Skip to main content

Application topology

GitGuardian application consists of several Kubernetes resources. Each nginx pod runs an nginx container serving the dashboard frontend and acting as a proxy for the backend, and a number of different containers serving all backend tasks.

KindDeployment NameUsage
FrontnginxDashboard Frontend and proxy for backend
Backendwebapp-app_exporterOpen Metrics Exporter for applicative metrics
Backendwebapp-hookVCS webhooks events receiver
Backendwebapp-internal_apiBackend for the Dashboard
Backendwebapp-internal_api_longBackend for the Dashboard (no timeout)
Backendwebapp-public_apiPublic API and GGshield scans
Backendwebapp-honeytokenBackend for honeytoken
Backendml-secret-engineMachine Learning secret engine
SchedulerbeatCelery Beat task scheduler
Workerworker-emailHandles tasks related to email notifications and messaging (queues: email, notifier).
Workerworker-longProcesses long-running tasks such as background validity checks and other extensive operations (queues: background_validity_check, celery_long).
Workerworker-scannersPerforms historical scans for repositories, including basic, premium, and manual scans (queues: basic_repo_scan, premium_repo_scan, manual_repo_scan).
Workerworker-scanners-odsExecutes non-VCS historical scans for productivity tools like Slack, Jira, Confluence, ... (queue: ods_scan).
Workerworker-long-odsProcesses long-running tasks for productivity tools, such as Slack and Jira (queue: long_ods).
Workerworker-long-ods-ioFocuses on IO-intensive long-running tasks for productivity tools (queue: long_ods_io).
Workerworker-workerGeneral-purpose worker managing tasks such as real-time scans, retries, honeytoken tasks, reports, and more (queues: celery, check_run, realtime, realtime_retry, honeytoken, reports).
Workerworker-realtime_odsHandles real-time processing for non-VCS tools like Slack and Jira, including retry mechanisms (queues: realtime_ods, realtime_retry_ods).
Workerworker-ml-api-priorityPrioritizes machine learning API-related tasks for fast processing (queue: ml_api_priority).
Jobpre-deployPre-deployment job performing database migrations
Jobpost-deployPost-deployment job performing long data migrations
ReplicatedreplicatedLicense management and usage data collection
ReplicatedkotsadmKOTS Admin Console (KOTS-based installation only)
info

We have set a 30-days TTL (Time To Live) for pre-deploy and post-deploy jobs to allow for log retrieval if needed. It is recommended not to delete these pods, as they can be useful for troubleshooting.