Skip to content

gitlab-runner values.yaml📜

image.registry📜

Type: string

Default value
"registry1.dso.mil"

image.image📜

Type: string

Default value
"ironbank/gitlab/gitlab-runner/gitlab-runner"

image.tag📜

Type: string

Default value
"v17.5.4"

useTini📜

Type: bool

Default value
true

imagePullPolicy📜

Type: string

Default value
"IfNotPresent"

livenessProbe📜

Type: object

Default value
{}

readinessProbe📜

Type: object

Default value
{}

gitlabUrl📜

Type: string

Default value
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"

unregisterRunners📜

Type: bool

Default value
true

terminationGracePeriodSeconds📜

Type: int

Default value
3600

concurrent📜

Type: int

Default value
50

shutdown_timeout📜

Type: int

Default value
0

checkInterval📜

Type: int

Default value
3

sessionServer.enabled📜

Type: bool

Default value
false

sessionServer.serviceType📜

Type: string

Default value
"LoadBalancer"

sessionServer.ingress.enabled📜

Type: bool

Default value
false

sessionServer.ingress.className📜

Type: string

Default value
""

sessionServer.ingress.annotations📜

Type: object

Default value
{}

rbac.create📜

Type: bool

Default value
true

rbac.generatedServiceAccountName📜

Type: string

Default value
""

rbac.rules📜

Type: list

Default value
[]

rbac.clusterWideAccess📜

Type: bool

Default value
false

rbac.podSecurityPolicy.enabled📜

Type: bool

Default value
false

rbac.podSecurityPolicy.resourceNames[0]📜

Type: string

Default value
"gitlab-runner"

rbac.imagePullSecrets📜

Type: list

Default value
[]

serviceAccount.name📜

Type: string

Default value
""

serviceAccount.annotations📜

Type: object

Default value
{}

serviceAccount.imagePullSecrets📜

Type: list

Default value
[]

metrics.enabled📜

Type: bool

Default value
false

metrics.portName📜

Type: string

Default value
"tcp-metrics"

metrics.port📜

Type: int

Default value
9252

metrics.serviceMonitor.enabled📜

Type: bool

Default value
false

service.enabled📜

Type: bool

Default value
true

service.type📜

Type: string

Default value
"ClusterIP"

runners.job.registry📜

Type: string

Default value
"registry1.dso.mil"

runners.job.repository📜

Type: string

Default value
"ironbank/redhat/ubi/ubi9"

runners.job.tag📜

Type: string

Default value
"9.4"

runners.helper.registry📜

Type: string

Default value
"registry1.dso.mil"

runners.helper.repository📜

Type: string

Default value
"ironbank/gitlab/gitlab-runner/gitlab-runner-helper"

runners.helper.tag📜

Type: string

Default value
"v17.3.1"

runners.config📜

Type: string

Default value
"[[runners]]\n  clone_url = \"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181\"\n  cache_dir = \"/tmp/gitlab-runner/cache\"\n  [runners.kubernetes]\n    pull_policy = \"always\"\n    namespace = \"{{.Release.Namespace}}\"\n    image = \"{{ printf \"%s/%s:%s\" .Values.runners.job.registry .Values.runners.job.repository .Values.runners.job.tag }}\"\n    helper_image = \"{{ printf \"%s/%s:%s\" .Values.runners.helper.registry .Values.runners.helper.repository .Values.runners.helper.tag }}\"\n    image_pull_secrets = [\"private-registry\"]\n  [runners.kubernetes.pod_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.helper_container_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.pod_labels]\n    \"job_id\" = \"${CI_JOB_ID}\"\n    \"job_name\" = \"${CI_JOB_NAME}\"\n    \"pipeline_id\" = \"${CI_PIPELINE_ID}\"\n    \"app\" = \"gitlab-runner\"\n"

runners.configPath📜

Type: string

Default value
""

runners.locked📜

Type: bool

Default value
true

runners.secret📜

Type: string

Default value
"gitlab-gitlab-runner-secret"

runners.cache📜

Type: object

Default value
{}

runners.builds📜

Type: object

Default value
{}

runners.services📜

Type: object

Default value
{}

runners.helpers📜

Type: object

Default value
{}

topologySpreadConstraints📜

Type: object

Default value
{}

securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
false

securityContext.runAsNonRoot📜

Type: bool

Default value
true

securityContext.runAsUser📜

Type: int

Default value
1001

securityContext.runAsGroup📜

Type: int

Default value
1001

securityContext.privileged📜

Type: bool

Default value
false

securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

strategy📜

Type: object

Default value
{}

podSecurityContext.runAsUser📜

Type: int

Default value
1001

podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

podSecurityContext.fsGroup📜

Type: int

Default value
65533

containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

capabilities.drop[0]📜

Type: string

Default value
"ALL"

resources.limits.memory📜

Type: string

Default value
"256Mi"

resources.limits.cpu📜

Type: string

Default value
"200m"

resources.requests.memory📜

Type: string

Default value
"256Mi"

resources.requests.cpu📜

Type: string

Default value
"200m"

affinity📜

Type: object

Default value
{}

runtimeClassName📜

Type: string

Default value
""

nodeSelector📜

Type: object

Default value
{}

tolerations📜

Type: list

Default value
[]

extraEnv📜

Type: object

Default value
{}

extraEnvFrom📜

Type: object

Default value
{}

hostAliases📜

Type: list

Default value
[]

deploymentAnnotations📜

Type: object

Default value
{}

deploymentLabels📜

Type: object

Default value
{}

deploymentLifecycle📜

Type: object

Default value
{}

podAnnotations📜

Type: object

Default value
{}

podLabels📜

Type: object

Default value
{}

priorityClassName📜

Type: string

Default value
""

secrets📜

Type: list

Default value
[]

configMaps📜

Type: object

Default value
{}

volumeMounts📜

Type: list

Default value
[]

volumes📜

Type: list

Default value
[]

extraObjects📜

Type: list

Default value
[]

istio.enabled📜

Type: bool

Default value
false

istio.injection📜

Type: string

Default value
"disabled"

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.gitlab.enabled📜

Type: bool

Default value
true

istio.hardened.gitlab.namespaces[0]📜

Type: string

Default value
"gitlab"

istio.hardened.monitoring.enabled📜

Type: bool

Default value
true

istio.hardened.monitoring.namespaces[0]📜

Type: string

Default value
"monitoring"

istio.hardened.monitoring.principals[0]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.monitoring.principals[1]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.monitoring.principals[2]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.monitoring.principals[3]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.monitoring.principals[4]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.monitoring.principals[5]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.mtls📜

Type: object

Default value
mode: STRICT

Description: Default peer authentication

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

monitoring.enabled📜

Type: bool

Default value
false

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.kubeAPIPort📜

Type: string

Default value
""

Description: Kube API Port, defaults to 443 and 6443 within the template but can be set to custom port The port where the Kubernetes API server listens for secure connections.

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

autoRegister.enabled📜

Type: bool

Default value
false

autoRegister.selectorLabels📜

Type: object

Default value
{}

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"

bbtests.cypress.envs.cypress_gitlab_project📜

Type: string

Default value
"runner-hello-world"

bbtests.cypress.secretEnvs[0].name📜

Type: string

Default value
"cypress_adminpassword"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name📜

Type: string

Default value
"gitlab-gitlab-initial-root-password"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key📜

Type: string

Default value
"password"

openshift📜

Type: bool

Default value
false