Configuration

GAGOS is configured through environment variables. This page documents all available options.

Environment Variables

Variable	Default	Description
`GAGOS_HOST`	0.0.0.0	Listen address for the web server
`GAGOS_PORT`	8080	Listen port for the web server
`GAGOS_PASSWORD`	(required)	Authentication password
`GAGOS_RUNTIME`	docker	Runtime environment: `docker` or `kubernetes`
`GAGOS_LOG_LEVEL`	info	Log level: `debug`, `info`, `warn`, `error`

Authentication

GAGOS requires password authentication. The password must be set via the GAGOS_PASSWORD environment variable.

Docker

docker run -e GAGOS_PASSWORD="your-secure-password" gagos:latest

Kubernetes

In Kubernetes, the password is typically stored in a Secret:

apiVersion: v1
kind: Secret
metadata:
  name: gagos-auth
  namespace: gagos
type: Opaque
data:
  password: eW91ci1zZWN1cmUtcGFzc3dvcmQ=  # base64 encoded

Then reference in the Deployment:

env:
  - name: GAGOS_PASSWORD
    valueFrom:
      secretKeyRef:
        name: gagos-auth
        key: password

Auto-Generated Password

The all-in-one Kubernetes manifest auto-generates a password on first deploy if the Secret doesn't exist.

Runtime Detection

The GAGOS_RUNTIME variable affects:

Login page hints: Shows appropriate password retrieval command
Kubernetes features: Enables in-cluster client when set to kubernetes

Kubernetes RBAC

For Kubernetes features, GAGOS needs appropriate RBAC permissions. The default ClusterRole includes:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: gagos
rules:
  - apiGroups: [""]
    resources:
      - namespaces
      - nodes
      - pods
      - pods/log
      - pods/exec
      - services
      - configmaps
      - secrets
      - persistentvolumeclaims
      - events
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: ["apps"]
    resources:
      - deployments
      - daemonsets
      - statefulsets
      - replicasets
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: ["batch"]
    resources:
      - jobs
      - cronjobs
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: ["networking.k8s.io"]
    resources:
      - ingresses
    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
  - apiGroups: ["autoscaling"]
    resources:
      - horizontalpodautoscalers
    verbs: ["get", "list", "watch"]

Network Capabilities

For ping and traceroute to work, GAGOS needs NET_RAW capability:

Docker

docker run --cap-add=NET_RAW gagos:latest

Kubernetes

securityContext:
  capabilities:
    add:
      - NET_RAW

Persistent Storage

GAGOS stores CI/CD data (pipelines, jobs, SSH hosts) in a SQLite database. For persistence in Kubernetes:

volumeMounts:
  - name: data
    mountPath: /data
volumes:
  - name: data
    persistentVolumeClaim:
      claimName: gagos-data

Resource Limits

Recommended resource limits:

resources:
  limits:
    cpu: "500m"
    memory: "512Mi"
  requests:
    cpu: "100m"
    memory: "128Mi"

Increase limits if running heavy CI/CD workloads or large Kubernetes queries.