GitLab is the most comprehensive AI-powered DevSecOps Platform.
The upstream chart's release notes may help when reviewing this package.
- Kubernetes Cluster deployed
- Kubernetes config installed in
~/.kube/config - Helm installed
Install Helm
https://helm.sh/docs/intro/install/
- Clone down the repository
- cd into directory
helm install gitlab chart/| Key | Type | Default | Description |
|---|---|---|---|
| global.istio.enabled | bool | false |
|
| global.istio.injection | string | "disabled" |
|
| global.common.labels | object | {} |
|
| global.image | object | {} |
|
| global.pod.labels | object | {} |
|
| global.edition | string | "ee" |
|
| global.gitlabVersion | string | "17.8.1" |
|
| global.application.create | bool | false |
|
| global.application.links | list | [] |
|
| global.application.allowClusterRoles | bool | true |
|
| global.hosts.domain | string | "dev.bigbang.mil" |
|
| global.hosts.hostSuffix | string | nil |
|
| global.hosts.https | bool | true |
|
| global.hosts.externalIP | string | nil |
|
| global.hosts.ssh | string | nil |
|
| global.hosts.gitlab.name | string | "gitlab.dev.bigbang.mil" |
|
| global.hosts.minio | object | {} |
|
| global.hosts.registry.name | string | "registry.dev.bigbang.mil" |
|
| global.hosts.tls | object | {} |
|
| global.hosts.smartcard | object | {} |
|
| global.hosts.kas | object | {} |
|
| global.hosts.pages | object | {} |
|
| global.ingress.apiVersion | string | "" |
|
| global.ingress.configureCertmanager | bool | false |
|
| global.ingress.useNewIngressForCerts | bool | false |
|
| global.ingress.provider | string | "nginx" |
|
| global.ingress.annotations | object | {} |
|
| global.ingress.enabled | bool | false |
|
| global.ingress.tls | object | {} |
|
| global.ingress.path | string | "/" |
|
| global.ingress.pathType | string | "Prefix" |
|
| global.hpa.apiVersion | string | "autoscaling/v2" |
|
| global.keda.enabled | bool | false |
|
| global.pdb.apiVersion | string | "policy/v1" |
|
| global.batch.cronJob.apiVersion | string | "batch/v1" |
|
| global.monitoring.enabled | bool | false |
|
| global.gitlab.license | object | {} |
|
| global.initialRootPassword | object | {} |
|
| global.psql.connectTimeout | string | nil |
|
| global.psql.keepalives | string | nil |
|
| global.psql.keepalivesIdle | string | nil |
|
| global.psql.keepalivesInterval | string | nil |
|
| global.psql.keepalivesCount | string | nil |
|
| global.psql.tcpUserTimeout | string | nil |
|
| global.psql.password | object | {} |
|
| global.psql.main | object | {} |
|
| global.psql.ci | object | {} |
|
| global.redis.auth.enabled | bool | true |
|
| global.redis.securityContext.runAsUser | int | 1001 |
|
| global.redis.securityContext.fsGroup | int | 1001 |
|
| global.redis.securityContext.runAsNonRoot | bool | true |
|
| global.redis.containerSecurityContext.enabled | bool | true |
|
| global.redis.containerSecurityContext.runAsUser | int | 1001 |
|
| global.redis.containerSecurityContext.runAsNonRoot | bool | true |
|
| global.redis.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| global.redis.sentinelAuth.enabled | bool | false |
|
| global.gitaly.enabled | bool | true |
|
| global.gitaly.authToken | object | {} |
|
| global.gitaly.internal.names[0] | string | "default" |
|
| global.gitaly.external | list | [] |
|
| global.gitaly.service.name | string | "gitaly" |
|
| global.gitaly.service.type | string | "ClusterIP" |
|
| global.gitaly.service.externalPort | int | 8075 |
|
| global.gitaly.service.internalPort | int | 8075 |
|
| global.gitaly.service.tls.externalPort | int | 8076 |
|
| global.gitaly.service.tls.internalPort | int | 8076 |
|
| global.gitaly.tls.enabled | bool | false |
|
| global.praefect.enabled | bool | false |
|
| global.praefect.ntpHost | string | "pool.ntp.org" |
|
| global.praefect.replaceInternalGitaly | bool | true |
|
| global.praefect.authToken | object | {} |
|
| global.praefect.autoMigrate | bool | true |
|
| global.praefect.dbSecret | object | {} |
|
| global.praefect.virtualStorages[0].name | string | "default" |
|
| global.praefect.virtualStorages[0].gitalyReplicas | int | 3 |
|
| global.praefect.virtualStorages[0].maxUnavailable | int | 1 |
|
| global.praefect.psql.sslMode | string | "disable" |
|
| global.praefect.service.name | string | "praefect" |
|
| global.praefect.service.type | string | "ClusterIP" |
|
| global.praefect.service.externalPort | int | 8075 |
|
| global.praefect.service.internalPort | int | 8075 |
|
| global.praefect.service.tls.externalPort | int | 8076 |
|
| global.praefect.service.tls.internalPort | int | 8076 |
|
| global.praefect.tls.enabled | bool | false |
|
| global.minio.enabled | bool | true |
|
| global.minio.credentials | object | {} |
|
| global.appConfig.enableUsagePing | bool | true |
|
| global.appConfig.enableSeatLink | bool | true |
|
| global.appConfig.enableImpersonation | string | nil |
|
| global.appConfig.applicationSettingsCacheSeconds | int | 60 |
|
| global.appConfig.defaultCanCreateGroup | bool | false |
|
| global.appConfig.usernameChangingEnabled | bool | true |
|
| global.appConfig.issueClosingPattern | string | nil |
|
| global.appConfig.defaultTheme | string | nil |
|
| global.appConfig.defaultColorMode | string | nil |
|
| global.appConfig.defaultSyntaxHighlightingTheme | string | nil |
|
| global.appConfig.defaultProjectsFeatures.issues | bool | true |
|
| global.appConfig.defaultProjectsFeatures.mergeRequests | bool | true |
|
| global.appConfig.defaultProjectsFeatures.wiki | bool | true |
|
| global.appConfig.defaultProjectsFeatures.snippets | bool | true |
|
| global.appConfig.defaultProjectsFeatures.builds | bool | true |
|
| global.appConfig.graphQlTimeout | string | nil |
|
| global.appConfig.webhookTimeout | string | nil |
|
| global.appConfig.maxRequestDurationSeconds | string | nil |
|
| global.appConfig.cron_jobs | object | {} |
|
| global.appConfig.contentSecurityPolicy.enabled | bool | false |
|
| global.appConfig.contentSecurityPolicy.report_only | bool | true |
|
| global.appConfig.gravatar.plainUrl | string | nil |
|
| global.appConfig.gravatar.sslUrl | string | nil |
|
| global.appConfig.extra.googleAnalyticsId | string | nil |
|
| global.appConfig.extra.matomoUrl | string | nil |
|
| global.appConfig.extra.matomoSiteId | string | nil |
|
| global.appConfig.extra.matomoDisableCookies | string | nil |
|
| global.appConfig.extra.oneTrustId | string | nil |
|
| global.appConfig.extra.googleTagManagerNonceId | string | nil |
|
| global.appConfig.extra.bizible | string | nil |
|
| global.appConfig.object_store.enabled | bool | false |
|
| global.appConfig.object_store.proxy_download | bool | true |
|
| global.appConfig.object_store.storage_options | object | {} |
|
| global.appConfig.object_store.connection | object | {} |
|
| global.appConfig.lfs.enabled | bool | true |
|
| global.appConfig.lfs.proxy_download | bool | true |
|
| global.appConfig.lfs.bucket | string | "git-lfs" |
|
| global.appConfig.lfs.connection | object | {} |
|
| global.appConfig.artifacts.enabled | bool | true |
|
| global.appConfig.artifacts.proxy_download | bool | true |
|
| global.appConfig.artifacts.bucket | string | "gitlab-artifacts" |
|
| global.appConfig.artifacts.connection | object | {} |
|
| global.appConfig.uploads.enabled | bool | true |
|
| global.appConfig.uploads.proxy_download | bool | true |
|
| global.appConfig.uploads.bucket | string | "gitlab-uploads" |
|
| global.appConfig.uploads.connection | object | {} |
|
| global.appConfig.packages.enabled | bool | true |
|
| global.appConfig.packages.proxy_download | bool | true |
|
| global.appConfig.packages.bucket | string | "gitlab-packages" |
|
| global.appConfig.packages.connection | object | {} |
|
| global.appConfig.externalDiffs.enabled | bool | false |
|
| global.appConfig.externalDiffs.when | string | nil |
|
| global.appConfig.externalDiffs.proxy_download | bool | true |
|
| global.appConfig.externalDiffs.bucket | string | "gitlab-mr-diffs" |
|
| global.appConfig.externalDiffs.connection | object | {} |
|
| global.appConfig.terraformState.enabled | bool | false |
|
| global.appConfig.terraformState.bucket | string | "gitlab-terraform-state" |
|
| global.appConfig.terraformState.connection | object | {} |
|
| global.appConfig.ciSecureFiles.enabled | bool | false |
|
| global.appConfig.ciSecureFiles.bucket | string | "gitlab-ci-secure-files" |
|
| global.appConfig.ciSecureFiles.connection | object | {} |
|
| global.appConfig.dependencyProxy.enabled | bool | false |
|
| global.appConfig.dependencyProxy.proxy_download | bool | true |
|
| global.appConfig.dependencyProxy.bucket | string | "gitlab-dependency-proxy" |
|
| global.appConfig.dependencyProxy.connection | object | {} |
|
| global.appConfig.backups.bucket | string | "gitlab-backups" |
|
| global.appConfig.backups.tmpBucket | string | "tmp" |
|
| global.appConfig.microsoft_graph_mailer.enabled | bool | false |
|
| global.appConfig.microsoft_graph_mailer.user_id | string | "" |
|
| global.appConfig.microsoft_graph_mailer.tenant | string | "" |
|
| global.appConfig.microsoft_graph_mailer.client_id | string | "" |
|
| global.appConfig.microsoft_graph_mailer.client_secret.secret | string | "" |
|
| global.appConfig.microsoft_graph_mailer.client_secret.key | string | "secret" |
|
| global.appConfig.microsoft_graph_mailer.azure_ad_endpoint | string | "https://login.microsoftonline.com" |
|
| global.appConfig.microsoft_graph_mailer.graph_endpoint | string | "https://graph.microsoft.com" |
|
| global.appConfig.incomingEmail.enabled | bool | false |
|
| global.appConfig.incomingEmail.address | string | "" |
|
| global.appConfig.incomingEmail.host | string | "imap.gmail.com" |
|
| global.appConfig.incomingEmail.port | int | 993 |
|
| global.appConfig.incomingEmail.ssl | bool | true |
|
| global.appConfig.incomingEmail.startTls | bool | false |
|
| global.appConfig.incomingEmail.user | string | "" |
|
| global.appConfig.incomingEmail.password.secret | string | "" |
|
| global.appConfig.incomingEmail.password.key | string | "password" |
|
| global.appConfig.incomingEmail.deleteAfterDelivery | bool | true |
|
| global.appConfig.incomingEmail.expungeDeleted | bool | false |
|
| global.appConfig.incomingEmail.logger.logPath | string | "/dev/stdout" |
|
| global.appConfig.incomingEmail.mailbox | string | "inbox" |
|
| global.appConfig.incomingEmail.idleTimeout | int | 60 |
|
| global.appConfig.incomingEmail.inboxMethod | string | "imap" |
|
| global.appConfig.incomingEmail.clientSecret.key | string | "secret" |
|
| global.appConfig.incomingEmail.pollInterval | int | 60 |
|
| global.appConfig.incomingEmail.deliveryMethod | string | "webhook" |
|
| global.appConfig.incomingEmail.authToken | object | {} |
|
| global.appConfig.serviceDeskEmail.enabled | bool | false |
|
| global.appConfig.serviceDeskEmail.address | string | "" |
|
| global.appConfig.serviceDeskEmail.host | string | "imap.gmail.com" |
|
| global.appConfig.serviceDeskEmail.port | int | 993 |
|
| global.appConfig.serviceDeskEmail.ssl | bool | true |
|
| global.appConfig.serviceDeskEmail.startTls | bool | false |
|
| global.appConfig.serviceDeskEmail.user | string | "" |
|
| global.appConfig.serviceDeskEmail.password.secret | string | "" |
|
| global.appConfig.serviceDeskEmail.password.key | string | "password" |
|
| global.appConfig.serviceDeskEmail.deleteAfterDelivery | bool | true |
|
| global.appConfig.serviceDeskEmail.expungeDeleted | bool | false |
|
| global.appConfig.serviceDeskEmail.logger.logPath | string | "/dev/stdout" |
|
| global.appConfig.serviceDeskEmail.mailbox | string | "inbox" |
|
| global.appConfig.serviceDeskEmail.idleTimeout | int | 60 |
|
| global.appConfig.serviceDeskEmail.inboxMethod | string | "imap" |
|
| global.appConfig.serviceDeskEmail.clientSecret.key | string | "secret" |
|
| global.appConfig.serviceDeskEmail.pollInterval | int | 60 |
|
| global.appConfig.serviceDeskEmail.deliveryMethod | string | "webhook" |
|
| global.appConfig.serviceDeskEmail.authToken | object | {} |
|
| global.appConfig.ldap.preventSignin | bool | false |
|
| global.appConfig.ldap.servers | object | {} |
|
| global.appConfig.duoAuth.enabled | bool | false |
|
| global.appConfig.gitlab_kas | object | {} |
|
| global.appConfig.suggested_reviewers | object | {} |
|
| global.appConfig.omniauth.enabled | bool | false |
|
| global.appConfig.omniauth.autoSignInWithProvider | string | nil |
|
| global.appConfig.omniauth.syncProfileFromProvider | list | [] |
|
| global.appConfig.omniauth.syncProfileAttributes[0] | string | "email" |
|
| global.appConfig.omniauth.allowSingleSignOn[0] | string | "saml" |
|
| global.appConfig.omniauth.blockAutoCreatedUsers | bool | true |
|
| global.appConfig.omniauth.autoLinkLdapUser | bool | false |
|
| global.appConfig.omniauth.autoLinkSamlUser | bool | false |
|
| global.appConfig.omniauth.autoLinkUser | list | [] |
|
| global.appConfig.omniauth.externalProviders | list | [] |
|
| global.appConfig.omniauth.allowBypassTwoFactor | list | [] |
|
| global.appConfig.omniauth.providers | list | [] |
|
| global.appConfig.kerberos.enabled | bool | false |
|
| global.appConfig.kerberos.keytab.key | string | "keytab" |
|
| global.appConfig.kerberos.servicePrincipalName | string | "" |
|
| global.appConfig.kerberos.krb5Config | string | "" |
|
| global.appConfig.kerberos.dedicatedPort.enabled | bool | false |
|
| global.appConfig.kerberos.dedicatedPort.port | int | 8443 |
|
| global.appConfig.kerberos.dedicatedPort.https | bool | true |
|
| global.appConfig.kerberos.simpleLdapLinkingAllowedRealms | list | [] |
|
| global.appConfig.sentry.enabled | bool | false |
|
| global.appConfig.sentry.dsn | string | nil |
|
| global.appConfig.sentry.clientside_dsn | string | nil |
|
| global.appConfig.sentry.environment | string | nil |
|
| global.appConfig.gitlab_docs.enabled | bool | false |
|
| global.appConfig.gitlab_docs.host | string | "" |
|
| global.appConfig.smartcard.enabled | bool | false |
|
| global.appConfig.smartcard.CASecret | string | nil |
|
| global.appConfig.smartcard.clientCertificateRequiredHost | string | nil |
|
| global.appConfig.smartcard.sanExtensions | bool | false |
|
| global.appConfig.smartcard.requiredForGitAccess | bool | false |
|
| global.appConfig.sidekiq.routingRules | list | [] |
|
| global.appConfig.initialDefaults | object | {} |
|
| global.oauth.gitlab-pages | object | {} |
|
| global.geo.enabled | bool | false |
|
| global.geo.role | string | "primary" |
|
| global.geo.nodeName | string | nil |
|
| global.geo.psql.password | object | {} |
|
| global.geo.registry.replication.enabled | bool | false |
|
| global.geo.registry.replication.primaryApiUrl | string | nil |
|
| global.kas.enabled | bool | false |
|
| global.kas.service.apiExternalPort | int | 8153 |
|
| global.kas.tls.enabled | bool | false |
|
| global.kas.tls.verify | bool | true |
|
| global.spamcheck.enabled | bool | false |
|
| global.shell.authToken | object | {} |
|
| global.shell.hostKeys | object | {} |
|
| global.shell.tcp.proxyProtocol | bool | false |
|
| global.railsSecrets | object | {} |
|
| global.rails.bootsnap.enabled | bool | true |
|
| global.rails.sessionStore.sessionCookieTokenPrefix | string | "" |
|
| global.registry.bucket | string | "registry" |
|
| global.registry.certificate | object | {} |
|
| global.registry.httpSecret | object | {} |
|
| global.registry.notificationSecret | object | {} |
|
| global.registry.tls.enabled | bool | false |
|
| global.registry.redis.cache.password | object | {} |
|
| global.registry.redis.rateLimiting.password | object | {} |
|
| global.registry.notifications | object | {} |
|
| global.registry.enabled | bool | true |
|
| global.registry.host | string | nil |
|
| global.registry.api.protocol | string | "http" |
|
| global.registry.api.serviceName | string | "registry" |
|
| global.registry.api.port | int | 5000 |
|
| global.registry.tokenIssuer | string | "gitlab-issuer" |
|
| global.pages.enabled | bool | false |
|
| global.pages.accessControl | bool | false |
|
| global.pages.path | string | nil |
|
| global.pages.host | string | nil |
|
| global.pages.port | string | nil |
|
| global.pages.https | string | nil |
|
| global.pages.externalHttp | list | [] |
|
| global.pages.externalHttps | list | [] |
|
| global.pages.artifactsServer | bool | true |
|
| global.pages.localStore.enabled | bool | false |
|
| global.pages.objectStore.enabled | bool | true |
|
| global.pages.objectStore.bucket | string | "gitlab-pages" |
|
| global.pages.objectStore.connection | object | {} |
|
| global.pages.apiSecret | object | {} |
|
| global.pages.authSecret | object | {} |
|
| global.pages.namespaceInPath | bool | false |
|
| global.runner.registrationToken | object | {} |
|
| global.smtp.enabled | bool | false |
|
| global.smtp.address | string | "smtp.mailgun.org" |
|
| global.smtp.port | int | 2525 |
|
| global.smtp.user_name | string | "" |
|
| global.smtp.password.secret | string | "" |
|
| global.smtp.password.key | string | "password" |
|
| global.smtp.authentication | string | "plain" |
|
| global.smtp.starttls_auto | bool | false |
|
| global.smtp.openssl_verify_mode | string | "peer" |
|
| global.smtp.open_timeout | int | 30 |
|
| global.smtp.read_timeout | int | 60 |
|
| global.smtp.pool | bool | false |
|
| global.email.from | string | "" |
|
| global.email.display_name | string | "GitLab" |
|
| global.email.reply_to | string | "" |
|
| global.email.subject_suffix | string | "" |
|
| global.email.smime.enabled | bool | false |
|
| global.email.smime.secretName | string | "" |
|
| global.email.smime.keyName | string | "tls.key" |
|
| global.email.smime.certName | string | "tls.crt" |
|
| global.time_zone | string | "UTC" |
|
| global.service.labels | object | {} |
|
| global.service.annotations | object | {} |
|
| global.deployment.annotations | object | {} |
|
| global.nodeAffinity | string | nil |
|
| global.antiAffinity | string | "soft" |
|
| global.affinity.podAntiAffinity.topologyKey | string | "kubernetes.io/hostname" |
|
| global.affinity.nodeAffinity.key | string | "topology.kubernetes.io/zone" |
|
| global.affinity.nodeAffinity.values | list | [] |
|
| global.priorityClassName | string | "" |
|
| global.workhorse.serviceName | string | "webservice-default" |
|
| global.workhorse.tls.enabled | bool | false |
|
| global.webservice.workerTimeout | int | 60 |
|
| global.certificates.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/certificates" |
|
| global.certificates.image.tag | string | "17.8.1" |
|
| global.certificates.image.pullSecrets[0].name | string | "private-registry" |
|
| global.certificates.init.securityContext.capabilities.drop[0] | string | "ALL" |
|
| global.certificates.init.securityContext.runAsUser | int | 65534 |
|
| global.certificates.init.securityContext.runAsNonRoot | bool | true |
|
| global.certificates.customCAs[0].secret | string | "ca-certs-australian-defence-organisation-cross-cert-chain" |
|
| global.certificates.customCAs[1].secret | string | "ca-certs-australian-defence-organisation-direct-trust-chain" |
|
| global.certificates.customCAs[2].secret | string | "ca-certs-boeing" |
|
| global.certificates.customCAs[3].secret | string | "ca-certs-carillon-federal-services-trust-chain-1" |
|
| global.certificates.customCAs[4].secret | string | "ca-certs-carillon-federal-services-trust-chain-2" |
|
| global.certificates.customCAs[5].secret | string | "ca-certs-department-of-state-trust-chain-1" |
|
| global.certificates.customCAs[6].secret | string | "ca-certs-department-of-state-trust-chain-2" |
|
| global.certificates.customCAs[7].secret | string | "ca-certs-digicert-federal-ssp-trust-chain-1" |
|
| global.certificates.customCAs[8].secret | string | "ca-certs-digicert-federal-ssp-trust-chain-2" |
|
| global.certificates.customCAs[9].secret | string | "ca-certs-digicert-nfi-trust-chain-1" |
|
| global.certificates.customCAs[10].secret | string | "ca-certs-digicert-nfi-trust-chain-2" |
|
| global.certificates.customCAs[11].secret | string | "ca-certs-entrust-federal-ssp-trust-chain-1" |
|
| global.certificates.customCAs[12].secret | string | "ca-certs-entrust-federal-ssp-trust-chain-2" |
|
| global.certificates.customCAs[13].secret | string | "ca-certs-entrust-federal-ssp-trust-chain-3" |
|
| global.certificates.customCAs[14].secret | string | "ca-certs-entrust-managed-service-nfi" |
|
| global.certificates.customCAs[15].secret | string | "ca-certs-exostar-llc" |
|
| global.certificates.customCAs[16].secret | string | "ca-certs-identrust-nfi" |
|
| global.certificates.customCAs[17].secret | string | "ca-certs-lockheed-martin" |
|
| global.certificates.customCAs[18].secret | string | "ca-certs-netherlands-ministry-of-defence" |
|
| global.certificates.customCAs[19].secret | string | "ca-certs-northrop-grumman" |
|
| global.certificates.customCAs[20].secret | string | "ca-certs-raytheon-trust-chain-1" |
|
| global.certificates.customCAs[21].secret | string | "ca-certs-raytheon-trust-chain-2" |
|
| global.certificates.customCAs[22].secret | string | "ca-certs-us-treasury-ssp-trust-chain-1" |
|
| global.certificates.customCAs[23].secret | string | "ca-certs-us-treasury-ssp-trust-chain-2" |
|
| global.certificates.customCAs[24].secret | string | "ca-certs-verizon-cybertrust-federal-ssp" |
|
| global.certificates.customCAs[25].secret | string | "ca-certs-widepoint-federal-ssp-trust-chain-1" |
|
| global.certificates.customCAs[26].secret | string | "ca-certs-widepoint-federal-ssp-trust-chain-2" |
|
| global.certificates.customCAs[27].secret | string | "ca-certs-widepoint-nfi" |
|
| global.certificates.customCAs[28].secret | string | "ca-certs-dod-intermediate-and-issuing-ca-certs" |
|
| global.certificates.customCAs[29].secret | string | "ca-certs-dod-trust-anchors-self-signed" |
|
| global.certificates.customCAs[30].secret | string | "ca-certs-eca" |
|
| global.kubectl.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/kubectl" |
|
| global.kubectl.image.tag | string | "17.8.1" |
|
| global.kubectl.image.pullSecrets[0].name | string | "private-registry" |
|
| global.kubectl.securityContext.runAsUser | int | 65534 |
|
| global.kubectl.securityContext.fsGroup | int | 65534 |
|
| global.kubectl.securityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| global.gitlabBase.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base" |
|
| global.gitlabBase.image.tag | string | "17.8.1" |
|
| global.gitlabBase.image.pullSecrets[0].name | string | "private-registry" |
|
| global.serviceAccount.enabled | bool | true |
|
| global.serviceAccount.create | bool | true |
|
| global.serviceAccount.annotations | object | {} |
|
| global.serviceAccount.automountServiceAccountToken | bool | false |
|
| global.tracing.connection.string | string | "" |
|
| global.tracing.urlTemplate | string | "" |
|
| global.zoekt.gateway.basicAuth | object | {} |
|
| global.zoekt.indexer.internalApi | object | {} |
|
| global.extraEnv | object | {} |
|
| global.extraEnvFrom | object | {} |
|
| global.job.nameSuffixOverride | string | nil |
|
| global.traefik.apiVersion | string | "" |
|
| upgradeCheck.enabled | bool | true |
|
| upgradeCheck.image.repository | string | "registry1.dso.mil/ironbank/redhat/ubi/ubi9" |
|
| upgradeCheck.image.tag | string | "9.5" |
|
| upgradeCheck.image.pullSecrets[0].name | string | "private-registry" |
|
| upgradeCheck.securityContext.runAsUser | int | 65534 |
|
| upgradeCheck.securityContext.runAsGroup | int | 65534 |
|
| upgradeCheck.securityContext.fsGroup | int | 65534 |
|
| upgradeCheck.securityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| upgradeCheck.containerSecurityContext.runAsUser | int | 65534 |
|
| upgradeCheck.containerSecurityContext.runAsGroup | int | 65534 |
|
| upgradeCheck.containerSecurityContext.allowPrivilegeEscalation | bool | false |
|
| upgradeCheck.containerSecurityContext.runAsNonRoot | bool | true |
|
| upgradeCheck.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| upgradeCheck.tolerations | list | [] |
|
| upgradeCheck.annotations."sidecar.istio.io/inject" | string | "true" |
|
| upgradeCheck.configMapAnnotations | object | {} |
|
| upgradeCheck.resources.requests.cpu | string | "500m" |
|
| upgradeCheck.resources.requests.memory | string | "500Mi" |
|
| upgradeCheck.resources.limits.cpu | string | "500m" |
|
| upgradeCheck.resources.limits.memory | string | "500Mi" |
|
| certmanager.installCRDs | bool | false |
|
| certmanager.nameOverride | string | "certmanager" |
|
| certmanager.install | bool | false |
|
| certmanager.rbac.create | bool | true |
|
| nginx-ingress.enabled | bool | false |
|
| nginx-ingress-geo.<<.enabled | bool | false |
|
| nginx-ingress.tcpExternalConfig | string | "true" |
|
| nginx-ingress-geo.<<.tcpExternalConfig | string | "true" |
|
| nginx-ingress-geo.<<.controller.addHeaders.Referrer-Policy | string | "strict-origin-when-cross-origin" |
|
| nginx-ingress.controller.addHeaders.Referrer-Policy | string | "strict-origin-when-cross-origin" |
|
| nginx-ingress-geo.controller.<<.addHeaders.Referrer-Policy | string | "strict-origin-when-cross-origin" |
|
| nginx-ingress.controller.config.annotation-value-word-blocklist | string | "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"" |
|
| nginx-ingress-geo.<<.controller.config.annotation-value-word-blocklist | string | "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"" |
|
| nginx-ingress-geo.controller.config.<<.annotation-value-word-blocklist | string | "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"" |
|
| nginx-ingress-geo.controller.<<.config.annotation-value-word-blocklist | string | "load_module,lua_package,_by_lua,location,root,proxy_pass,serviceaccount,{,},',\"" |
|
| nginx-ingress.controller.config.hsts | string | "true" |
|
| nginx-ingress-geo.<<.controller.config.hsts | string | "true" |
|
| nginx-ingress-geo.controller.config.<<.hsts | string | "true" |
|
| nginx-ingress-geo.controller.<<.config.hsts | string | "true" |
|
| nginx-ingress.controller.config.hsts-include-subdomains | string | "false" |
|
| nginx-ingress-geo.<<.controller.config.hsts-include-subdomains | string | "false" |
|
| nginx-ingress-geo.controller.config.<<.hsts-include-subdomains | string | "false" |
|
| nginx-ingress-geo.controller.<<.config.hsts-include-subdomains | string | "false" |
|
| nginx-ingress-geo.controller.<<.config.hsts-max-age | string | "63072000" |
|
| nginx-ingress.controller.config.hsts-max-age | string | "63072000" |
|
| nginx-ingress-geo.controller.config.<<.hsts-max-age | string | "63072000" |
|
| nginx-ingress-geo.<<.controller.config.hsts-max-age | string | "63072000" |
|
| nginx-ingress-geo.controller.config.<<.server-name-hash-bucket-size | string | "256" |
|
| nginx-ingress.controller.config.server-name-hash-bucket-size | string | "256" |
|
| nginx-ingress-geo.<<.controller.config.server-name-hash-bucket-size | string | "256" |
|
| nginx-ingress-geo.controller.<<.config.server-name-hash-bucket-size | string | "256" |
|
| nginx-ingress-geo.controller.config.<<.use-http2 | string | "true" |
|
| nginx-ingress.controller.config.use-http2 | string | "true" |
|
| nginx-ingress-geo.<<.controller.config.use-http2 | string | "true" |
|
| nginx-ingress-geo.controller.<<.config.use-http2 | string | "true" |
|
| nginx-ingress-geo.controller.config.<<.ssl-ciphers | string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" |
|
| nginx-ingress-geo.<<.controller.config.ssl-ciphers | string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" |
|
| nginx-ingress.controller.config.ssl-ciphers | string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" |
|
| nginx-ingress-geo.controller.<<.config.ssl-ciphers | string | "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" |
|
| nginx-ingress-geo.controller.config.<<.ssl-protocols | string | "TLSv1.3 TLSv1.2" |
|
| nginx-ingress-geo.controller.<<.config.ssl-protocols | string | "TLSv1.3 TLSv1.2" |
|
| nginx-ingress-geo.<<.controller.config.ssl-protocols | string | "TLSv1.3 TLSv1.2" |
|
| nginx-ingress.controller.config.ssl-protocols | string | "TLSv1.3 TLSv1.2" |
|
| nginx-ingress-geo.<<.controller.config.server-tokens | string | "false" |
|
| nginx-ingress-geo.controller.<<.config.server-tokens | string | "false" |
|
| nginx-ingress-geo.controller.config.<<.server-tokens | string | "false" |
|
| nginx-ingress.controller.config.server-tokens | string | "false" |
|
| nginx-ingress-geo.controller.<<.config.upstream-keepalive-connections | int | 100 |
|
| nginx-ingress-geo.controller.config.<<.upstream-keepalive-connections | int | 100 |
|
| nginx-ingress-geo.<<.controller.config.upstream-keepalive-connections | int | 100 |
|
| nginx-ingress.controller.config.upstream-keepalive-connections | int | 100 |
|
| nginx-ingress-geo.controller.config.<<.upstream-keepalive-time | string | "30s" |
|
| nginx-ingress-geo.controller.<<.config.upstream-keepalive-time | string | "30s" |
|
| nginx-ingress-geo.<<.controller.config.upstream-keepalive-time | string | "30s" |
|
| nginx-ingress.controller.config.upstream-keepalive-time | string | "30s" |
|
| nginx-ingress-geo.controller.<<.config.upstream-keepalive-timeout | int | 5 |
|
| nginx-ingress.controller.config.upstream-keepalive-timeout | int | 5 |
|
| nginx-ingress-geo.<<.controller.config.upstream-keepalive-timeout | int | 5 |
|
| nginx-ingress-geo.controller.config.<<.upstream-keepalive-timeout | int | 5 |
|
| nginx-ingress.controller.config.upstream-keepalive-requests | int | 1000 |
|
| nginx-ingress-geo.<<.controller.config.upstream-keepalive-requests | int | 1000 |
|
| nginx-ingress-geo.controller.config.<<.upstream-keepalive-requests | int | 1000 |
|
| nginx-ingress-geo.controller.<<.config.upstream-keepalive-requests | int | 1000 |
|
| nginx-ingress-geo.<<.controller.service.externalTrafficPolicy | string | "Local" |
|
| nginx-ingress.controller.service.externalTrafficPolicy | string | "Local" |
|
| nginx-ingress-geo.controller.<<.service.externalTrafficPolicy | string | "Local" |
|
| nginx-ingress.controller.ingressClassByName | bool | false |
|
| nginx-ingress-geo.<<.controller.ingressClassByName | bool | false |
|
| nginx-ingress-geo.controller.<<.ingressClassByName | bool | false |
|
| nginx-ingress.controller.ingressClassResource.name | string | "{{ include \"ingress.class.name\" $ }}" |
|
| nginx-ingress-geo.<<.controller.ingressClassResource.name | string | "{{ include \"ingress.class.name\" $ }}" |
|
| nginx-ingress-geo.controller.<<.ingressClassResource.name | string | "{{ include \"ingress.class.name\" $ }}" |
|
| nginx-ingress-geo.controller.<<.resources.requests.cpu | string | "100m" |
|
| nginx-ingress-geo.<<.controller.resources.requests.cpu | string | "100m" |
|
| nginx-ingress.controller.resources.requests.cpu | string | "100m" |
|
| nginx-ingress-geo.controller.<<.resources.requests.memory | string | "100Mi" |
|
| nginx-ingress.controller.resources.requests.memory | string | "100Mi" |
|
| nginx-ingress-geo.<<.controller.resources.requests.memory | string | "100Mi" |
|
| nginx-ingress-geo.controller.<<.publishService.enabled | bool | true |
|
| nginx-ingress-geo.<<.controller.publishService.enabled | bool | true |
|
| nginx-ingress.controller.publishService.enabled | bool | true |
|
| nginx-ingress-geo.controller.<<.replicaCount | int | 2 |
|
| nginx-ingress-geo.<<.controller.replicaCount | int | 2 |
|
| nginx-ingress.controller.replicaCount | int | 2 |
|
| nginx-ingress-geo.<<.controller.minAvailable | int | 1 |
|
| nginx-ingress-geo.controller.<<.minAvailable | int | 1 |
|
| nginx-ingress.controller.minAvailable | int | 1 |
|
| nginx-ingress-geo.controller.<<.scope.enabled | bool | true |
|
| nginx-ingress.controller.scope.enabled | bool | true |
|
| nginx-ingress-geo.<<.controller.scope.enabled | bool | true |
|
| nginx-ingress-geo.controller.<<.metrics.enabled | bool | true |
|
| nginx-ingress.controller.metrics.enabled | bool | true |
|
| nginx-ingress-geo.<<.controller.metrics.enabled | bool | true |
|
| nginx-ingress-geo.controller.<<.metrics.service.annotations."gitlab.com/prometheus_scrape" | string | "true" |
|
| nginx-ingress.controller.metrics.service.annotations."gitlab.com/prometheus_scrape" | string | "true" |
|
| nginx-ingress-geo.<<.controller.metrics.service.annotations."gitlab.com/prometheus_scrape" | string | "true" |
|
| nginx-ingress.controller.metrics.service.annotations."gitlab.com/prometheus_port" | string | "10254" |
|
| nginx-ingress-geo.<<.controller.metrics.service.annotations."gitlab.com/prometheus_port" | string | "10254" |
|
| nginx-ingress-geo.controller.<<.metrics.service.annotations."gitlab.com/prometheus_port" | string | "10254" |
|
| nginx-ingress.controller.metrics.service.annotations."prometheus.io/scrape" | string | "true" |
|
| nginx-ingress-geo.controller.<<.metrics.service.annotations."prometheus.io/scrape" | string | "true" |
|
| nginx-ingress-geo.<<.controller.metrics.service.annotations."prometheus.io/scrape" | string | "true" |
|
| nginx-ingress-geo.controller.<<.metrics.service.annotations."prometheus.io/port" | string | "10254" |
|
| nginx-ingress-geo.<<.controller.metrics.service.annotations."prometheus.io/port" | string | "10254" |
|
| nginx-ingress.controller.metrics.service.annotations."prometheus.io/port" | string | "10254" |
|
| nginx-ingress.controller.admissionWebhooks.enabled | bool | false |
|
| nginx-ingress-geo.controller.<<.admissionWebhooks.enabled | bool | false |
|
| nginx-ingress-geo.<<.controller.admissionWebhooks.enabled | bool | false |
|
| nginx-ingress-geo.<<.defaultBackend.resources.requests.cpu | string | "5m" |
|
| nginx-ingress.defaultBackend.resources.requests.cpu | string | "5m" |
|
| nginx-ingress-geo.<<.defaultBackend.resources.requests.memory | string | "5Mi" |
|
| nginx-ingress.defaultBackend.resources.requests.memory | string | "5Mi" |
|
| nginx-ingress.rbac.create | bool | true |
|
| nginx-ingress-geo.<<.rbac.create | bool | true |
|
| nginx-ingress-geo.<<.rbac.scope | bool | false |
|
| nginx-ingress.rbac.scope | bool | false |
|
| nginx-ingress-geo.<<.serviceAccount.create | bool | true |
|
| nginx-ingress.serviceAccount.create | bool | true |
|
| nginx-ingress-geo.enabled | bool | false |
|
| nginx-ingress-geo.controller.config.use-forwarded-headers | bool | true |
|
| nginx-ingress-geo.controller.electionID | string | "ingress-controller-leader-geo" |
|
| nginx-ingress-geo.controller.ingressClassResource.name | string | "{{ include \"gitlab.geo.ingress.class.name\" $ | quote }}" |
|
| nginx-ingress-geo.controller.ingressClassResource.controllerValue | string | "k8s.io/nginx-ingress-geo" |
|
| nginx-ingress-geo.externalIpTpl | string | "{{ .Values.global.hosts.externalGeoIP }}" |
|
| haproxy.install | bool | false |
|
| haproxy.controller.service.type | string | "LoadBalancer" |
|
| haproxy.controller.service.tcpPorts[0].name | string | "ssh" |
|
| haproxy.controller.service.tcpPorts[0].port | int | 22 |
|
| haproxy.controller.service.tcpPorts[0].targetPort | int | 22 |
|
| haproxy.controller.extraArgs[0] | string | "--configmap-tcp-services=$(POD_NAMESPACE)/$(POD_NAMESPACE)-haproxy-tcp" |
|
| prometheus.install | bool | false |
|
| prometheus.rbac.create | bool | true |
|
| prometheus.alertmanager.enabled | bool | false |
|
| prometheus.alertmanagerFiles."alertmanager.yml" | object | {} |
|
| prometheus.kubeStateMetrics.enabled | bool | false |
|
| prometheus.nodeExporter.enabled | bool | false |
|
| prometheus.pushgateway.enabled | bool | false |
|
| prometheus.server.enabled | bool | false |
|
| prometheus.server.retention | string | "15d" |
|
| prometheus.server.strategy.type | string | "Recreate" |
|
| prometheus.server.image.tag | string | "v2.38.0" |
|
| prometheus.server.containerSecurityContext.runAsUser | int | 1000 |
|
| prometheus.server.containerSecurityContext.allowPrivilegeEscalation | bool | false |
|
| prometheus.server.containerSecurityContext.runAsNonRoot | bool | true |
|
| prometheus.server.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| prometheus.server.containerSecurityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| prometheus.podSecurityPolicy.enabled | bool | false |
|
| prometheus.configmapReload.prometheus.containerSecurityContext.runAsUser | int | 1000 |
|
| prometheus.configmapReload.prometheus.containerSecurityContext.allowPrivilegeEscalation | bool | false |
|
| prometheus.configmapReload.prometheus.containerSecurityContext.runAsNonRoot | bool | true |
|
| prometheus.configmapReload.prometheus.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| prometheus.configmapReload.prometheus.containerSecurityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[0].job_name | string | "prometheus" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[0].static_configs[0].targets[0] | string | "localhost:9090" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].job_name | string | "kubernetes-apiservers" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].kubernetes_sd_configs[0].role | string | "endpoints" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].scheme | string | "https" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].tls_config.ca_file | string | "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].tls_config.insecure_skip_verify | bool | true |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].bearer_token_file | string | "/var/run/secrets/kubernetes.io/serviceaccount/token" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].relabel_configs[0].source_labels[0] | string | "__meta_kubernetes_namespace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].relabel_configs[0].source_labels[1] | string | "__meta_kubernetes_service_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].relabel_configs[0].source_labels[2] | string | "__meta_kubernetes_endpoint_port_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].relabel_configs[0].action | string | "keep" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[1].relabel_configs[0].regex | string | "default;kubernetes;https" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].job_name | string | "kubernetes-pods" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].kubernetes_sd_configs[0].role | string | "pod" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[0].source_labels[0] | string | "__meta_kubernetes_pod_annotation_gitlab_com_prometheus_scrape" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[0].action | string | "keep" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[0].regex | bool | true |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[1].source_labels[0] | string | "__meta_kubernetes_pod_annotation_gitlab_com_prometheus_scheme" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[1].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[1].regex | string | "(https?)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[1].target_label | string | "__scheme__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[2].source_labels[0] | string | "__meta_kubernetes_pod_annotation_gitlab_com_prometheus_path" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[2].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[2].target_label | string | "__metrics_path__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[2].regex | string | "(.+)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[3].source_labels[0] | string | "__address__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[3].source_labels[1] | string | "__meta_kubernetes_pod_annotation_gitlab_com_prometheus_port" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[3].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[3].regex | string | "([^:]+)(?::\\d+)?;(\\d+)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[3].replacement | string | "$1:$2" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[3].target_label | string | "__address__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[4].action | string | "labelmap" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[4].regex | string | "__meta_kubernetes_pod_label_(.+)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[5].source_labels[0] | string | "__meta_kubernetes_namespace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[5].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[5].target_label | string | "kubernetes_namespace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[6].source_labels[0] | string | "__meta_kubernetes_pod_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[6].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[2].relabel_configs[6].target_label | string | "kubernetes_pod_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].job_name | string | "kubernetes-service-endpoints" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].kubernetes_sd_configs[0].role | string | "endpoints" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[0].action | string | "keep" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[0].regex | bool | true |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[0].source_labels[0] | string | "__meta_kubernetes_service_annotation_gitlab_com_prometheus_scrape" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[1].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[1].regex | string | "(https?)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[1].source_labels[0] | string | "__meta_kubernetes_service_annotation_gitlab_com_prometheus_scheme" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[1].target_label | string | "__scheme__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[2].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[2].regex | string | "(.+)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[2].source_labels[0] | string | "__meta_kubernetes_service_annotation_gitlab_com_prometheus_path" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[2].target_label | string | "__metrics_path__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[3].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[3].regex | string | "([^:]+)(?::\\d+)?;(\\d+)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[3].replacement | string | "$1:$2" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[3].source_labels[0] | string | "__address__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[3].source_labels[1] | string | "__meta_kubernetes_service_annotation_gitlab_com_prometheus_port" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[3].target_label | string | "__address__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[4].action | string | "labelmap" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[4].regex | string | "__meta_kubernetes_service_label_(.+)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[5].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[5].source_labels[0] | string | "__meta_kubernetes_namespace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[5].target_label | string | "kubernetes_namespace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[6].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[6].source_labels[0] | string | "__meta_kubernetes_service_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[6].target_label | string | "kubernetes_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[7].action | string | "replace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[7].source_labels[0] | string | "__meta_kubernetes_pod_node_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[3].relabel_configs[7].target_label | string | "kubernetes_node" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].job_name | string | "kubernetes-services" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].metrics_path | string | "/probe" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].params.module[0] | string | "http_2xx" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].kubernetes_sd_configs[0].role | string | "service" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[0].source_labels[0] | string | "__meta_kubernetes_service_annotation_gitlab_com_prometheus_probe" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[0].action | string | "keep" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[0].regex | bool | true |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[1].source_labels[0] | string | "__address__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[1].target_label | string | "__param_target" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[2].target_label | string | "__address__" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[2].replacement | string | "blackbox" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[3].source_labels[0] | string | "__param_target" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[3].target_label | string | "instance" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[4].action | string | "labelmap" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[4].regex | string | "__meta_kubernetes_service_label_(.+)" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[5].source_labels[0] | string | "__meta_kubernetes_namespace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[5].target_label | string | "kubernetes_namespace" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[6].source_labels[0] | string | "__meta_kubernetes_service_name" |
|
| prometheus.serverFiles."prometheus.yml".scrape_configs[4].relabel_configs[6].target_label | string | "kubernetes_name" |
|
| redis.global.imagePullSecrets[0] | string | "private-registry" |
|
| redis.install | bool | true |
|
| redis.auth.existingSecret | string | "gitlab-redis-secret" |
|
| redis.auth.existingSecretKey | string | "secret" |
|
| redis.auth.usePasswordFiles | bool | true |
|
| redis.architecture | string | "standalone" |
|
| redis.cluster.enabled | bool | false |
|
| redis.metrics.enabled | bool | true |
|
| redis.metrics.image.registry | string | "registry1.dso.mil/ironbank/bitnami" |
|
| redis.metrics.image.repository | string | "analytics/redis-exporter" |
|
| redis.metrics.image.tag | string | "v1.67.0" |
|
| redis.metrics.image.pullSecrets | list | [] |
|
| redis.metrics.resources.limits.cpu | string | "250m" |
|
| redis.metrics.resources.limits.memory | string | "256Mi" |
|
| redis.metrics.resources.requests.cpu | string | "250m" |
|
| redis.metrics.resources.requests.memory | string | "256Mi" |
|
| redis.metrics.containerSecurityContext.enabled | bool | true |
|
| redis.metrics.containerSecurityContext.runAsUser | int | 1001 |
|
| redis.metrics.containerSecurityContext.runAsGroup | int | 1001 |
|
| redis.metrics.containerSecurityContext.runAsNonRoot | bool | true |
|
| redis.metrics.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| redis.serviceAccount.automountServiceAccountToken | bool | false |
|
| redis.securityContext.runAsUser | int | 1001 |
|
| redis.securityContext.fsGroup | int | 1001 |
|
| redis.securityContext.runAsNonRoot | bool | true |
|
| redis.image.registry | string | "registry1.dso.mil/ironbank/bitnami" |
|
| redis.image.repository | string | "redis" |
|
| redis.image.tag | string | "7.4.2" |
|
| redis.image.pullSecrets | list | [] |
|
| redis.master.resources.limits.cpu | string | "250m" |
|
| redis.master.resources.limits.memory | string | "256Mi" |
|
| redis.master.resources.requests.cpu | string | "250m" |
|
| redis.master.resources.requests.memory | string | "256Mi" |
|
| redis.master.containerSecurityContext.enabled | bool | true |
|
| redis.master.containerSecurityContext.runAsUser | int | 1001 |
|
| redis.master.containerSecurityContext.runAsGroup | int | 1001 |
|
| redis.master.containerSecurityContext.runAsNonRoot | bool | true |
|
| redis.master.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| redis.slave.resources.limits.cpu | string | "250m" |
|
| redis.slave.resources.limits.memory | string | "256Mi" |
|
| redis.slave.resources.requests.cpu | string | "250m" |
|
| redis.slave.resources.requests.memory | string | "256Mi" |
|
| redis.slave.containerSecurityContext.enabled | bool | true |
|
| redis.slave.containerSecurityContext.runAsUser | int | 1001 |
|
| redis.slave.containerSecurityContext.runAsGroup | int | 1001 |
|
| redis.slave.containerSecurityContext.runAsNonRoot | bool | true |
|
| redis.slave.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| redis.sentinel.resources.limits.cpu | string | "250m" |
|
| redis.sentinel.resources.limits.memory | string | "256Mi" |
|
| redis.sentinel.resources.requests.cpu | string | "250m" |
|
| redis.sentinel.resources.requests.memory | string | "256Mi" |
|
| redis.volumePermissions.resources.limits.cpu | string | "250m" |
|
| redis.volumePermissions.resources.limits.memory | string | "256Mi" |
|
| redis.volumePermissions.resources.requests.cpu | string | "250m" |
|
| redis.volumePermissions.resources.requests.memory | string | "256Mi" |
|
| redis.sysctlImage.resources.limits.cpu | string | "250m" |
|
| redis.sysctlImage.resources.limits.memory | string | "256Mi" |
|
| redis.sysctlImage.resources.requests.cpu | string | "250m" |
|
| redis.sysctlImage.resources.requests.memory | string | "256Mi" |
|
| postgresql.install | bool | true |
|
| postgresql.postgresqlDatabase | string | "gitlabhq_production" |
|
| postgresql.resources.limits.cpu | string | "500m" |
|
| postgresql.resources.limits.memory | string | "500Mi" |
|
| postgresql.resources.requests.cpu | string | "500m" |
|
| postgresql.resources.requests.memory | string | "500Mi" |
|
| postgresql.image.registry | string | "registry1.dso.mil" |
|
| postgresql.image.repository | string | "ironbank/opensource/postgres/postgresql" |
|
| postgresql.image.tag | string | "14.15" |
|
| postgresql.image.pullSecrets[0] | string | "private-registry" |
|
| postgresql.auth.username | string | "gitlab" |
|
| postgresql.auth.password | string | "bogus-satisfy-upgrade" |
|
| postgresql.auth.postgresPassword | string | "bogus-satisfy-upgrade" |
|
| postgresql.auth.usePasswordFiles | bool | false |
|
| postgresql.auth.existingSecret | string | "{{ include \"gitlab.psql.password.secret\" . }}" |
|
| postgresql.auth.secretKeys.adminPasswordKey | string | "postgresql-postgres-password" |
|
| postgresql.auth.secretKeys.userPasswordKey | string | "{{ include \"gitlab.psql.password.key\" $ }}" |
|
| postgresql.primary.persistence.mountPath | string | "/var/lib/postgresql" |
|
| postgresql.primary.initdb.scriptsConfigMap | string | "{{ include \"gitlab.psql.initdbscripts\" $}}" |
|
| postgresql.primary.initdb.user | string | "gitlab" |
|
| postgresql.primary.containerSecurityContext.enabled | bool | true |
|
| postgresql.primary.containerSecurityContext.runAsUser | int | 1001 |
|
| postgresql.primary.containerSecurityContext.runAsGroup | int | 1001 |
|
| postgresql.primary.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| postgresql.master.extraVolumeMounts[0].name | string | "custom-init-scripts" |
|
| postgresql.master.extraVolumeMounts[0].mountPath | string | "/docker-entrypoint-preinitdb.d/init_revision.sh" |
|
| postgresql.master.extraVolumeMounts[0].subPath | string | "init_revision.sh" |
|
| postgresql.master.podAnnotations."postgresql.gitlab/init-revision" | string | "1" |
|
| postgresql.metrics.enabled | bool | false |
|
| postgresql.metrics.service.annotations."prometheus.io/scrape" | string | "true" |
|
| postgresql.metrics.service.annotations."prometheus.io/port" | string | "9187" |
|
| postgresql.metrics.service.annotations."gitlab.com/prometheus_scrape" | string | "true" |
|
| postgresql.metrics.service.annotations."gitlab.com/prometheus_port" | string | "9187" |
|
| postgresql.postgresqlInitdbArgs | string | "-A scram-sha-256" |
|
| postgresql.securityContext.enabled | bool | true |
|
| postgresql.securityContext.fsGroup | int | 26 |
|
| postgresql.securityContext.runAsUser | int | 26 |
|
| postgresql.securityContext.runAsGroup | int | 26 |
|
| postgresql.postgresqlDataDir | string | "/var/lib/postgresql/pgdata/data" |
|
| postgresql.volumePermissions.enabled | bool | false |
|
| registry.enabled | bool | true |
|
| registry.init.resources.limits.cpu | string | "200m" |
|
| registry.init.resources.limits.memory | string | "200Mi" |
|
| registry.init.resources.requests.cpu | string | "200m" |
|
| registry.init.resources.requests.memory | string | "200Mi" |
|
| registry.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| registry.resources.limits.cpu | string | "200m" |
|
| registry.resources.limits.memory | string | "1024Mi" |
|
| registry.resources.requests.cpu | string | "200m" |
|
| registry.resources.requests.memory | string | "1024Mi" |
|
| registry.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry" |
|
| registry.image.tag | string | "17.8.1" |
|
| registry.image.pullSecrets[0].name | string | "private-registry" |
|
| registry.ingress.enabled | bool | false |
|
| registry.metrics.enabled | bool | true |
|
| registry.metrics.path | string | "/metrics" |
|
| registry.metrics.serviceMonitor.enabled | bool | true |
|
| registry.securityContext.runAsUser | int | 1000 |
|
| registry.securityContext.runAsGroup | int | 1000 |
|
| registry.securityContext.fsGroup | int | 1000 |
|
| registry.containerSecurityContext.runAsUser | int | 1000 |
|
| registry.containerSecurityContext.runAsGroup | int | 1000 |
|
| registry.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| shared-secrets.enabled | bool | true |
|
| shared-secrets.rbac.create | bool | true |
|
| shared-secrets.selfsign.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign" |
|
| shared-secrets.selfsign.image.tag | string | "1.6.1" |
|
| shared-secrets.selfsign.keyAlgorithm | string | "rsa" |
|
| shared-secrets.selfsign.keySize | string | "4096" |
|
| shared-secrets.selfsign.expiry | string | "3650d" |
|
| shared-secrets.selfsign.caSubject | string | "GitLab Helm Chart" |
|
| shared-secrets.env | string | "production" |
|
| shared-secrets.serviceAccount.enabled | bool | true |
|
| shared-secrets.serviceAccount.create | bool | true |
|
| shared-secrets.serviceAccount.name | string | nil |
|
| shared-secrets.serviceAccount.automountServiceAccountToken | bool | false |
|
| shared-secrets.resources.requests.cpu | string | "300m" |
|
| shared-secrets.resources.requests.memory | string | "200Mi" |
|
| shared-secrets.resources.limits.cpu | string | "300m" |
|
| shared-secrets.resources.limits.memory | string | "200Mi" |
|
| shared-secrets.securityContext.runAsUser | int | 65534 |
|
| shared-secrets.securityContext.runAsGroup | int | 65534 |
|
| shared-secrets.securityContext.fsGroup | int | 65534 |
|
| shared-secrets.securityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| shared-secrets.containerSecurityContext.allowPrivilegeEscalation | bool | false |
|
| shared-secrets.containerSecurityContext.runAsNonRoot | bool | true |
|
| shared-secrets.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| shared-secrets.tolerations | list | [] |
|
| shared-secrets.podLabels | object | {} |
|
| shared-secrets.annotations."sidecar.istio.io/inject" | string | "true" |
|
| gitlab-runner.install | bool | false |
|
| gitlab-runner.rbac.create | bool | true |
|
| gitlab-runner.runners.locked | bool | false |
|
| gitlab-runner.runners.secret | string | "nonempty" |
|
| gitlab-runner.runners.config | string | "[[runners]]\n [runners.kubernetes]\n image = \"ubuntu:22.04\"\n {{- if .Values.global.minio.enabled }}\n [runners.cache]\n Type = \"s3\"\n Path = \"gitlab-runner\"\n Shared = true\n [runners.cache.s3]\n ServerAddress = {{ include \"gitlab-runner.cache-tpl.s3ServerAddress\" . }}\n BucketName = \"runner-cache\"\n BucketLocation = \"us-east-1\"\n Insecure = false\n {{ end }}\n" |
|
| gitlab-runner.podAnnotations."gitlab.com/prometheus_scrape" | string | "true" |
|
| gitlab-runner.podAnnotations."gitlab.com/prometheus_port" | int | 9252 |
|
| gitlab-runner.podSecurityContext.seccompProfile.type | string | "RuntimeDefault" |
|
| gitlab-runner.securityContext.capabilities.drop[0] | string | "ALL" |
|
| traefik.install | bool | false |
|
| traefik.ports.gitlab-shell.expose | bool | true |
|
| traefik.ports.gitlab-shell.port | int | 2222 |
|
| traefik.ports.gitlab-shell.exposedPort | int | 22 |
|
| gitlab.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.certificates.init.securityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.certificates.init.securityContext.runAsUser | int | 65534 |
|
| gitlab.certificates.init.securityContext.runAsNonRoot | bool | true |
|
| gitlab.toolbox.replicas | int | 1 |
|
| gitlab.toolbox.antiAffinityLabels.matchLabels.app | string | "gitaly" |
|
| gitlab.toolbox.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox" |
|
| gitlab.toolbox.image.tag | string | "17.8.1" |
|
| gitlab.toolbox.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.toolbox.init.resources.requests.cpu | string | "200m" |
|
| gitlab.toolbox.init.resources.requests.memory | string | "200Mi" |
|
| gitlab.toolbox.init.resources.limits.cpu | string | "200m" |
|
| gitlab.toolbox.init.resources.limits.memory | string | "200Mi" |
|
| gitlab.toolbox.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.toolbox.resources.requests.cpu | int | 2 |
|
| gitlab.toolbox.resources.requests.memory | string | "3.5Gi" |
|
| gitlab.toolbox.resources.limits.cpu | int | 2 |
|
| gitlab.toolbox.resources.limits.memory | string | "3.5Gi" |
|
| gitlab.toolbox.annotations."sidecar.istio.io/proxyMemory" | string | "512Mi" |
|
| gitlab.toolbox.annotations."sidecar.istio.io/proxyMemoryLimit" | string | "512Mi" |
|
| gitlab.toolbox.backups.cron.resources.requests.cpu | string | "500m" |
|
| gitlab.toolbox.backups.cron.resources.requests.memory | string | "768Mi" |
|
| gitlab.toolbox.backups.cron.resources.limits.cpu | string | "500m" |
|
| gitlab.toolbox.backups.cron.resources.limits.memory | string | "768Mi" |
|
| gitlab.toolbox.backups.cron.istioShutdown | string | "&& echo \"Backup Complete\" && until curl -fsI http://localhost:15021/healthz/ready; do echo \"Waiting for Istio sidecar proxy...\"; sleep 3; done && sleep 5 && echo \"Stopping the istio proxy...\" && curl -X POST http://localhost:15020/quitquitquit" |
|
| gitlab.toolbox.securityContext.runAsUser | int | 1000 |
|
| gitlab.toolbox.securityContext.runAsGroup | int | 1000 |
|
| gitlab.toolbox.securityContext.fsGroup | int | 1000 |
|
| gitlab.toolbox.containerSecurityContext.runAsUser | int | 1000 |
|
| gitlab.toolbox.containerSecurityContext.runAsGroup | int | 1000 |
|
| gitlab.toolbox.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.toolbox.customScripts | string | nil |
|
| gitlab.gitlab-exporter.enabled | bool | false |
|
| gitlab.gitlab-exporter.init.resources.limits.cpu | string | "200m" |
|
| gitlab.gitlab-exporter.init.resources.limits.memory | string | "200Mi" |
|
| gitlab.gitlab-exporter.init.resources.requests.cpu | string | "200m" |
|
| gitlab.gitlab-exporter.init.resources.requests.memory | string | "200Mi" |
|
| gitlab.gitlab-exporter.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.gitlab-exporter.resources.limits.cpu | string | "150m" |
|
| gitlab.gitlab-exporter.resources.limits.memory | string | "200Mi" |
|
| gitlab.gitlab-exporter.resources.requests.cpu | string | "150m" |
|
| gitlab.gitlab-exporter.resources.requests.memory | string | "200Mi" |
|
| gitlab.gitlab-exporter.capabilities.drop[0] | string | "ALL" |
|
| gitlab.gitlab-exporter.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter" |
|
| gitlab.gitlab-exporter.image.tag | string | "17.8.1" |
|
| gitlab.gitlab-exporter.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.gitlab-exporter.metrics.enabled | bool | true |
|
| gitlab.gitlab-exporter.metrics.port | int | 9168 |
|
| gitlab.gitlab-exporter.metrics.serviceMonitor.enabled | bool | true |
|
| gitlab.gitlab-exporter.securityContext.runAsUser | int | 1000 |
|
| gitlab.gitlab-exporter.securityContext.runAsGroup | int | 1000 |
|
| gitlab.gitlab-exporter.securityContext.fsGroup | int | 1000 |
|
| gitlab.gitlab-exporter.containerSecurityContext.runAsUser | int | 1000 |
|
| gitlab.gitlab-exporter.containerSecurityContext.runAsGroup | int | 1000 |
|
| gitlab.gitlab-exporter.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.migrations.annotations."sidecar.istio.io/inject" | string | "true" |
|
| gitlab.migrations.init.resources.limits.cpu | string | "500m" |
|
| gitlab.migrations.init.resources.limits.memory | string | "768Mi" |
|
| gitlab.migrations.init.resources.requests.cpu | string | "500m" |
|
| gitlab.migrations.init.resources.requests.memory | string | "768Mi" |
|
| gitlab.migrations.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.migrations.resources.limits.cpu | string | "500m" |
|
| gitlab.migrations.resources.limits.memory | string | "1.5G" |
|
| gitlab.migrations.resources.requests.cpu | string | "500m" |
|
| gitlab.migrations.resources.requests.memory | string | "1.5G" |
|
| gitlab.migrations.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox" |
|
| gitlab.migrations.image.tag | string | "17.8.1" |
|
| gitlab.migrations.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.migrations.securityContext.runAsUser | int | 1000 |
|
| gitlab.migrations.securityContext.runAsGroup | int | 1000 |
|
| gitlab.migrations.securityContext.fsGroup | int | 1000 |
|
| gitlab.migrations.containerSecurityContext.runAsUser | int | 1000 |
|
| gitlab.migrations.containerSecurityContext.runAsGroup | int | 1000 |
|
| gitlab.migrations.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.webservice.init.resources.limits.cpu | string | "200m" |
|
| gitlab.webservice.init.resources.limits.memory | string | "200Mi" |
|
| gitlab.webservice.init.resources.requests.cpu | string | "200m" |
|
| gitlab.webservice.init.resources.requests.memory | string | "200Mi" |
|
| gitlab.webservice.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.webservice.securityContext.runAsUser | int | 1000 |
|
| gitlab.webservice.securityContext.runAsGroup | int | 1000 |
|
| gitlab.webservice.securityContext.fsGroup | int | 1000 |
|
| gitlab.webservice.containerSecurityContext.runAsUser | int | 1000 |
|
| gitlab.webservice.containerSecurityContext.runAsGroup | int | 1000 |
|
| gitlab.webservice.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.webservice.resources.limits.cpu | string | "1000m" |
|
| gitlab.webservice.resources.limits.memory | string | "2.5G" |
|
| gitlab.webservice.resources.requests.cpu | string | "300m" |
|
| gitlab.webservice.resources.requests.memory | string | "2.5G" |
|
| gitlab.webservice.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice" |
|
| gitlab.webservice.image.tag | string | "17.8.1" |
|
| gitlab.webservice.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.webservice.workhorse.resources.limits.cpu | string | "600m" |
|
| gitlab.webservice.workhorse.resources.limits.memory | string | "2.5G" |
|
| gitlab.webservice.workhorse.resources.requests.cpu | string | "600m" |
|
| gitlab.webservice.workhorse.resources.requests.memory | string | "2.5G" |
|
| gitlab.webservice.workhorse.image | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse" |
|
| gitlab.webservice.workhorse.tag | string | "17.8.1" |
|
| gitlab.webservice.workhorse.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.webservice.workhorse.metrics.enabled | bool | true |
|
| gitlab.webservice.workhorse.metrics.serviceMonitor.enabled | bool | true |
|
| gitlab.webservice.workhorse.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.webservice.ingress.enabled | bool | false |
|
| gitlab.webservice.metrics.enabled | bool | true |
|
| gitlab.webservice.metrics.port | int | 8083 |
|
| gitlab.webservice.metrics.serviceMonitor.enabled | bool | true |
|
| gitlab.webservice.helmTests.enabled | bool | false |
|
| gitlab.sidekiq.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq" |
|
| gitlab.sidekiq.image.tag | string | "17.8.1" |
|
| gitlab.sidekiq.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.sidekiq.init.resources.limits.cpu | string | "200m" |
|
| gitlab.sidekiq.init.resources.limits.memory | string | "200Mi" |
|
| gitlab.sidekiq.init.resources.requests.cpu | string | "200m" |
|
| gitlab.sidekiq.init.resources.requests.memory | string | "200Mi" |
|
| gitlab.sidekiq.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.sidekiq.resources.requests.memory | string | "3G" |
|
| gitlab.sidekiq.resources.requests.cpu | string | "1500m" |
|
| gitlab.sidekiq.resources.limits.memory | string | "3G" |
|
| gitlab.sidekiq.resources.limits.cpu | string | "1500m" |
|
| gitlab.sidekiq.securityContext.runAsUser | int | 1000 |
|
| gitlab.sidekiq.securityContext.runAsGroup | int | 1000 |
|
| gitlab.sidekiq.securityContext.fsGroup | int | 1000 |
|
| gitlab.sidekiq.containerSecurityContext.runAsUser | int | 1000 |
|
| gitlab.sidekiq.containerSecurityContext.runAsGroup | int | 1000 |
|
| gitlab.sidekiq.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.gitaly.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitaly" |
|
| gitlab.gitaly.image.tag | string | "17.8.1" |
|
| gitlab.gitaly.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.gitaly.init.resources.limits.cpu | string | "200m" |
|
| gitlab.gitaly.init.resources.limits.memory | string | "200Mi" |
|
| gitlab.gitaly.init.resources.requests.cpu | string | "200m" |
|
| gitlab.gitaly.init.resources.requests.memory | string | "200Mi" |
|
| gitlab.gitaly.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.gitaly.resources.requests.cpu | string | "400m" |
|
| gitlab.gitaly.resources.requests.memory | string | "600Mi" |
|
| gitlab.gitaly.resources.limits.cpu | string | "400m" |
|
| gitlab.gitaly.resources.limits.memory | string | "600Mi" |
|
| gitlab.gitaly.metrics.enabled | bool | true |
|
| gitlab.gitaly.metrics.serviceMonitor.enabled | bool | true |
|
| gitlab.gitaly.securityContext.runAsUser | int | 1000 |
|
| gitlab.gitaly.securityContext.runAsGroup | int | 1000 |
|
| gitlab.gitaly.securityContext.fsGroup | int | 1000 |
|
| gitlab.gitaly.containerSecurityContext.runAsUser | int | 1000 |
|
| gitlab.gitaly.containerSecurityContext.runAsGroup | int | 1000 |
|
| gitlab.gitaly.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.gitlab-shell.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell" |
|
| gitlab.gitlab-shell.image.tag | string | "17.8.1" |
|
| gitlab.gitlab-shell.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.gitlab-shell.init.resources.limits.cpu | string | "200m" |
|
| gitlab.gitlab-shell.init.resources.limits.memory | string | "200Mi" |
|
| gitlab.gitlab-shell.init.resources.requests.cpu | string | "200m" |
|
| gitlab.gitlab-shell.init.resources.requests.memory | string | "200Mi" |
|
| gitlab.gitlab-shell.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.gitlab-shell.resources.limits.cpu | string | "300m" |
|
| gitlab.gitlab-shell.resources.limits.memory | string | "300Mi" |
|
| gitlab.gitlab-shell.resources.requests.cpu | string | "300m" |
|
| gitlab.gitlab-shell.resources.requests.memory | string | "300Mi" |
|
| gitlab.gitlab-shell.securityContext.runAsUser | int | 1000 |
|
| gitlab.gitlab-shell.securityContext.runAsGroup | int | 1000 |
|
| gitlab.gitlab-shell.securityContext.fsGroup | int | 1000 |
|
| gitlab.gitlab-shell.containerSecurityContext.runAsUser | int | 1000 |
|
| gitlab.gitlab-shell.containerSecurityContext.runAsGroup | int | 1000 |
|
| gitlab.gitlab-shell.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.mailroom.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom" |
|
| gitlab.mailroom.image.tag | string | "17.8.1" |
|
| gitlab.mailroom.image.pullSecrets[0].name | string | "private-registry" |
|
| gitlab.mailroom.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.gitlab-pages.service.customDomains.type | string | "ClusterIP" |
|
| gitlab.gitlab-pages.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages" |
|
| gitlab.gitlab-pages.image.tag | string | "17.8.1" |
|
| gitlab.gitlab-pages.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.praefect.image.repository | string | "registry1.dso.mil/ironbank/gitlab/gitlab/gitaly" |
|
| gitlab.praefect.image.tag | string | "17.8.1" |
|
| gitlab.praefect.init.resources.limits.cpu | string | "200m" |
|
| gitlab.praefect.init.resources.limits.memory | string | "200Mi" |
|
| gitlab.praefect.init.resources.requests.cpu | string | "200m" |
|
| gitlab.praefect.init.resources.requests.memory | string | "200Mi" |
|
| gitlab.praefect.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab.praefect.resources.requests.cpu | int | 1 |
|
| gitlab.praefect.resources.requests.memory | string | "1Gi" |
|
| gitlab.praefect.resources.limits.cpu | int | 1 |
|
| gitlab.praefect.resources.limits.memory | string | "1Gi" |
|
| gitlab.praefect.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| gitlab-zoekt.install | bool | false |
|
| gitlab-zoekt.gateway.basicAuth.enabled | bool | false |
|
| gitlab-zoekt.gateway.basicAuth.secretName | string | "{{ include \"gitlab.zoekt.gateway.basicAuth.secretName\" $ }}" |
|
| gitlab-zoekt.indexer.internalApi.enabled | bool | true |
|
| gitlab-zoekt.indexer.internalApi.secretName | string | "{{ include \"gitlab.zoekt.indexer.internalApi.secretName\" $ }}" |
|
| gitlab-zoekt.indexer.internalApi.secretKey | string | "{{ include \"gitlab.zoekt.indexer.internalApi.secretKey\" $ }}" |
|
| gitlab-zoekt.indexer.internalApi.gitlabUrl | string | "{{ include \"gitlab.zoekt.indexer.internalApi.gitlabUrl\" $ }}" |
|
| minio.init.resources.limits.cpu | string | "200m" |
|
| minio.init.resources.limits.memory | string | "200Mi" |
|
| minio.init.resources.requests.cpu | string | "200m" |
|
| minio.init.resources.requests.memory | string | "200Mi" |
|
| minio.init.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| minio.resources.limits.cpu | string | "200m" |
|
| minio.resources.limits.memory | string | "300Mi" |
|
| minio.resources.requests.cpu | string | "200m" |
|
| minio.resources.requests.memory | string | "300Mi" |
|
| minio.securityContext.runAsUser | int | 1000 |
|
| minio.securityContext.runAsGroup | int | 1000 |
|
| minio.securityContext.fsGroup | int | 1000 |
|
| minio.containerSecurityContext.runAsUser | int | 1000 |
|
| minio.containerSecurityContext.runAsGroup | int | 1000 |
|
| minio.containerSecurityContext.runAsNonRoot | bool | true |
|
| minio.containerSecurityContext.capabilities.drop[0] | string | "ALL" |
|
| minio.jobAnnotations."sidecar.istio.io/inject" | string | "true" |
|
| minio.image | string | "registry1.dso.mil/ironbank/opensource/minio/minio" |
|
| minio.imageTag | string | "RELEASE.2024-06-04T19-20-08Z" |
|
| minio.pullSecrets[0].name | string | "private-registry" |
|
| minio.minioMc.image | string | "registry1.dso.mil/ironbank/opensource/minio/mc" |
|
| minio.minioMc.tag | string | "RELEASE.2024-10-02T08-27-28Z" |
|
| minio.minioMc.pullSecrets[0].name | string | "private-registry" |
|
| domain | string | "dev.bigbang.mil" |
|
| sso.enabled | bool | false |
|
| sso.host | string | "login.dso.mil" |
|
| istio.enabled | bool | false |
|
| istio.injection | string | "disabled" |
|
| istio.hardened.enabled | bool | false |
|
| istio.hardened.outboundTrafficPolicyMode | string | "REGISTRY_ONLY" |
|
| istio.hardened.customServiceEntries | list | [] |
|
| istio.hardened.customAuthorizationPolicies | list | [] |
|
| istio.hardened.gitlabRunner.enabled | bool | true |
|
| istio.hardened.gitlabRunner.namespaces[0] | string | "gitlab-runner" |
|
| istio.hardened.monitoring.enabled | bool | true |
|
| istio.hardened.monitoring.namespaces[0] | string | "monitoring" |
|
| istio.hardened.monitoring.principals[0] | string | "cluster.local/ns/monitoring/sa/monitoring-grafana" |
|
| istio.hardened.monitoring.principals[1] | string | "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager" |
|
| istio.hardened.monitoring.principals[2] | string | "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator" |
|
| istio.hardened.monitoring.principals[3] | string | "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus" |
|
| istio.hardened.monitoring.principals[4] | string | "cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics" |
|
| istio.hardened.monitoring.principals[5] | string | "cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter" |
|
| istio.gitlab.enabled | bool | true |
|
| istio.gitlab.annotations | object | {} |
|
| istio.gitlab.labels | object | {} |
|
| istio.gitlab.gateways[0] | string | "istio-system/main" |
|
| istio.gitlab.hosts | string | nil |
|
| istio.gitlab.selectorLabels.app | string | "webservice" |
|
| istio.registry.enabled | bool | true |
|
| istio.registry.annotations | object | {} |
|
| istio.registry.labels | object | {} |
|
| istio.registry.gateways[0] | string | "istio-system/main" |
|
| istio.registry.hosts | string | nil |
|
| istio.registry.selectorLabels.app | string | "registry" |
|
| istio.pages.enabled | bool | false |
|
| istio.pages.annotations | object | {} |
|
| istio.pages.ingressLabels.app | string | "pages-ingressgateway" |
|
| istio.pages.ingressLabels.istio | string | "ingressgateway" |
|
| istio.pages.labels | object | {} |
|
| istio.pages.gateways[0] | string | "istio-system/pages" |
|
| istio.pages.customDomains.enabled | bool | true |
|
| istio.pages.hosts[0] | string | "*.pages.dev.bigbang.mil" |
|
| istio.mtls | object | {"mode":"STRICT"} |
Default peer authentication |
| istio.mtls.mode | string | "STRICT" |
STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic |
| monitoring.enabled | bool | false |
|
| networkPolicies.enabled | bool | false |
|
| networkPolicies.ingressLabels.app | string | "istio-ingressgateway" |
|
| networkPolicies.ingressLabels.istio | string | "ingressgateway" |
|
| networkPolicies.controlPlaneCidr | string | "0.0.0.0/0" |
|
| networkPolicies.egressPort | string | nil |
|
| networkPolicies.gitalyEgress.enabled | bool | false |
|
| networkPolicies.additionalPolicies | list | [] |
|
| openshift | bool | false |
|
| use_iam_profile | bool | false |
|
| bbtests.enabled | bool | false |
|
| bbtests.cypress.resources.requests.cpu | int | 1 |
|
| bbtests.cypress.resources.requests.memory | string | "2Gi" |
|
| bbtests.cypress.resources.limits.cpu | int | 1 |
|
| bbtests.cypress.resources.limits.memory | string | "2Gi" |
|
| bbtests.cypress.artifacts | bool | true |
|
| bbtests.cypress.envs.cypress_url | string | "http://gitlab-webservice-default:8181" |
|
| bbtests.cypress.envs.cypress_gitlab_first_name | string | "test" |
|
| bbtests.cypress.envs.cypress_gitlab_last_name | string | "user" |
|
| bbtests.cypress.envs.cypress_gitlab_username | string | "testuser" |
|
| bbtests.cypress.envs.cypress_gitlab_password | string | "Password123h56a78" |
|
| bbtests.cypress.envs.cypress_gitlab_email | string | "[email protected]" |
|
| bbtests.cypress.envs.cypress_gitlab_project | string | "my-awesome-project" |
|
| bbtests.cypress.envs.cypress_keycloak_username | string | "cypress" |
|
| bbtests.cypress.envs.cypress_keycloak_password | string | "tnr_w!G33ZyAt@C8" |
|
| bbtests.cypress.secretEnvs[0].name | string | "cypress_adminpassword" |
|
| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name | string | "gitlab-gitlab-initial-root-password" |
|
| bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key | string | "password" |
|
| bbtests.scripts.image | string | "registry1.dso.mil/bigbang-ci/devops-tester:1.1.2" |
|
| bbtests.scripts.additionalVolumes[0].name | string | "docker-config" |
|
| bbtests.scripts.additionalVolumes[0].secret.secretName | string | "private-registry" |
|
| bbtests.scripts.additionalVolumes[0].secret.items[0].key | string | ".dockerconfigjson" |
|
| bbtests.scripts.additionalVolumes[0].secret.items[0].path | string | "auth.json" |
|
| bbtests.scripts.additionalVolumeMounts[0].name | string | "docker-config" |
|
| bbtests.scripts.additionalVolumeMounts[0].mountPath | string | "/.docker/" |
|
| bbtests.scripts.envs.GITLAB_USER | string | "root" |
|
| bbtests.scripts.envs.GITLAB_EMAIL | string | "[email protected]" |
|
| bbtests.scripts.envs.GITLAB_HOST | string | "gitlab-webservice-default.gitlab.svc.cluster.local:8181" |
|
| bbtests.scripts.envs.GITLAB_PROJECT | string | "bigbang-test-project-2" |
|
| bbtests.scripts.envs.GITLAB_REGISTRY | string | "gitlab-registry-test-svc.gitlab.svc.cluster.local:80" |
|
| bbtests.scripts.envs.GITLAB_REPOSITORY | string | "http://gitlab-webservice-default.gitlab.svc.cluster.local:8181" |
Please see the contributing guide if you are interested in contributing.
This file is programatically generated using helm-docs and some BigBang-specific templates. The gluon repository has instructions for regenerating package READMEs.