Application topology
GitGuardian application consists of several Kubernetes resources. Each nginx pod runs an nginx container serving the dashboard frontend and acting as a proxy for the backend, and a number of different containers serving all backend tasks.
| Kind | Deployment Name | Usage |
|---|---|---|
| Front | nginx | Dashboard Frontend and proxy for backend |
| Backend | webapp-app_exporter | Open Metrics Exporter for applicative metrics |
| Backend | webapp-hook | VCS webhooks events receiver |
| Backend | webapp-internal_api | Backend for the Dashboard |
| Backend | webapp-internal_api_long | Backend for the Dashboard (no timeout) |
| Backend | webapp-public_api | Public API and GGshield scans |
| Backend | webapp-honeytoken | Backend for honeytoken |
| Backend | ml-secret-engine | Machine Learning secret engine |
| Backend | apache-tika | File scanner for non-VCS sources scanning |
| Scheduler | beat | Celery Beat task scheduler |
| Worker | worker-email | Handles tasks related to email notifications and messaging (queues: email, notifier). |
| Worker | worker-realtime_ods | Handles real-time processing for non-VCS tools like Slack and Jira, including retry mechanisms (queues: realtime_ods, realtime_retry_ods). |
| Worker | worker-worker | General-purpose worker managing tasks such as real-time scans, retries, honeytoken tasks, reports, and more (queues: celery, check_run, realtime, realtime_retry, honeytoken, reports). |
| Worker | worker-long | Processes long-running tasks such as background validity checks and other extensive operations (queues: background_validity_check, celery_long). |
| Worker | worker-long-ods | Processes long-running tasks for non-VCS sources, such as Slack and Jira (queue: long_ods). |
| Worker | worker-long-ods-io | Focuses on IO-intensive long-running tasks for non-VCS sources (queue: long_ods_io). |
| Worker | worker-scanners | Performs historical scans for repositories, including basic, premium, and manual scans (queues: basic_repo_scan, premium_repo_scan, manual_repo_scan). |
| Worker | worker-scanners-ods | Executes non-VCS historical scans for non-VCS sources like Jira, Confluence, ... (queue: ods_scan). |
| Worker | worker-scanners-ods-highdisk | Focuses on tasks required high storage for non-VCS sources (queue: ods_scan_highdisk). |
| Worker | worker-scanners-slack | Executes Slack historical scans (queue: slack_scan). |
| Worker | worker-container-registries | Handles tasks related to secret scanning in Container registries (queues: container_registries). |
| Worker | worker-ml-api-priority | Prioritizes machine learning API-related tasks for fast processing (queue: ml_api_priority). |
| Job | pre-deploy | Pre-deployment job performing database migrations |
| Job | post-deploy | Post-deployment job performing long data migrations |
| Replicated | replicated | License management and usage data collection |
| Replicated | kotsadm | KOTS Admin Console (KOTS-based installation only) |
info
We have set a 30-days TTL (Time To Live) for pre-deploy and post-deploy jobs to allow for log retrieval if needed. It is recommended not to delete these pods, as they can be useful for troubleshooting.
