoghq.gitlab.projects.importMembers"
"com.datadoghq.gitlab.projects.listProjectInvitedGroups"
"com.datadoghq.gitlab.projects.listProjects"
"com.datadoghq.gitlab.projects.listProjectsGroups"
"com.datadoghq.gitlab.projects.listProjectsUsers"
"com.datadoghq.gitlab.projects.listShareableGroups"
"com.datadoghq.gitlab.projects.listTransferableGroups"
"com.datadoghq.gitlab.projects.listUserContributedProjects"
"com.datadoghq.gitlab.projects.listUserProjects"
"com.datadoghq.gitlab.projects.restoreProject"
"com.datadoghq.gitlab.projects.shareProjectWithGroup"
"com.datadoghq.gitlab.projects.starProject"
"com.datadoghq.gitlab.projects.startHousekeepingProject"
"com.datadoghq.gitlab.projects.transferProject"
"com.datadoghq.gitlab.projects.unarchiveProject"
"com.datadoghq.gitlab.projects.unstarProject"
GitLab Protected Branches
"com.datadoghq.gitlab.protectedbranches.protectRepositoryBranch"
"com.datadoghq.gitlab.protectedbranches.unprotectRepositoryBranch"
GitLab Repositories
"com.datadoghq.gitlab.repositories.addChangeLog"
"com.datadoghq.gitlab.repositories.compare"
"com.datadoghq.gitlab.repositories.contributors"
"com.datadoghq.gitlab.repositories.generateChangelogData"
"com.datadoghq.gitlab.repositories.getBlob"
"com.datadoghq.gitlab.repositories.getFileArchive"
"com.datadoghq.gitlab.repositories.listTree"
"com.datadoghq.gitlab.repositories.mergeBase"
"com.datadoghq.gitlab.repositories.rawBlobContent"
GitLab Repository Files
"com.datadoghq.gitlab.repositoryfiles.createFile"
"com.datadoghq.gitlab.repositoryfiles.deleteFile"
"com.datadoghq.gitlab.repositoryfiles.getFile"
"com.datadoghq.gitlab.repositoryfiles.getFileBlame"
"com.datadoghq.gitlab.repositoryfiles.getFileMetaData"
"com.datadoghq.gitlab.repositoryfiles.getRawFile"
"com.datadoghq.gitlab.repositoryfiles.updateFile"
GitLab Tags
"com.datadoghq.gitlab.tags.createTag"
"com.datadoghq.gitlab.tags.deleteTag"
"com.datadoghq.gitlab.tags.getTag"
"com.datadoghq.gitlab.tags.listTags"
GitLab Users
"com.datadoghq.gitlab.users.activateUser"
"com.datadoghq.gitlab.users.addEmail"
"com.datadoghq.gitlab.users.addEmailForUser"
"com.datadoghq.gitlab.users.approveUser"
"com.datadoghq.gitlab.users.banUser"
"com.datadoghq.gitlab.users.blockUser"
"com.datadoghq.gitlab.users.createUserRunner"
"com.datadoghq.gitlab.users.currentUser"
"com.datadoghq.gitlab.users.currentUserStatus"
"com.datadoghq.gitlab.users.deactivateUser"
"com.datadoghq.gitlab.users.deleteEmail"
"com.datadoghq.gitlab.users.deleteEmailForUser"
"com.datadoghq.gitlab.users.deleteGPGKey"
"com.datadoghq.gitlab.users.deleteGPGKeyForUser"
"com.datadoghq.gitlab.users.deleteSSHKey"
"com.datadoghq.gitlab.users.deleteSSHKeyForUser"
"com.datadoghq.gitlab.users.disableTwoFactor"
"com.datadoghq.gitlab.users.getAllImpersonationTokens"
"com.datadoghq.gitlab.users.getEmail"
"com.datadoghq.gitlab.users.getGPGKey"
"com.datadoghq.gitlab.users.getGPGKeyForUser"
"com.datadoghq.gitlab.users.getImpersonationToken"
"com.datadoghq.gitlab.users.getSSHKey"
"com.datadoghq.gitlab.users.getSSHKeyForUser"
"com.datadoghq.gitlab.users.getUser"
"com.datadoghq.gitlab.users.getUserAssociationsCount"
"com.datadoghq.gitlab.users.getUserMemberships"
"com.datadoghq.gitlab.users.getUserStatus"
"com.datadoghq.gitlab.users.listEmailsForUser"
"com.datadoghq.gitlab.users.listServiceAccounts"
"com.datadoghq.gitlab.users.listSSHKeys"
"com.datadoghq.gitlab.users.listSSHKeysForUser"
"com.datadoghq.gitlab.users.listUsers"
"com.datadoghq.gitlab.users.modifyUser"
"com.datadoghq.gitlab.users.rejectUser"
"com.datadoghq.gitlab.users.revokeImpersonationToken"
"com.datadoghq.gitlab.users.unbanUser"
"com.datadoghq.gitlab.users.unblockUser"
Note: To configure script actions (runPredefinedScript for Linux or runPredefinedPowershellScript for Windows), see Run a Script with the Private Action Runner.
Debugging
View logs
cat /var/log/datadog/private-action-runner.log
Get-Content C:\ProgramData\Datadog\logs\private-action-runner.log
kubectl logs -l app.kubernetes.io/component=cluster-agent --tail=1000 | grep private
Further reading
