Runners & Execution Targets
A Runner is a lightweight process you deploy on your infrastructure. It polls the Web Portal for workflow tasks and executes them locally — no inbound ports needed.
Architecture
Web Portal (cloud) Your Infrastructure
│ │
│ ← poll for tasks │
│ ┌────┴─────┐
│ → dispatch task → │ Runner │ → SSH target
│ └────┬─────┘ → K8s cluster
│ ← report result ← │ → REST API
│ │ → SAP systemThe runner makes outbound HTTPS connections only. No firewall changes needed beyond allowing studio.atlastechlab.com:443 outbound.
Deploying a Runner
Generate a registration token
Web Portal → Runners → Deploy New Runner → copy the token (expires in 1 hour).
Deploy on your target infrastructure
Docker
docker run -d \
--name atlas-studio-runner \
--restart unless-stopped \
-e ATLAS_RUNNER_TOKEN=your-registration-token \
-e ATLAS_PORTAL_URL=https://studio.atlastechlab.com \
-e ATLAS_RUNNER_NAME=prod-runner-1 \
-e ATLAS_RUNNER_TAGS=production,us-east-1 \
-v /var/run/docker.sock:/var/run/docker.sock \
atlastechlab/studio-runner:latestVerify runner is online
Web Portal → Runners — the new runner appears with status Online within 30 seconds.
Execution Targets
The runner can execute workflow nodes on various targets:
| Target Type | Protocol | Use Case |
|---|---|---|
| SSH | SSH | Run scripts on Linux/Unix servers |
| WinRM | WinRM/HTTPS | Run scripts on Windows servers |
| Kubernetes | kubectl / K8s API | Pod exec, kubectl commands |
| AWS | AWS SDK | S3, EC2, Lambda, CloudFormation |
| Azure | Azure SDK | AKS, Blob, Functions |
| GCP | GCP SDK | GKE, Cloud Storage, Cloud Functions |
| REST API | HTTPS | Any REST endpoint |
| Terraform | CLI | Infrastructure as code |
| Ansible | CLI | Configuration management |
| Database | JDBC/native | SQL queries on MySQL/PostgreSQL/Oracle |
SSH Target Configuration
node: ssh-exec
target:
host: prod-server.internal.company.com
port: 22
credential: vault:prod-server-ssh-key
script: |
echo "Server: $(hostname)"
systemctl status payment-service
journalctl -u payment-service -n 100
timeout: 5mKubernetes Target
node: kubectl-exec
target:
context: prod-eks
namespace: payments
command: |
kubectl rollout restart deployment/payment-service
kubectl rollout status deployment/payment-service
timeout: 10mRunner Tags and Routing
Tag runners to route specific workflows to specific infrastructure:
Tagging a runner:
Web Portal → Runners → select runner → Tags → production, payments-team, us-east-1
Targeting in workflow:
Web Portal → Workflow → Scheduling → Runner → Tags: production, payments-team
The workflow runs on any runner that has all the specified tags.
Runner Security
- Runners communicate outbound only — no inbound ports
- All communication is TLS 1.3 encrypted
- Runner tokens are short-lived (renewable automatically)
- Runners run with minimum required permissions
- Credentials are never stored on the runner — fetched from Vault per execution
Monitoring Runners
Web Portal → Runners shows:
- Status: Online / Offline / Degraded
- Last heartbeat: time of last check-in
- Current load: number of tasks running
- Version: runner software version
- Uptime: since last restart
Set up alerts for runner going offline: Web Portal → Runners → select runner → Alerts → “Notify on offline”.