Application topology
For information on the new architecture, as well as determining whether you are using the new or the legacy GitGuardian architecture, explore the New GitGuardian Architecture page.
GitGuardian application consists of several Kubernetes resources.
New GitGuardian architecture
Each nginx pod runs an nginx container serving the dashboard frontend and acting as a proxy for the backend, and a number of different containers serving all backend tasks.
| Kind | Deployment Name | Usage |
|---|---|---|
| Front | nginx | Dashboard Frontend and proxy for backend |
| Backend | webapp-app_exporter | Open Metrics Exporter for applicative metrics |
| Backend | webapp-hook | VCS webhooks events receiver |
| Backend | webapp-internal_api | Backend for the Dashboard |
| Backend | webapp-internal_api_long | Backend for the Dashboard (no timeout) |
| Backend | webapp-public_api | Public API and GGshield scans |
| Backend | webapp-honeytoken | Backend for honeytoken |
| Scheduler | beat | Celery Beat task scheduler |
| Worker | worker-email | Workers for queues: email, notifier |
| Worker | worker-reports | Workers for PDF reports |
| Worker | worker-long | Workers for long tasks: check/install health, asynchronous cleanup tasks, validity check, ... |
| Worker | worker-scanners | Workers for historical scans used for VCS (Version Control System) |
| Worker | worker-scanners_ods | Workers for historical scans used for productivity tools (Slack, Jira Cloud, Confluence, ...) |
| Worker | worker-long-ods | Workers for long tasks for productivity tools (Slack, Jira Cloud, Confluence, ...) |
| Worker | worker-long-ods-io | Workers for long tasks specialized in Input/Output operations for productivity tools |
| Worker | worker-worker | Workers for queues: celery (default), check_run, realtime and realtime_retry for VCS, honeytoken, report |
| Worker | worker-realtime_ods | Workers for queues: realtime and realtime_retry for productivity tools |
| Job | pre-deploy | Pre-deployment job performing database migrations |
| Job | post-deploy | Post-deployment job performing long data migrations |
| Replicated | replicated | License management and usage data collection |
| Replicated | kotsadm | KOTS Admin Console (KOTS-based installation only) |
We have set a 30-days TTL (Time To Live) for pre-deploy and post-deploy jobs to allow for log retrieval if needed. It is recommended not to delete these pods, as they can be useful for troubleshooting.
Legacy GitGuardian architecture
Each gitguardian-app pod runs an nginx container serving the dashboard frontend and acting as a proxy for the backend, and an app container serving all backend tasks.
| Kind | Deployment name | Usage |
|---|---|---|
| Front + Backend | gitguardian-app | Dashboard, Public API (ggshield), VCS webhooks events receiver |
| Backend | gitguardian-exporter | Open Metrics Exporter for applicative metrics |
| Scheduler | gitguardian-beat | Celery beat task scheduler |
| Worker | gitguardian-email | Workers for queues: email, notifier |
| Worker | gitguardian-long-tasks | Workers for long tasks: check/install health, asynchronous cleanup tasks, validity check, ... |
| Worker | gitguardian-scanner | Workers for historical scans |
| Worker | gitguardian-worker | Workers for queues: celery (default), check_run, realtime, realtime_retry, honeytoken, report |
| Job | gitguardian-migration | Deployment job performing database migrations |
| Replicated | replicated | License management and usage data collection |
| Replicated | kotsadm | KOTS Admin Console |
