gitlab-runner `values.yaml`📜

image.registry📜

Type: string

Default value

"registry1.dso.mil"

image.image📜

Type: string

Default value

"ironbank/gitlab/gitlab-runner/gitlab-runner"

image.tag📜

Type: string

Default value

"v18.0.2"

useTini📜

Type: bool

Default value

true

imagePullPolicy📜

Type: string

Default value

"IfNotPresent"

livenessProbe📜

Type: object

Default value

{}

readinessProbe📜

Type: object

Default value

{}

gitlabUrl📜

Type: string

Default value

"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"

unregisterRunners📜

Type: bool

Default value

true

terminationGracePeriodSeconds📜

Type: int

Default value

concurrent📜

Type: int

Default value

shutdown_timeout📜

Type: int

Default value

checkInterval📜

Type: int

Default value

sessionServer.enabled📜

Type: bool

Default value

false

sessionServer.serviceType📜

Type: string

Default value

"LoadBalancer"

sessionServer.ingress.enabled📜

Type: bool

Default value

false

sessionServer.ingress.className📜

Type: string

Default value

""

sessionServer.ingress.annotations📜

Type: object

Default value

{}

sessionServer.ingress.tls[0].secretName📜

Type: string

Default value

"gitlab-runner-session-server"

rbac.create📜

Type: bool

Default value

true

rbac.generatedServiceAccountName📜

Type: string

Default value

""

rbac.rules📜

Type: list

Default value

[]

rbac.clusterWideAccess📜

Type: bool

Default value

false

rbac.podSecurityPolicy.enabled📜

Type: bool

Default value

false

rbac.podSecurityPolicy.resourceNames[0]📜

Type: string

Default value

"gitlab-runner"

rbac.imagePullSecrets📜

Type: list

Default value

[]

serviceAccount.name📜

Type: string

Default value

""

serviceAccount.annotations📜

Type: object

Default value

{}

serviceAccount.imagePullSecrets📜

Type: list

Default value

[]

metrics.enabled📜

Type: bool

Default value

false

metrics.portName📜

Type: string

Default value

"tcp-metrics"

metrics.port📜

Type: int

Default value

metrics.serviceMonitor.enabled📜

Type: bool

Default value

false

metrics.serviceMonitor.namespace📜

Type: string

Default value

""

service.enabled📜

Type: bool

Default value

true

service.type📜

Type: string

Default value

"ClusterIP"

runners.job.registry📜

Type: string

Default value

"registry1.dso.mil"

runners.job.repository📜

Type: string

Default value

"ironbank/redhat/ubi/ubi9"

runners.job.tag📜

Type: string

Default value

"9.5"

runners.helper.registry📜

Type: string

Default value

"registry1.dso.mil"

runners.helper.repository📜

Type: string

Default value

"ironbank/gitlab/gitlab-runner/gitlab-runner-helper"

runners.helper.tag📜

Type: string

Default value

"v18.0.2"

runners.config📜

Type: string

Default value

"[[runners]]\n  clone_url = \"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181\"\n  cache_dir = \"/tmp/gitlab-runner/cache\"\n  [runners.kubernetes]\n    pull_policy = \"always\"\n    namespace = \"{{.Release.Namespace}}\"\n    image = \"{{ printf \"%s/%s:%s\" .Values.runners.job.registry .Values.runners.job.repository .Values.runners.job.tag }}\"\n    helper_image = \"{{ printf \"%s/%s:%s\" .Values.runners.helper.registry .Values.runners.helper.repository .Values.runners.helper.tag }}\"\n    image_pull_secrets = [\"private-registry\"]\n  [runners.kubernetes.pod_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.helper_container_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.pod_labels]\n    \"job_id\" = \"${CI_JOB_ID}\"\n    \"job_name\" = \"${CI_JOB_NAME}\"\n    \"pipeline_id\" = \"${CI_PIPELINE_ID}\"\n    \"app\" = \"gitlab-runner\"\n"

runners.configPath📜

Type: string

Default value

""

runners.secret📜

Type: string

Default value

"gitlab-gitlab-runner-secret"

runners.cache📜

Type: object

Default value

{}

runners.builds📜

Type: object

Default value

{}

runners.services📜

Type: object

Default value

{}

runners.helpers📜

Type: object

Default value

{}

topologySpreadConstraints📜

Type: object

Default value

{}

securityContext.allowPrivilegeEscalation📜

Type: bool

Default value

false

securityContext.readOnlyRootFilesystem📜

Type: bool

Default value

false

securityContext.runAsNonRoot📜

Type: bool

Default value

true

securityContext.runAsUser📜

Type: int

Default value

securityContext.runAsGroup📜

Type: int

Default value

securityContext.privileged📜

Type: bool

Default value

false

securityContext.capabilities.drop[0]📜

Type: string

Default value

"ALL"

strategy📜

Type: object

Default value

{}

podSecurityContext.runAsUser📜

Type: int

Default value

podSecurityContext.runAsNonRoot📜

Type: bool

Default value

true

podSecurityContext.fsGroup📜

Type: int

Default value

containerSecurityContext.runAsNonRoot📜

Type: bool

Default value

true

capabilities.drop[0]📜

Type: string

Default value

"ALL"

resources.limits.memory📜

Type: string

Default value

"256Mi"

resources.limits.cpu📜

Type: string

Default value

"200m"

resources.requests.memory📜

Type: string

Default value

"256Mi"

resources.requests.cpu📜

Type: string

Default value

"200m"

affinity📜

Type: object

Default value

{}

runtimeClassName📜

Type: string

Default value

""

nodeSelector📜

Type: object

Default value

{}

tolerations📜

Type: list

Default value

[]

extraEnv📜

Type: object

Default value

{}

extraEnvFrom📜

Type: object

Default value

{}

hostAliases📜

Type: list

Default value

[]

deploymentAnnotations📜

Type: object

Default value

{}

deploymentLabels📜

Type: object

Default value

{}

deploymentLifecycle📜

Type: object

Default value

{}

podAnnotations📜

Type: object

Default value

{}

podLabels📜

Type: object

Default value

{}

priorityClassName📜

Type: string

Default value

""

secrets📜

Type: list

Default value

[]

configMaps📜

Type: object

Default value

{}

volumeMounts📜

Type: list

Default value

[]

volumes📜

Type: list

Default value

[]

extraObjects📜

Type: list

Default value

[]

istio.enabled📜

Type: bool

Default value

false

istio.injection📜

Type: string

Default value

"disabled"

istio.hardened.enabled📜

Type: bool

Default value

false

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value

"REGISTRY_ONLY"

istio.hardened.customServiceEntries📜

Type: list

Default value

[]

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value

[]

istio.hardened.gitlab.enabled📜

Type: bool

Default value

true

istio.hardened.gitlab.namespaces[0]📜

Type: string

Default value

"gitlab"

istio.hardened.monitoring.enabled📜

Type: bool

Default value

true

istio.hardened.monitoring.namespaces[0]📜

Type: string

Default value

"monitoring"

istio.hardened.monitoring.principals[0]📜

Type: string

Default value

"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.monitoring.principals[1]📜

Type: string

Default value

"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.monitoring.principals[2]📜

Type: string

Default value

"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.monitoring.principals[3]📜

Type: string

Default value

"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.monitoring.principals[4]📜

Type: string

Default value

"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.monitoring.principals[5]📜

Type: string

Default value

"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.mtls📜

Type: object

Default value

mode: STRICT

Description: Default peer authentication

istio.mtls.mode📜

Type: string

Default value

"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

monitoring.enabled📜

Type: bool

Default value

false

networkPolicies.enabled📜

Type: bool

Default value

false

networkPolicies.controlPlaneCidr📜

Type: string

Default value

"0.0.0.0/0"

networkPolicies.kubeAPIPort📜

Type: string

Default value

""

Description: Kube API Port, defaults to 443 and 6443 within the template but can be set to custom port The port where the Kubernetes API server listens for secure connections.

networkPolicies.additionalPolicies📜

Type: list

Default value

[]

autoRegister.enabled📜

Type: bool

Default value

false

autoRegister.selectorLabels📜

Type: object

Default value

{}

bbtests.enabled📜

Type: bool

Default value

false

bbtests.cypress.artifacts📜

Type: bool

Default value

true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value

"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"

bbtests.cypress.envs.cypress_gitlab_project📜

Type: string

Default value

"runner-hello-world"

bbtests.cypress.secretEnvs[0].name📜

Type: string

Default value

"cypress_adminpassword"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name📜

Type: string

Default value

"gitlab-gitlab-initial-root-password"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key📜

Type: string

Default value

"password"

openshift📜

Type: bool

Default value

false

extraContainers📜

Type: list

Default value

[]

gitlab-runner values.yaml📜

image.registry📜

image.image📜

image.tag📜

useTini📜

imagePullPolicy📜

livenessProbe📜

readinessProbe📜

gitlabUrl📜

unregisterRunners📜

terminationGracePeriodSeconds📜

concurrent📜

shutdown_timeout📜

checkInterval📜

sessionServer.enabled📜

sessionServer.serviceType📜

sessionServer.ingress.enabled📜

sessionServer.ingress.className📜

sessionServer.ingress.annotations📜

sessionServer.ingress.tls[0].secretName📜

rbac.create📜

rbac.generatedServiceAccountName📜

rbac.rules📜

rbac.clusterWideAccess📜

rbac.podSecurityPolicy.enabled📜

rbac.podSecurityPolicy.resourceNames[0]📜

rbac.imagePullSecrets📜

serviceAccount.name📜

serviceAccount.annotations📜

serviceAccount.imagePullSecrets📜

metrics.enabled📜

metrics.portName📜

metrics.port📜

metrics.serviceMonitor.enabled📜

metrics.serviceMonitor.namespace📜

service.enabled📜

service.type📜

runners.job.registry📜

runners.job.repository📜

runners.job.tag📜

runners.helper.registry📜

runners.helper.repository📜

runners.helper.tag📜

runners.config📜

runners.configPath📜

runners.secret📜

runners.cache📜

runners.builds📜

runners.services📜

runners.helpers📜

topologySpreadConstraints📜

securityContext.allowPrivilegeEscalation📜

securityContext.readOnlyRootFilesystem📜

securityContext.runAsNonRoot📜

securityContext.runAsUser📜

securityContext.runAsGroup📜

securityContext.privileged📜

securityContext.capabilities.drop[0]📜

strategy📜

podSecurityContext.runAsUser📜

podSecurityContext.runAsNonRoot📜

podSecurityContext.fsGroup📜

containerSecurityContext.runAsNonRoot📜

capabilities.drop[0]📜

resources.limits.memory📜

resources.limits.cpu📜

resources.requests.memory📜

resources.requests.cpu📜

affinity📜

runtimeClassName📜

nodeSelector📜

tolerations📜

extraEnv📜

extraEnvFrom📜

hostAliases📜

deploymentAnnotations📜

deploymentLabels📜

deploymentLifecycle📜

podAnnotations📜

podLabels📜

gitlab-runner `values.yaml`📜