Trusted Runtime Deployment Guide

⚠️

πŸ“Œ Who Should Read This Guide?

This guide is for enterprise customers who need to deploy Trusted Runtime in their own managed cloud infrastructure.

βœ… You NEED this guide if:

  • Your test targets are behind a corporate firewall or VPN
  • You have compliance requirements (data residency, on-premises)
  • You need custom test environments in your own cloud

❌ You DO NOT need this guide if you're using Testany managed runtime.

β†’ Skip to: Quick Start Guide | Create Your First Test

Not sure? Contact us β†—


Overview

This document describes how to deploy the Testany Trusted Runtime on cloud infrastructure.

Download Deployment Package

Before starting deployment, please download the deployment package:

Download AWS Deployment Package

The deployment script automatically completes the following tasks:

  1. Deploy cloud infrastructure (VPC, Kubernetes cluster, database, cache, object storage)
  2. Configure kubectl to connect to the cluster
  3. Render and deploy Helm Charts
  4. Register with the Testany SaaS platform
  5. Configure Ingress and TLS certificates

Estimated deployment time: 30-45 minutes (excluding DNS configuration wait time)


Prerequisites

Tool Dependencies

Before starting deployment, ensure the following tools are installed and available:

Core Tools (Required)

ToolMinimum VersionDescriptionVerification Command
AWS CLI2.xAWS resource managementaws --version
Terraform1.5+Infrastructure as Codeterraform --version
kubectl1.28+Kubernetes cluster managementkubectl version --client
Helm3.xKubernetes package managerhelm version
jq1.6+JSON data processingjq --version
gomplate3.xTemplate rendering tool (macOS)gomplate --version
gotemplate-Template rendering tool (Linux)gotemplate --version

Deployment Script Dependencies (Required)

ToolMinimum VersionDescriptionVerification Command
grpcurl1.8+gRPC CLI client for Bootstrap registrationgrpcurl --version
openssl1.1+Certificate and key generationopenssl version
kapp0.50+Carvel tool for Kubernetes resource deploymentkapp --version

Cloud Platform Permissions - AWS

Ensure AWS credentials are configured with the following permissions:

  • VPC: Create/manage VPC, subnets, route tables, NAT Gateway, Internet Gateway
  • EKS: Create/manage EKS clusters, node groups
  • RDS: Create/manage RDS instances
  • ElastiCache: Create/manage ElastiCache clusters
  • S3: Create/manage S3 buckets
  • IAM: Create IAM roles and policies required for EKS
  • EC2: Create security groups, manage EC2 resources

Testany Provided Credentials

Before deployment, contact the Testany support team to obtain the following information:

CredentialDescriptionExample
ECR Registry URLContainer image registry address123456789012.dkr.ecr.us-west-2.amazonaws.com/testany
Access Key IDSecrets Manager access keyAKIAXXXXXXXXXXXXXXXXXX
Secret Access KeySecrets Manager secret keyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Secrets RegionSecrets Manager regioncn-north-1 (China) / us-west-2 (Global)
Secrets NameSecret nametestany/customers/YOUR_ACCOUNT_ID/appsecrets
SaaS EndpointSaaS platform addressYOUR_SAAS_ENDPOINT

Configuration

Configure Terraform Variables

Bash
# Enter the Terraform directory
cd aws/terraform

# Copy the example configuration file
cp terraform.tfvars.example terraform.tfvars

# Edit the configuration file
vi terraform.tfvars

Required Configuration Items

HCL
# AWS Region
aws_region = "us-west-2"

# Project name (used for all resource naming)
project_name = "testany"

# === Testany Provided Credentials (Required) ===
ecr_registry              = "123456789012.dkr.ecr.us-west-2.amazonaws.com/testany"
testany_secrets_region    = "us-west-2"
testany_secrets_name      = "testany/customers/YOUR_CUSTOMER_ID/appsecrets"
testany_saas_endpoint     = "tr.testany.com"
⚠️

Sensitive credentials (Access Key ID and Secret Access Key) should be set via environment variables, not written to the configuration file.


Installation

AWS

Step 1: Set AWS Profile (if needed)

Bash
export AWS_PROFILE=your-profile-name

Step 2: Set Testany Credential Environment Variables

Bash
export TF_VAR_testany_access_key_id="AKIAXXXXXXXXXXXXXXXXXX"
export TF_VAR_testany_secret_access_key="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Step 3: Execute Installation Script

Bash
cd scripts
bash install.sh

Installation script execution

The script automatically executes the following steps:

  1. [Automatic] Check prerequisites
  2. [Automatic] Deploy AWS infrastructure (approximately 15-20 minutes)
  3. [Automatic] Configure kubectl
  4. [Automatic] Render Helm templates
  5. [Automatic] Deploy base components
  6. [User Action Required] Bootstrap registration
  7. [Automatic] Deploy application services
  8. [Automatic] Configure Ingress
  9. [Waiting for User] Create TLS certificates

Bootstrap Registration Process

When the script reaches the Bootstrap registration step, it will pause waiting for user confirmation.

Bootstrap waiting for confirmation

ℹ️

The registration code is valid for 5 minutes. Please ensure the Testany global administrator is ready before continuing.

  1. Get Registration Code: After pressing Enter, the command line will display the registration code:

Registration code display

  1. Log in to SaaS Management Platform: Log in to the Testany SaaS management interface using the global administrator account

  2. Enter Registration Code: Find the Runtime registration entry in the SaaS management interface and enter the registration code displayed in the command line

Enter registration code

  1. Set Runtime Name: Set an easily identifiable name for this new Runtime instance

  2. Complete Registration: After the administrator confirms on the SaaS platform, the command line script will automatically continue

πŸ’‘

If the registration code expires, you can run bash install.sh bootstrap again to get a new registration code.

DNS Configuration

The script will pause at the certificate creation step, prompting you to configure DNS.

DNS configuration prompt

  1. Get the Ingress Load Balancer address:

    Bash
    kubectl get ingress -n testany-app
  2. Contact the Testany support team, provide the Load Balancer address, and complete DNS configuration

  3. Verify DNS resolution:

    Bash
    nslookup your-domain.testany.com
  4. After DNS configuration is complete, press Enter to continue the script and create TLS certificates

Certificate creation complete


Installation Verification

After completing the installation, verify the deployment through the following steps.

AWS Secrets Data Preparation

  1. Get the Secrets Manager service endpoint address:

    RegionEndpoint
    AWS GlobalRefer to AWS Documentation β†—
    AWS China (Ningxia)secretsmanager.cn-northwest-1.amazonaws.com.cn
    AWS China (Beijing)secretsmanager.cn-north-1.amazonaws.com.cn
  2. Create a Secret. In the Secrets Manager console, click "Store a new secret":

    Create Secret

  3. Select "Other type of secret", enter 123 in Plaintext (can be any content), and click "Next":

    Fill in Secret value

  4. Enter testany-env-secret-test-YOUR_ACCOUNT_ID in Secret name, and click "Next":

    Fill in Secret Name

  5. Keep the default configuration and click "Next":

    Configure rotation

  6. Confirm the information and click "Store":

    Store Secret

Method 1: UI Operations

Suitable for users who need to understand the configuration process in detail.

1. Create Credential Safe and Credential

ℹ️

This step requires Workspace Admin permissions. Please contact your team's Workspace Admin for assistance.

  1. Access the Workspace Settings page, click "Workspace Settings" in the bottom left corner, click the "Credential" tab in the right panel, select the newly registered Runtime, and click the "Add credential safe" button:

Add Credential Safe

  1. Fill in Credential Safe information:
    • Instance name: Set a name
    • Instance URL: Secrets management access address (based on your cloud deployment, enter Key Vault access address or AWS Secrets Manager access address)

Fill in Credential Safe information

  1. After creation, expand the Credential Safe:

Expand Credential Safe

  1. Click "+" to add a Credential (if you don't see "+" after expanding, refresh the page):

Add Credential

  1. Fill in Credential information:
    • Credential name: Set a name
    • Type: Select the corresponding type
    • Key: The secret name in Secrets management (e.g., testany-env-secret-test)

Fill in Credential information

  1. After saving, record the following information (needed when configuring Cases later):
    • Credential Safe Key (e.g., WKS-CS-0001)
    • Credential Key (e.g., testany-env-secret-test)

Credential saved

2. Create Cases

Case 1: Test Environment Variable Passing

  1. Log in to Testany, select "Test Case Library", and click "Register Test Case":

Register Test Case

  1. Enter Case information:

    • Name: testany-deploy-check-case1
    • Runtime: Select the newly registered Runtime

    Click "Register & Next":

Fill in Case information

  1. On the redirected page, click the "JSON" tab:

Switch to JSON view

  1. Paste the environment variable configuration into the editor and click "Save Changes":
JSON
[
  {"name": "URL", "value": "www.baidu.com", "type": "env"},
  {"name": "RELAY_NEW_URL", "value": "www.bing.com", "type": "env"},
  {"name": "AAA", "value": "-", "type": "output"},
  {"name": "NEW_URL", "value": "-", "type": "output"}
]

Save environment variables

  1. Prepare code file, compress testany-env-check-case1-postman.json to a zip file:

Prepare code file

  1. Click the "Upload" icon to upload code:

Click upload

  1. Select the zip file to complete upload:

Select file

  1. Wait for upload to complete:

Upload complete

  1. Select Executor as postman:

Select Executor

  1. Set Trigger path to testany-env-check-case1-postman.json:

Set Trigger path

Case 2: Test Secrets Retrieval

  1. Register a new Case, click "Register Test Case":

Register Case 2

  1. Enter Case information:
    • Name: testany-deploy-check-case2
    • Runtime: Select the newly registered Runtime

Fill in Case 2 information

  1. On the redirected page, click the "JSON" tab:

Switch to JSON view

  1. Paste the environment variable configuration into the editor:
JSON
[
  {"name": "AAA", "value": "-", "type": "env"},
  {"name": "URL", "value": "-", "type": "env"},
  {"name": "SAFE_KEY", "value": "WKS-CS-0001", "type": "env"},
  {"name": "KEY", "value": "testany-env-secret-test", "type": "env"}
]

Save environment variables

  1. Switch to Form view and modify the "SAFE_KEY" value to the actual Credential Safe Key:

Edit SAFE_KEY

Save SAFE_KEY

  1. Prepare code file, compress testany-env-check-case2-postman.json to a zip file:

Prepare code file

  1. Click the "Upload" icon to upload code:

Upload code

  1. Select the zip file to complete upload:

Select file

  1. Wait for upload to complete:

Upload complete

  1. Select Executor as postman:

Select Executor

  1. Set Trigger path to testany-env-check-case2-postman.json:

Set Trigger path

  1. Configure the credential reference: add a Secret row under the case Environment variables, then select the created Credential Safe and Credential:

Bind Credential

  1. Case 2 creation complete, check details to confirm configuration:

Case 2 details

3. Create Pipeline

  1. Switch to the Workspace page, click "+ Assemble pipeline", and enter Pipeline information:
    • Name: deploy-test-pipeline
    • Description: Test newly deployed Runtime

Create Pipeline

  1. Click the expand button:

Expand Pipeline

  1. Select "YAML View" and configure Pipeline rules:
YAML
kind: rule/v1.3
spec:
  rules:
    - run: 'CASE1_KEY'
    - run: 'CASE2_KEY'
      whenPassed: 'CASE1_KEY'
      relay:
        - key: AAA
          refKey: CASE1_KEY/AAA
          nonSecret: true
        - key: URL
          refKey: CASE1_KEY/NEW_URL
          nonSecret: true
πŸ“

Replace CASE1_KEY and CASE2_KEY with the actual Case Keys (8-character strings).

πŸ“

For this newly created pipeline, rule/v1.3 is the recommended version. rule/v1.2 is retained only for backward compatibility.

Configure Pipeline YAML

  1. Refresh the Pipeline page and click the "Trigger" button to execute the Pipeline:

Trigger Pipeline

4. View Execution Results

  1. View Pipeline execution status:

Execution status

Execution complete

  1. Click the "View log" button for Case 2 to view execution logs:

View logs

  1. Verify Case 1 information is passed to Case 2:
    • AAA value should display 200 (HTTP status code)

Verify AAA value

  • URL value should be http://www.bing.com

Verify URL value

  1. Verify Secrets are retrieved correctly:
    • Returned secret length should be 3 (length of value 123)

Verify Secret length

Method 2: Script Operations

Suitable for users who want to quickly verify deployment.

ℹ️

This script requires Testany Workspace Admin permissions.

1. Locate Script Directory

The verification script is included in the deployment package, located in the deploy-checker directory:

deploy-checker
β”œβ”€β”€ linux
β”‚   β”œβ”€β”€ env.txt
β”‚   └── register.sh
β”œβ”€β”€ windows
β”‚   β”œβ”€β”€ env.txt
β”‚   └── register.ps1
β”œβ”€β”€ requirements.txt
β”œβ”€β”€ testany-env-check-case1-postman.json.zip
β”œβ”€β”€ testany-env-check-case2-postman.json.zip
└── tr_deploy_check.py

2. Configure Environment Variables

Linux/macOS:

Bash
export BASE_URL=YOUR_SAAS_URL
export RUNTIME_UUID=YOUR_RUNTIME_UUID
export WORKSPACE_KEY=AAA
export ACCESS_TOKEN=XXXXXXXXXXX
export KEY_VAULT_URL=https://xxx.vault.azure.cn

Windows (PowerShell):

PowerShell
$env:BASE_URL="YOUR_SAAS_URL"
$env:RUNTIME_UUID="YOUR_RUNTIME_UUID"
$env:WORKSPACE_KEY="AAA"
$env:ACCESS_TOKEN="XXXXXXXXXXX"
$env:KEY_VAULT_URL="https://xxx.vault.azure.cn"

3. Execute Script

Linux/macOS:

Bash
cd linux
bash register.sh

Windows:

PowerShell
cd windows
.\register.ps1

After execution, the console will output:

********************************************************************************
All Related information:
Credential Safe Key: XXX-CS-XXXX
Credential Key: testany-env-secret-test
Case 1 Key: XXXXXXXX
Case 2 Key: XXXXXXXX
Pipeline Key: XXX-XXXXX
********************************************************************************

4. Trigger Pipeline Verification

  1. Find the newly created Pipeline in the Testany interface (naming convention: runtime-<runtime-name>-deploy-check) and click the "Trigger" button:

Trigger Pipeline

  1. View execution status:

Execution status

  1. Wait for execution to complete:

Execution complete

  1. Click the "View log" button for Case 2 to view execution logs:

View logs

  1. Verify AAA value is 200:

Verify AAA

  1. Verify URL value is http://www.bing.com:

Verify URL

  1. Verify Secret length is 3:

Verify Secret


Contact Support

If you encounter issues that cannot be resolved, please contact the Testany support team:

Still have questions?

Our team is here to help. Get in touch and we'll get back to you as soon as possible.