gitlab-ci-pipelines-exporter

Prometheus / OpenMetrics exporter for GitLab CI pipelines insights

Upstream References

• https://github.com/mvisonneau/gitlab-ci-pipelines-exporter
• https://github.com/mvisonneau/helm-charts/tree/main/charts/gitlab-ci-pipelines-exporter

Upstream Release Notes

The upstream chart's release notes may help when reviewing this package.

Learn More

• Application Overview
• Other Documentation

Pre-Requisites

• Kubernetes Cluster deployed
• Kubernetes config installed in ~/.kube/config
• Helm installed

Install Helm

https://helm.sh/docs/intro/install/

Deployment

• Clone down the repository
• cd into directory

helm install gitlab-ci-pipelines-exporter chart/

Values

Key	Type	Default	Description
replicas	int	1	amount of desired pod(s) replica(s)
image.repository	string	"registry1.dso.mil/ironbank/opensource/gitlab-ci-pipelines-exporter"	image repository
image.tag	string	"v0.5.10"	image tag tag: <default to chart version>
image.pullPolicy	string	"IfNotPresent"	image pullPolicy
image.pullSecrets	list	[]	Optional array of imagePullSecrets containing private registry credentials Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
image.pullCredentials	object	{}	Automatically create a secret with the credentials and use it Cannot be used in conjunction of image.pullSecrets
customLabels	object	{}	Custom labels to add into metadata
labels	object	{}	additional labels for the service
annotations	object	{}	additional annotations for the service
podLabels	object	{}	additional labels for the pods
podAnnotations	object	{}	additional annotations for the pods
service.type	string	"ClusterIP"
service.port	int	80
service.labels	object	{}
service.annotations	object	{}
resources	object	{}	resources to allocate to the pods
strategy	object	{"type":"RollingUpdate"}	deployment strategy type
livenessProbe.httpGet.path	string	"/health/live"
livenessProbe.httpGet.port	int	8080
readinessProbe.httpGet.path	string	"/health/ready"
readinessProbe.httpGet.port	int	8080
readinessProbe.initialDelaySeconds	int	5
readinessProbe.timeoutSeconds	int	5
readinessProbe.failureThreshold	int	3
readinessProbe.periodSeconds	int	30
nodeSelector	object	{}	node selector for pod assignment # ref: https://kubernetes.io/docs/user-guide/node-selection/
tolerations	list	[]	tolerations for pod assignment # ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
affinity	object	{}	affinity for pod assignment # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
securityContext	object	{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"enabled":true,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}	security context to apply to the pods # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context BIG BANG ADDITIONS
containerSecurityContext	object	{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"enabled":true,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}	security context to apply to the containers # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context
command	list	["gitlab-ci-pipelines-exporter","run"]	command for the exporter binary
args	list	["--config","/etc/config.yml"]	arguments for the exporter binary
envVariables	list	[{"name":"GCPE_INTERNAL_MONITORING_LISTENER_ADDRESS","value":"tcp://127.0.0.1:8082"}]	environment variables for the container
config	object	{"gitlab":{"enable_health_check":false,"health_url":"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181","url":"http://gitlab-webservice-default.gitlab.svc.cluster.local:8181"},"project_defaults":{"pull":{"refs":{"merge_requests":{"enabled":true,"max_age_seconds":28800},"tags":{"most_recent":1}}}},"projects":null}	configuration of the exporter
gitlabSecret	string	""	name of a Secret containing the GitLab token in the gitlabToken field (required unless config.gitlab.token is specified)
webhookSecret	string	""	name of a Secret containing the webhook token in the webhookToken field (required unless config.server.webhook.secret_token is specified)
hostAliases	list	[]
serviceMonitor.enabled	bool	false	deploy a serviceMonitor resource
serviceMonitor.endpoints	list	[{"interval":"10s","port":"http","scheme":"https","tlsConfig":{"caFile":"/etc/prom-certs/root-cert.pem","certFile":"/etc/prom-certs/cert-chain.pem","insecureSkipVerify":true,"keyFile":"/etc/prom-certs/key.pem"}}]	endpoints configuration for the monitor
serviceMonitor.labels	object	{}	additional labels for the service monitor
serviceMonitor.annotations	object	{}	additional annotations for the service monitor BIG BANG ADDITIONS SCHEME AND TLSCONFIG
redis.enabled	bool	false	deploy a redis statefulset
redis.architecture	string	"standalone"	run in standalone or clustermode
redis.auth.enabled	bool	false	enable authentication
redis.metrics.enabled	bool	false	enable /metrics endpoint of the redis pods
redis.metrics.serviceMonitor.enabled	bool	false	deploy a serviceMonitor resource for the redis pods
redis.master.persistence.enabled	bool	false	persist data
ingress.enabled	bool	false	deploy a ingress to access the exporter pod(s) /webhook endpoint
ingress.ingressClassName	object	{}	ingressClassName to be used instead of the deprecated annotation kubernetes.io/ingress.class
ingress.annotations	string	nil	additional annotations for the ingress resource
ingress.path	string	"/webhook"	path on the exporter to point the root of the ingress
ingress.pathType	string	"Prefix"	pathType for the ingress
ingress.service.port.name	string	"http"	service port for the ingress
ingress.hosts	list	["gcpe.example.com"]	ingress hosts
ingress.tls	list	[{"hosts":["gcpe.example.com"],"secretName":{}}]	ingress tls hosts config
rbac	object	{"clusterRole":"","enabled":false,"serviceAccount":{"name":""}}	If your kubernetes cluster defined the pod security policy, then you need to enable this part, and define clusterRole based on your situation.
domain	string	"dev.bigbang.mil"
redis-bb.upstream.auth.enabled	bool	false
redis-bb.upstream.global.imagePullSecrets[0]	string	"private-registry"
redis-bb.upstream.install	bool	true
redis-bb.upstream.architecture	string	"standalone"
redis-bb.upstream.cluster.enabled	bool	false
redis-bb.upstream.metrics.enabled	bool	true
redis-bb.upstream.metrics.image.registry	string	"registry1.dso.mil"
redis-bb.upstream.metrics.image.repository	string	"ironbank/bitnami/analytics/redis-exporter"
redis-bb.upstream.metrics.image.tag	string	"v1.76.0"
redis-bb.upstream.metrics.image.pullSecrets	list	[]
redis-bb.upstream.metrics.resources.limits.cpu	string	"250m"
redis-bb.upstream.metrics.resources.limits.memory	string	"256Mi"
redis-bb.upstream.metrics.resources.requests.cpu	string	"250m"
redis-bb.upstream.metrics.resources.requests.memory	string	"256Mi"
redis-bb.upstream.metrics.containerSecurityContext.enabled	bool	true
redis-bb.upstream.metrics.containerSecurityContext.runAsUser	int	1001
redis-bb.upstream.metrics.containerSecurityContext.runAsGroup	int	1001
redis-bb.upstream.metrics.containerSecurityContext.runAsNonRoot	bool	true
redis-bb.upstream.metrics.containerSecurityContext.capabilities.drop[0]	string	"ALL"
redis-bb.upstream.serviceAccount.automountServiceAccountToken	bool	false
redis-bb.upstream.securityContext.runAsUser	int	1001
redis-bb.upstream.securityContext.fsGroup	int	1001
redis-bb.upstream.securityContext.runAsNonRoot	bool	true
redis-bb.upstream.image.registry	string	"registry1.dso.mil"
redis-bb.upstream.image.repository	string	"ironbank/bitnami/redis"
redis-bb.upstream.image.tag	string	"8.2.0"
redis-bb.upstream.image.pullSecrets	list	[]
redis-bb.upstream.master.resources.limits.cpu	string	"250m"
redis-bb.upstream.master.resources.limits.memory	string	"256Mi"
redis-bb.upstream.master.resources.requests.cpu	string	"250m"
redis-bb.upstream.master.resources.requests.memory	string	"256Mi"
redis-bb.upstream.master.containerSecurityContext.enabled	bool	true
redis-bb.upstream.master.containerSecurityContext.runAsUser	int	1001
redis-bb.upstream.master.containerSecurityContext.runAsGroup	int	1001
redis-bb.upstream.master.containerSecurityContext.runAsNonRoot	bool	true
redis-bb.upstream.master.containerSecurityContext.capabilities.drop[0]	string	"ALL"
redis-bb.upstream.sentinel.resources.limits.cpu	string	"250m"
redis-bb.upstream.sentinel.resources.limits.memory	string	"256Mi"
redis-bb.upstream.sentinel.resources.requests.cpu	string	"250m"
redis-bb.upstream.sentinel.resources.requests.memory	string	"256Mi"
redis-bb.upstream.volumePermissions.resources.limits.cpu	string	"250m"
redis-bb.upstream.volumePermissions.resources.limits.memory	string	"256Mi"
redis-bb.upstream.volumePermissions.resources.requests.cpu	string	"250m"
redis-bb.upstream.volumePermissions.resources.requests.memory	string	"256Mi"
redis-bb.upstream.sysctlImage.resources.limits.cpu	string	"250m"
redis-bb.upstream.sysctlImage.resources.limits.memory	string	"256Mi"
redis-bb.upstream.sysctlImage.resources.requests.cpu	string	"250m"
redis-bb.upstream.sysctlImage.resources.requests.memory	string	"256Mi"
gcpeJob.enabled	bool	false
gcpeJob.image.repository	string	"registry1.dso.mil/ironbank/gitlab/gitlab/kubectl"
gcpeJob.image.tag	string	"18.3.1"
gcpeJob.image.pullSecrets[0].name	string	"private-registry"
gcpeJob.image.securityContext.runAsUser	int	65534
gcpeJob.image.securityContext.runAsGroup	int	65534
istio.enabled	bool	false
istio.hardened.enabled	bool	false
istio.hardened.customAuthorizationPolicies	list	[]
istio.hardened.gitlab.enabled	bool	true
istio.hardened.gitlab.namespaces[0]	string	"gitlab"
istio.hardened.monitoring.enabled	bool	false
istio.hardened.monitoring.namespaces[0]	string	"monitoring"
istio.hardened.monitoring.principals[0]	string	"cluster.local/ns/monitoring/sa/monitoring-grafana"
istio.hardened.monitoring.principals[1]	string	"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"
istio.hardened.monitoring.principals[2]	string	"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"
istio.hardened.monitoring.principals[3]	string	"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"
istio.hardened.monitoring.principals[4]	string	"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"
istio.hardened.monitoring.principals[5]	string	"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"
istio.hardened.outboundTrafficPolicyMode	string	"REGISTRY_ONLY"
istio.hardened.customServiceEntries	list	[]
istio.mtls.mode	string	"STRICT"	STRICT = Allow only mutual TLS traffic, PERMISSIVE = Allow both plain text and mutual TLS traffic
istio.injection	string	"disabled"
networkPolicies.enabled	bool	false
networkPolicies.ingressLabels.app	string	"istio-ingressgateway"
networkPolicies.ingressLabels.istio	string	"ingressgateway"
networkPolicies.controlPlaneCidr	string	"0.0.0.0/0"
networkPolicies.additionalPolicies	list	[]
monitoring.enabled	bool	false
monitoring.namespace	string	"monitoring"
bbtests.enabled	bool	false

Contributing

Please see the contributing guide if you are interested in contributing.

---

This file is programatically generated using helm-docs and some BigBang-specific templates. The gluon repository has instructions for regenerating package READMEs.