Skip to content

gitlab-runner values.yaml📜

upstream.fullnameOverride📜

Type: string

Default value
"gitlab-runner"

upstream.image.registry📜

Type: string

Default value
"registry1.dso.mil"

upstream.image.image📜

Type: string

Default value
"ironbank/gitlab/gitlab-runner/gitlab-runner"

upstream.image.tag📜

Type: string

Default value
"v18.0.2"

upstream.useTini📜

Type: bool

Default value
true

upstream.imagePullPolicy📜

Type: string

Default value
"IfNotPresent"

upstream.livenessProbe📜

Type: object

Default value
{}

upstream.readinessProbe📜

Type: object

Default value
{}

upstream.gitlabUrl📜

Type: string

Default value
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"

upstream.unregisterRunners📜

Type: bool

Default value
true

upstream.terminationGracePeriodSeconds📜

Type: int

Default value
3600

upstream.concurrent📜

Type: int

Default value
50

upstream.shutdown_timeout📜

Type: int

Default value
0

upstream.checkInterval📜

Type: int

Default value
3

upstream.sessionServer.enabled📜

Type: bool

Default value
false

upstream.sessionServer.serviceType📜

Type: string

Default value
"LoadBalancer"

upstream.sessionServer.ingress.enabled📜

Type: bool

Default value
false

upstream.sessionServer.ingress.className📜

Type: string

Default value
""

upstream.sessionServer.ingress.annotations📜

Type: object

Default value
{}

upstream.sessionServer.ingress.tls[0].secretName📜

Type: string

Default value
"gitlab-runner-session-server"

upstream.rbac.create📜

Type: bool

Default value
true

upstream.rbac.generatedServiceAccountName📜

Type: string

Default value
""

upstream.rbac.rules📜

Type: list

Default value
[]

upstream.rbac.clusterWideAccess📜

Type: bool

Default value
false

upstream.rbac.podSecurityPolicy.enabled📜

Type: bool

Default value
false

upstream.rbac.podSecurityPolicy.resourceNames[0]📜

Type: string

Default value
"gitlab-runner"

upstream.rbac.imagePullSecrets📜

Type: list

Default value
[]

upstream.serviceAccount.name📜

Type: string

Default value
""

upstream.serviceAccount.annotations📜

Type: object

Default value
{}

upstream.serviceAccount.imagePullSecrets📜

Type: list

Default value
[]

upstream.metrics.enabled📜

Type: bool

Default value
false

upstream.metrics.portName📜

Type: string

Default value
"tcp-metrics"

upstream.metrics.port📜

Type: int

Default value
9252

upstream.metrics.serviceMonitor.enabled📜

Type: bool

Default value
false

upstream.metrics.serviceMonitor.namespace📜

Type: string

Default value
""

upstream.service.enabled📜

Type: bool

Default value
true

upstream.service.type📜

Type: string

Default value
"ClusterIP"

upstream.runners.job.registry📜

Type: string

Default value
"registry1.dso.mil"

upstream.runners.job.repository📜

Type: string

Default value
"ironbank/redhat/ubi/ubi9"

upstream.runners.job.tag📜

Type: string

Default value
"9.6"

upstream.runners.helper.registry📜

Type: string

Default value
"registry1.dso.mil"

upstream.runners.helper.repository📜

Type: string

Default value
"ironbank/gitlab/gitlab-runner/gitlab-runner-helper"

upstream.runners.helper.tag📜

Type: string

Default value
"v18.0.2"

upstream.runners.config📜

Type: string

Default value
"[[runners]]\n  clone_url = \"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181\"\n  cache_dir = \"/tmp/gitlab-runner/cache\"\n  [runners.kubernetes]\n    pull_policy = \"always\"\n    namespace = \"{{.Release.Namespace}}\"\n    image = \"{{ printf \"%s/%s:%s\" .Values.runners.job.registry .Values.runners.job.repository .Values.runners.job.tag }}\"\n    helper_image = \"{{ printf \"%s/%s:%s\" .Values.runners.helper.registry .Values.runners.helper.repository .Values.runners.helper.tag }}\"\n    image_pull_secrets = [\"private-registry\"]\n  [runners.kubernetes.pod_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.helper_container_security_context]\n    run_as_non_root = true\n    run_as_user = 1001\n  [runners.kubernetes.pod_labels]\n    \"job_id\" = \"${CI_JOB_ID}\"\n    \"job_name\" = \"${CI_JOB_NAME}\"\n    \"pipeline_id\" = \"${CI_PIPELINE_ID}\"\n    \"app\" = \"gitlab-runner\"\n"

upstream.runners.configPath📜

Type: string

Default value
""

upstream.runners.secret📜

Type: string

Default value
"gitlab-gitlab-runner-secret"

upstream.runners.cache📜

Type: object

Default value
{}

upstream.runners.builds📜

Type: object

Default value
{}

upstream.runners.services📜

Type: object

Default value
{}

upstream.runners.helpers📜

Type: object

Default value
{}

upstream.topologySpreadConstraints📜

Type: object

Default value
{}

upstream.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

upstream.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
false

upstream.securityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.securityContext.runAsUser📜

Type: int

Default value
1001

upstream.securityContext.runAsGroup📜

Type: int

Default value
1001

upstream.securityContext.privileged📜

Type: bool

Default value
false

upstream.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.strategy📜

Type: object

Default value
{}

upstream.podSecurityContext.runAsUser📜

Type: int

Default value
1001

upstream.podSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.podSecurityContext.fsGroup📜

Type: int

Default value
65533

upstream.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

upstream.capabilities.drop[0]📜

Type: string

Default value
"ALL"

upstream.resources.limits.memory📜

Type: string

Default value
"256Mi"

upstream.resources.limits.cpu📜

Type: string

Default value
"200m"

upstream.resources.requests.memory📜

Type: string

Default value
"256Mi"

upstream.resources.requests.cpu📜

Type: string

Default value
"200m"

upstream.affinity📜

Type: object

Default value
{}

upstream.runtimeClassName📜

Type: string

Default value
""

upstream.nodeSelector📜

Type: object

Default value
{}

upstream.tolerations📜

Type: list

Default value
[]

upstream.extraEnv📜

Type: object

Default value
{}

upstream.extraEnvFrom📜

Type: object

Default value
{}

upstream.hostAliases📜

Type: list

Default value
[]

upstream.deploymentAnnotations📜

Type: object

Default value
{}

upstream.deploymentLabels📜

Type: object

Default value
{}

upstream.deploymentLifecycle📜

Type: object

Default value
{}

upstream.podAnnotations📜

Type: object

Default value
{}

upstream.podLabels📜

Type: object

Default value
{}

upstream.priorityClassName📜

Type: string

Default value
""

upstream.secrets📜

Type: list

Default value
[]

upstream.configMaps📜

Type: object

Default value
{}

upstream.volumeMounts📜

Type: list

Default value
[]

upstream.volumes📜

Type: list

Default value
[]

upstream.extraObjects📜

Type: list

Default value
[]

istio.enabled📜

Type: bool

Default value
false

istio.injection📜

Type: string

Default value
"disabled"

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.hardened.customServiceEntries📜

Type: list

Default value
[]

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.gitlab.enabled📜

Type: bool

Default value
true

istio.hardened.gitlab.namespaces[0]📜

Type: string

Default value
"gitlab"

istio.hardened.monitoring.enabled📜

Type: bool

Default value
true

istio.hardened.monitoring.namespaces[0]📜

Type: string

Default value
"monitoring"

istio.hardened.monitoring.principals[0]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.monitoring.principals[1]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.monitoring.principals[2]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.monitoring.principals[3]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.monitoring.principals[4]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.monitoring.principals[5]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.mtls📜

Type: object

Default value
mode: STRICT

Description: Default peer authentication

istio.mtls.mode📜

Type: string

Default value
"STRICT"

Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic

monitoring.enabled📜

Type: bool

Default value
false

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.kubeAPIPort📜

Type: string

Default value
""

Description: Kube API Port, defaults to 443 and 6443 within the template but can be set to custom port The port where the Kubernetes API server listens for secure connections.

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

autoRegister.enabled📜

Type: bool

Default value
false

autoRegister.selectorLabels📜

Type: object

Default value
{}

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"

bbtests.cypress.envs.cypress_gitlab_project📜

Type: string

Default value
"runner-hello-world"

bbtests.cypress.secretEnvs[0].name📜

Type: string

Default value
"cypress_adminpassword"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name📜

Type: string

Default value
"gitlab-gitlab-initial-root-password"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key📜

Type: string

Default value
"password"

openshift📜

Type: bool

Default value
false

extraContainers📜

Type: list

Default value
[]