Application topology
For information on the new architecture, as well as determining whether you are using the new or the legacy GitGuardian architecture, explore the New GitGuardian Architecture page.
GitGuardian application consists of several Kubernetes resources.
New GitGuardian architecture
Each nginx pod runs an nginx container serving the dashboard frontend and acting as a proxy for the backend, and a number of different containers serving all backend tasks.
| Kind | Deployment Name | Usage |
|---|---|---|
| Front | nginx | Dashboard Frontend and proxy for backend |
| Backend | webapp-app_exporter | Open Metrics Exporter for applicative metrics |
| Backend | webapp-hook | VCS webhooks events receiver |
| Backend | webapp-internal_api | Backend for the Dashboard |
| Backend | webapp-internal_api_long | Backend for the Dashboard (no timeout) |
| Backend | webapp-public_api | Public API and GGshield scans |
| Backend | webapp-honeytoken | Backend for honeytoken |
| Backend | ml-secret-engine | Machine Learning secret engine |
| Scheduler | beat | Celery Beat task scheduler |
| Worker | worker-email | Handles tasks related to email notifications and messaging (queues: email, notifier). |
| Worker | worker-long | Processes long-running tasks such as background validity checks and other extensive operations (queues: background_validity_check, celery_long). |
| Worker | worker-scanners | Performs historical scans for repositories, including basic, premium, and manual scans (queues: basic_repo_scan, premium_repo_scan, manual_repo_scan). |
| Worker | worker-scanners-ods | Executes non-VCS historical scans for productivity tools like Slack, Jira, Confluence, ... (queue: ods_scan). |
| Worker | worker-long-ods | Processes long-running tasks for productivity tools, such as Slack and Jira (queue: long_ods). |
| Worker | worker-long-ods-io | Focuses on IO-intensive long-running tasks for productivity tools (queue: long_ods_io). |
| Worker | worker-worker | General-purpose worker managing tasks such as real-time scans, retries, honeytoken tasks, reports, and more (queues: celery, check_run, realtime, realtime_retry, honeytoken, reports). |
| Worker | worker-realtime_ods | Handles real-time processing for non-VCS tools like Slack and Jira, including retry mechanisms (queues: realtime_ods, realtime_retry_ods). |
| Worker | worker-ml-api-priority | Prioritizes machine learning API-related tasks for fast processing (queue: ml_api_priority). |
| Job | pre-deploy | Pre-deployment job performing database migrations |
| Job | post-deploy | Post-deployment job performing long data migrations |
| Replicated | replicated | License management and usage data collection |
| Replicated | kotsadm | KOTS Admin Console (KOTS-based installation only) |
We have set a 30-days TTL (Time To Live) for pre-deploy and post-deploy jobs to allow for log retrieval if needed. It is recommended not to delete these pods, as they can be useful for troubleshooting.
Legacy GitGuardian architecture
Each gitguardian-app pod runs an nginx container serving the dashboard frontend and acting as a proxy for the backend, and an app container serving all backend tasks.
| Kind | Deployment name | Usage |
|---|---|---|
| Front + Backend | gitguardian-app | Dashboard, Public API (ggshield), VCS webhooks events receiver |
| Backend | gitguardian-exporter | Open Metrics Exporter for applicative metrics |
| Scheduler | gitguardian-beat | Celery beat task scheduler |
| Worker | gitguardian-email | Workers for queues: email, notifier |
| Worker | gitguardian-long-tasks | Workers for long tasks: check/install health, asynchronous cleanup tasks, validity check, ... |
| Worker | gitguardian-scanner | Workers for historical scans |
| Worker | gitguardian-worker | Workers for queues: celery (default), check_run, realtime, realtime_retry, honeytoken, report |
| Job | gitguardian-migration | Deployment job performing database migrations |
| Replicated | replicated | License management and usage data collection |
| Replicated | kotsadm | KOTS Admin Console |
