In the roadmap documentation, it states
Remote runners will enable more advanced workflows and improve security since access credentials can be encapsulated onto remote machines
Would the intention be that specific action can select different runners, say in a specific cloud environment, that are tied into the main waypoint server for their execution? Is the communication between a runner and a server bi-directional or only one way? I’d like to think about some use cases here, but the initial documentation here is a little sparse.
Yep! But even in simpler scenarios I can imagine just putting all your credentials onto one remote runner so no clients need to have any credentials.
Bidirectional, you can already view the runner APIs in our proto file at the link below. All the APIs a runner uses are prefixed with “Runner”: https://github.com/hashicorp/waypoint/blob/main/internal/server/proto/server.proto
Note we have runners working already, we actually automatically spin up a runner in the CLI just-in-time. All Waypoint operations today already use this protocol. We just haven’t tied together all the features and requirements to make them remote yet.