gitlab-runner values.yaml
📜
upstream.fullnameOverride📜
Type: string
"gitlab-runner"
upstream.image.registry📜
Type: string
"registry1.dso.mil"
upstream.image.image📜
Type: string
"ironbank/gitlab/gitlab-runner/gitlab-runner"
upstream.image.tag📜
Type: string
"v18.0.2"
upstream.useTini📜
Type: bool
true
upstream.imagePullPolicy📜
Type: string
"IfNotPresent"
upstream.livenessProbe📜
Type: object
{}
upstream.readinessProbe📜
Type: object
{}
upstream.gitlabUrl📜
Type: string
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"
upstream.unregisterRunners📜
Type: bool
true
upstream.terminationGracePeriodSeconds📜
Type: int
3600
upstream.concurrent📜
Type: int
50
upstream.shutdown_timeout📜
Type: int
0
upstream.checkInterval📜
Type: int
3
upstream.sessionServer.enabled📜
Type: bool
false
upstream.sessionServer.serviceType📜
Type: string
"LoadBalancer"
upstream.sessionServer.ingress.enabled📜
Type: bool
false
upstream.sessionServer.ingress.className📜
Type: string
""
upstream.sessionServer.ingress.annotations📜
Type: object
{}
upstream.sessionServer.ingress.tls[0].secretName📜
Type: string
"gitlab-runner-session-server"
upstream.rbac.create📜
Type: bool
true
upstream.rbac.generatedServiceAccountName📜
Type: string
""
upstream.rbac.rules📜
Type: list
[]
upstream.rbac.clusterWideAccess📜
Type: bool
false
upstream.rbac.podSecurityPolicy.enabled📜
Type: bool
false
upstream.rbac.podSecurityPolicy.resourceNames[0]📜
Type: string
"gitlab-runner"
upstream.rbac.imagePullSecrets📜
Type: list
[]
upstream.serviceAccount.name📜
Type: string
""
upstream.serviceAccount.annotations📜
Type: object
{}
upstream.serviceAccount.imagePullSecrets📜
Type: list
[]
upstream.metrics.enabled📜
Type: bool
false
upstream.metrics.portName📜
Type: string
"tcp-metrics"
upstream.metrics.port📜
Type: int
9252
upstream.metrics.serviceMonitor.enabled📜
Type: bool
false
upstream.metrics.serviceMonitor.namespace📜
Type: string
""
upstream.service.enabled📜
Type: bool
true
upstream.service.type📜
Type: string
"ClusterIP"
upstream.runners.job.registry📜
Type: string
"registry1.dso.mil"
upstream.runners.job.repository📜
Type: string
"ironbank/redhat/ubi/ubi9"
upstream.runners.job.tag📜
Type: string
"9.6"
upstream.runners.helper.registry📜
Type: string
"registry1.dso.mil"
upstream.runners.helper.repository📜
Type: string
"ironbank/gitlab/gitlab-runner/gitlab-runner-helper"
upstream.runners.helper.tag📜
Type: string
"v18.0.2"
upstream.runners.config📜
Type: string
"[[runners]]\n clone_url = \"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181\"\n cache_dir = \"/tmp/gitlab-runner/cache\"\n [runners.kubernetes]\n pull_policy = \"always\"\n namespace = \"{{.Release.Namespace}}\"\n image = \"{{ printf \"%s/%s:%s\" .Values.runners.job.registry .Values.runners.job.repository .Values.runners.job.tag }}\"\n helper_image = \"{{ printf \"%s/%s:%s\" .Values.runners.helper.registry .Values.runners.helper.repository .Values.runners.helper.tag }}\"\n image_pull_secrets = [\"private-registry\"]\n [runners.kubernetes.pod_security_context]\n run_as_non_root = true\n run_as_user = 1001\n [runners.kubernetes.helper_container_security_context]\n run_as_non_root = true\n run_as_user = 1001\n [runners.kubernetes.pod_labels]\n \"job_id\" = \"${CI_JOB_ID}\"\n \"job_name\" = \"${CI_JOB_NAME}\"\n \"pipeline_id\" = \"${CI_PIPELINE_ID}\"\n \"app\" = \"gitlab-runner\"\n"
upstream.runners.configPath📜
Type: string
""
upstream.runners.secret📜
Type: string
"gitlab-gitlab-runner-secret"
upstream.runners.cache📜
Type: object
{}
upstream.runners.builds📜
Type: object
{}
upstream.runners.services📜
Type: object
{}
upstream.runners.helpers📜
Type: object
{}
upstream.topologySpreadConstraints📜
Type: object
{}
upstream.securityContext.allowPrivilegeEscalation📜
Type: bool
false
upstream.securityContext.readOnlyRootFilesystem📜
Type: bool
false
upstream.securityContext.runAsNonRoot📜
Type: bool
true
upstream.securityContext.runAsUser📜
Type: int
1001
upstream.securityContext.runAsGroup📜
Type: int
1001
upstream.securityContext.privileged📜
Type: bool
false
upstream.securityContext.capabilities.drop[0]📜
Type: string
"ALL"
upstream.strategy📜
Type: object
{}
upstream.podSecurityContext.runAsUser📜
Type: int
1001
upstream.podSecurityContext.runAsNonRoot📜
Type: bool
true
upstream.podSecurityContext.fsGroup📜
Type: int
65533
upstream.containerSecurityContext.runAsNonRoot📜
Type: bool
true
upstream.capabilities.drop[0]📜
Type: string
"ALL"
upstream.resources.limits.memory📜
Type: string
"256Mi"
upstream.resources.limits.cpu📜
Type: string
"200m"
upstream.resources.requests.memory📜
Type: string
"256Mi"
upstream.resources.requests.cpu📜
Type: string
"200m"
upstream.affinity📜
Type: object
{}
upstream.runtimeClassName📜
Type: string
""
upstream.nodeSelector📜
Type: object
{}
upstream.tolerations📜
Type: list
[]
upstream.extraEnv📜
Type: object
{}
upstream.extraEnvFrom📜
Type: object
{}
upstream.hostAliases📜
Type: list
[]
upstream.deploymentAnnotations📜
Type: object
{}
upstream.deploymentLabels📜
Type: object
{}
upstream.deploymentLifecycle📜
Type: object
{}
upstream.podAnnotations📜
Type: object
{}
upstream.podLabels📜
Type: object
{}
upstream.priorityClassName📜
Type: string
""
upstream.secrets📜
Type: list
[]
upstream.configMaps📜
Type: object
{}
upstream.volumeMounts📜
Type: list
[]
upstream.volumes📜
Type: list
[]
upstream.extraObjects📜
Type: list
[]
istio.enabled📜
Type: bool
false
istio.injection📜
Type: string
"disabled"
istio.hardened.enabled📜
Type: bool
false
istio.hardened.outboundTrafficPolicyMode📜
Type: string
"REGISTRY_ONLY"
istio.hardened.customServiceEntries📜
Type: list
[]
istio.hardened.customAuthorizationPolicies📜
Type: list
[]
istio.hardened.gitlab.enabled📜
Type: bool
true
istio.hardened.gitlab.namespaces[0]📜
Type: string
"gitlab"
istio.hardened.monitoring.enabled📜
Type: bool
true
istio.hardened.monitoring.namespaces[0]📜
Type: string
"monitoring"
istio.hardened.monitoring.principals[0]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.monitoring.principals[1]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.monitoring.principals[2]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.monitoring.principals[3]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.monitoring.principals[4]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.monitoring.principals[5]📜
Type: string
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.mtls📜
Type: object
mode: STRICT
Description: Default peer authentication
istio.mtls.mode📜
Type: string
"STRICT"
Description: STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
monitoring.enabled📜
Type: bool
false
networkPolicies.enabled📜
Type: bool
false
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
networkPolicies.kubeAPIPort📜
Type: string
""
Description: Kube API Port, defaults to 443 and 6443 within the template but can be set to custom port The port where the Kubernetes API server listens for secure connections.
networkPolicies.additionalPolicies📜
Type: list
[]
autoRegister.enabled📜
Type: bool
false
autoRegister.selectorLabels📜
Type: object
{}
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"
bbtests.cypress.envs.cypress_gitlab_project📜
Type: string
"runner-hello-world"
bbtests.cypress.secretEnvs[0].name📜
Type: string
"cypress_adminpassword"
bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name📜
Type: string
"gitlab-gitlab-initial-root-password"
bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key📜
Type: string
"password"
openshift📜
Type: bool
false
extraContainers📜
Type: list
[]