Using the GitLab-Exporter chart

  • Tier: Free, Premium, Ultimate
  • Offering: GitLab Self-Managed

The gitlab-exporter sub-chart provides Prometheus metrics for GitLab application-specific data. It talks to PostgreSQL directly to perform queries to retrieve data for CI builds, pull mirrors, etc. In addition, it uses the Sidekiq API, which talks to Redis to gather different metrics around the state of the Sidekiq queues (e.g. number of jobs).

Requirements

This chart depends on Redis and PostgreSQL services, either as part of the complete GitLab chart or provided as external services reachable from the Kubernetes cluster on which this chart is deployed.

Configuration

The gitlab-exporter chart is configured as follows: Global settings and Chart settings.

Installation command line options

The table below contains all the possible chart configurations that can be supplied to the helm install command using the --set flags.

ParameterDefaultDescription
affinity{}Affinity rules for pod assignment
annotationsPod annotations
common.labels{}Supplemental labels that are applied to all objects created by this chart.
podLabelsSupplemental Pod labels. Will not be used for selectors.
common.labelsSupplemental labels that are applied to all objects created by this chart.
deployment.strategy{}Allows one to configure the update strategy utilized by the deployment
enabledtrueGitLab Exporter enabled flag
extraContainersMultiline literal style string containing a list of containers to include
extraInitContainersList of extra init containers to include
extraVolumeMountsList of extra volumes mounts to do
extraVolumesList of extra volumes to create
extraEnvList of extra environment variables to expose
extraEnvFromList of extra environment variables from other data sources to expose
image.pullPolicyIfNotPresentGitLab image pull policy
image.pullSecretsSecrets for the image repository
image.repositoryregistry.gitlab.com/gitlab-org/build/cng/gitlab-exporterGitLab Exporter image repository
image.tagimage tag
init.image.repositoryinitContainer image
init.image.taginitContainer image tag
init.containerSecurityContextinitContainer specific securityContext
init.containerSecurityContext.allowPrivilegeEscalationfalseinitContainer specific: Controls whether a process can gain more privileges than its parent process
init.containerSecurityContext.runAsNonRoottrueinitContainer specific: Controls whether the container runs with a non-root user
init.containerSecurityContext.capabilities.drop[ "ALL" ]initContainer specific: Removes Linux capabilities for the container
metrics.enabledtrueIf a metrics endpoint should be made available for scraping
metrics.port9168Metrics endpoint port
metrics.path/metricsMetrics endpoint path
metrics.serviceMonitor.enabledfalseIf a ServiceMonitor should be created to enable Prometheus Operator to manage the metrics scraping, note that enabling this removes the prometheus.io scrape annotations
metrics.serviceMonitor.additionalLabels{}Additional labels to add to the ServiceMonitor
metrics.serviceMonitor.endpointConfig{}Additional endpoint configuration for the ServiceMonitor
metrics.annotationsDEPRECATED Set explicit metrics annotations. Replaced by template content.
priorityClassNamePriority class assigned to pods.
resources.requests.cpu75mGitLab Exporter minimum CPU
resources.requests.memory100MGitLab Exporter minimum memory
serviceLabels{}Supplemental service labels
service.externalPort9168GitLab Exporter exposed port
service.internalPort9168GitLab Exporter internal port
service.namegitlab-exporterGitLab Exporter service name
service.typeClusterIPGitLab Exporter service type
serviceAccount.annotations{}ServiceAccount annotations
serviceAccount.automountServiceAccountTokenfalseIndicates whether or not the default ServiceAccount access token should be mounted in pods
serviceAccount.createfalseIndicates whether or not a ServiceAccount should be created
serviceAccount.enabledfalseIndicates whether or not to use a ServiceAccount
serviceAccount.nameName of the ServiceAccount. If not set, the full chart name is used
securityContext.fsGroup1000Group ID under which the pod should be started
securityContext.runAsUser1000User ID under which the pod should be started
securityContext.fsGroupChangePolicyPolicy for changing ownership and permission of the volume (requires Kubernetes 1.23)
securityContext.seccompProfile.typeRuntimeDefaultSeccomp profile to use
containerSecurityContextOverride container securityContext under which the container is started
containerSecurityContext.runAsUser1000Allows overwriting of the specific security context user ID under which the container is started
containerSecurityContext.allowPrivilegeEscalationfalseControls whether a process of the container can gain more privileges than its parent process
containerSecurityContext.runAsNonRootfalseControls whether the container runs with a non-root user
containerSecurityContext.capabilities.drop[ "ALL" ]Removes Linux capabilities for the Gitaly container
tolerations[]Toleration labels for pod assignment
psql.portSet PostgreSQL server port. Takes precedence over global.psql.port
tls.enabledfalseGitLab Exporter TLS enabled
tls.secretName{Release.Name}-gitlab-exporter-tlsGitLab Exporter TLS secret. Must point to a Kubernetes TLS secret.

Chart configuration examples

extraEnv

extraEnv allows you to expose additional environment variables in all containers in the pods.

Below is an example use of extraEnv:

Copy to clipboard
extraEnv:
  SOME_KEY: some_value
  SOME_OTHER_KEY: some_other_value

When the container is started, you can confirm that the environment variables are exposed:

Copy to clipboard
env | grep SOME
SOME_KEY=some_value
SOME_OTHER_KEY=some_other_value

extraEnvFrom

extraEnvFrom allows you to expose additional environment variables from other data sources in all containers in the pods.

Below is an example use of extraEnvFrom:

Copy to clipboard
extraEnvFrom:
  MY_NODE_NAME:
    fieldRef:
      fieldPath: spec.nodeName
  MY_CPU_REQUEST:
    resourceFieldRef:
      containerName: test-container
      resource: requests.cpu
  SECRET_THING:
    secretKeyRef:
      name: special-secret
      key: special_token
      # optional: boolean
  CONFIG_STRING:
    configMapKeyRef:
      name: useful-config
      key: some-string
      # optional: boolean

image.pullSecrets

pullSecrets allows you to authenticate to a private registry to pull images for a pod.

Additional details about private registries and their authentication methods can be found in the Kubernetes documentation.

Below is an example use of pullSecrets:

Copy to clipboard
image:
  repository: my.image.repository
  pullPolicy: Always
  pullSecrets:
  - name: my-secret-name
  - name: my-secondary-secret-name

serviceAccount

This section controls if a ServiceAccount should be created and if the default access token should be mounted in pods.

NameTypeDefaultDescription
annotationsMap{}ServiceAccount annotations.
automountServiceAccountTokenBooleanfalseControls if the default ServiceAccount access token should be mounted in pods. You should not enable this unless it is required by certain sidecars to work properly (for example, Istio).
createBooleanfalseIndicates whether or not a ServiceAccount should be created.
enabledBooleanfalseIndicates whether or not to use a ServiceAccount.
nameStringName of the ServiceAccount. If not set, the full chart name is used.

affinity

For more information, see affinity.

annotations

annotations allows you to add annotations to the GitLab Exporter pods. For example:

Copy to clipboard
annotations:
  kubernetes.io/example-annotation: annotation-value

Global settings

We share some common global settings among our charts. See the Globals Documentation for common configuration options, such as GitLab and Registry hostnames.

Chart settings

The following values are used to configure the GitLab Exporter pod.

metrics.enabled

By default, the pod exposes a metrics endpoint at /metrics. When metrics are enabled, annotations are added to each pod allowing a Prometheus server to discover and scrape the exposed metrics.