gitlab-runner values.yaml
📜
image.registry📜
Type: string
"registry1.dso.mil"
image.image📜
Type: string
"ironbank/gitlab/gitlab-runner/gitlab-runner"
image.tag📜
Type: string
"v17.5.4"
useTini📜
Type: bool
true
imagePullPolicy📜
Type: string
"IfNotPresent"
livenessProbe📜
Type: object
{}
readinessProbe📜
Type: object
{}
gitlabUrl📜
Type: string
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"
unregisterRunners📜
Type: bool
true
terminationGracePeriodSeconds📜
Type: int
3600
concurrent📜
Type: int
50
shutdown_timeout📜
Type: int
0
checkInterval📜
Type: int
3
sessionServer.enabled📜
Type: bool
false
sessionServer.serviceType📜
Type: string
"LoadBalancer"
sessionServer.ingress.enabled📜
Type: bool
false
sessionServer.ingress.className📜
Type: string
""
sessionServer.ingress.annotations📜
Type: object
{}
rbac.create📜
Type: bool
true
rbac.generatedServiceAccountName📜
Type: string
""
rbac.rules📜
Type: list
[]
rbac.clusterWideAccess📜
Type: bool
false
rbac.podSecurityPolicy.enabled📜
Type: bool
false
rbac.podSecurityPolicy.resourceNames[0]📜
Type: string
"gitlab-runner"
rbac.imagePullSecrets📜
Type: list
[]
serviceAccount.name📜
Type: string
""
serviceAccount.annotations📜
Type: object
{}
serviceAccount.imagePullSecrets📜
Type: list
[]
metrics.enabled📜
Type: bool
false
metrics.portName📜
Type: string
"tcp-metrics"
metrics.port📜
Type: int
9252
metrics.serviceMonitor.enabled📜
Type: bool
false
service.enabled📜
Type: bool
true
service.type📜
Type: string
"ClusterIP"
runners.job.registry📜
Type: string
"registry1.dso.mil"
runners.job.repository📜
Type: string
"ironbank/redhat/ubi/ubi9"
runners.job.tag📜
Type: string
"9.4"
runners.helper.registry📜
Type: string
"registry1.dso.mil"
runners.helper.repository📜
Type: string
"ironbank/gitlab/gitlab-runner/gitlab-runner-helper"
runners.helper.tag📜
Type: string
"v17.3.1"
runners.config📜
Type: string
"[[runners]]\n clone_url = \"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181\"\n cache_dir = \"/tmp/gitlab-runner/cache\"\n [runners.kubernetes]\n pull_policy = \"always\"\n namespace = \"{{.Release.Namespace}}\"\n image = \"{{ printf \"%s/%s:%s\" .Values.runners.job.registry .Values.runners.job.repository .Values.runners.job.tag }}\"\n helper_image = \"{{ printf \"%s/%s:%s\" .Values.runners.helper.registry .Values.runners.helper.repository .Values.runners.helper.tag }}\"\n image_pull_secrets = [\"private-registry\"]\n [runners.kubernetes.pod_security_context]\n run_as_non_root = true\n run_as_user = 1001\n [runners.kubernetes.helper_container_security_context]\n run_as_non_root = true\n run_as_user = 1001\n [runners.kubernetes.pod_labels]\n \"job_id\" = \"${CI_JOB_ID}\"\n \"job_name\" = \"${CI_JOB_NAME}\"\n \"pipeline_id\" = \"${CI_PIPELINE_ID}\"\n \"app\" = \"gitlab-runner\"\n"
runners.configPath📜
Type: string
""
runners.locked📜
Type: bool
true
runners.secret📜
Type: string
"gitlab-gitlab-runner-secret"
runners.cache📜
Type: object
{}
runners.builds📜
Type: object
{}
runners.services📜
Type: object
{}
runners.helpers📜
Type: object
{}
topologySpreadConstraints📜
Type: object
{}
securityContext.allowPrivilegeEscalation📜
Type: bool
false
securityContext.readOnlyRootFilesystem📜
Type: bool
false
securityContext.runAsNonRoot📜
Type: bool
true
securityContext.runAsUser📜
Type: int
1001
securityContext.runAsGroup📜
Type: int
1001
securityContext.privileged📜
Type: bool
false
securityContext.capabilities.drop[0]📜
Type: string
"ALL"
strategy📜
Type: object
{}
podSecurityContext.runAsUser📜
Type: int
1001
podSecurityContext.runAsNonRoot📜
Type: bool
true
podSecurityContext.fsGroup📜
Type: int
65533
containerSecurityContext.runAsNonRoot📜
Type: bool
true
capabilities.drop[0]📜
Type: string
"ALL"
resources.limits.memory📜
Type: string
"256Mi"
resources.limits.cpu📜
Type: string
"200m"
resources.requests.memory📜
Type: string
"256Mi"
resources.requests.cpu📜
Type: string
"200m"
affinity📜
Type: object
{}
runtimeClassName📜
Type: string
""
nodeSelector📜
Type: object
{}
tolerations📜
Type: list
[]
extraEnv📜
Type: object
{}
extraEnvFrom📜
Type: object
{}
hostAliases📜
Type: list
[]
deploymentAnnotations📜
Type: object
{}
deploymentLabels📜
Type: object
{}
deploymentLifecycle📜
Type: object
{}
podAnnotations📜
Type: object
{}
podLabels📜
Type: object
{}
priorityClassName📜
Type: string
""
secrets📜
Type: list
[]
configMaps📜
Type: object
{}
volumeMounts📜
Type: list
[]
volumes📜
Type: list
[]
extraObjects📜
Type: list
[]
istio.enabled📜
Type: bool
false
istio.injection📜
Type: string
"disabled"
istio.hardened.enabled📜
Type: bool
false
istio.hardened.outboundTrafficPolicyMode📜
Type: string
"REGISTRY_ONLY"
istio.hardened.customServiceEntries📜
Type: list
[]
istio.hardened.customAuthorizationPolicies📜
Type: list
[]
istio.hardened.gitlab.enabled📜
Type: bool
true
istio.hardened.gitlab.namespaces[0]📜
Type: string
"gitlab"
istio.hardened.monitoring.enabled📜
Type: bool
true
istio.hardened.monitoring.namespaces[0]📜
Type: string
"monitoring"
istio.hardened.monitoring.principals[0]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.monitoring.principals[1]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.monitoring.principals[2]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.monitoring.principals[3]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.monitoring.principals[4]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.monitoring.principals[5]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.mtls📜
Type: object
mode: STRICT
Description: Default peer authentication
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
monitoring.enabled📜
Type: bool
false
networkPolicies.enabled📜
Type: bool
false
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
networkPolicies.kubeAPIPort📜
Type: string
""
Description: Kube API Port, defaults to 443 and 6443 within the template but can be set to custom port The port where the Kubernetes API server listens for secure connections.
networkPolicies.additionalPolicies📜
Type: list
[]
autoRegister.enabled📜
Type: bool
false
autoRegister.selectorLabels📜
Type: object
{}
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"
bbtests.cypress.envs.cypress_gitlab_project📜
Type: string
"runner-hello-world"
bbtests.cypress.secretEnvs[0].name📜
Type: string
"cypress_adminpassword"
bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name📜
Type: string
"gitlab-gitlab-initial-root-password"
bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key📜
Type: string
"password"
openshift📜
Type: bool
false