External PostgreSQL database
This document assumes you already have your own PostgreSQL database.
If you do not have one, consider a cloud provided solution like AWS Aurora or GCP Cloud SQL. For on-premise or deployment to VM, consider our Omnibus GitLab package.
External database requirements
To use an external database with the gitlab
chart, there are a few prerequisites.
- GitLab requires PostgreSQL 9.6.x or 10.x
- The
pg_trgm
extension must be available. GitLab will attempt to load thepg_trgm
extension if not present. If not providing an account with Superuser flag to GitLab, please ensure this extension is loaded prior to proceeding with the database installation. - An empty database to use, named by default:
gitlabhq_production
. See below how to change the default name. - A user with full access granted to the database above.
- A Kubernetes Secret with the password for the user above.
- Ensure that the database is reachable from the cluster. Be sure firewall policies are in place to allow traffic.
Configuring gitlab
to use an external database
You need to set the following parameters:
-
postgresql.install
: Set tofalse
to disable the embedded database. -
global.psql.host
: Set to the hostname of the external database, can be a domain or an IP address. -
global.psql.password.secret
: The name of the secret which contains the database password for thegitlab
user. -
global.psql.password.key
: The key within the secret, which contains the password. The password should be unencoded value.
Items below can be further customized if you are not using the defaults:
-
global.psql.port
: The port the database is available on, defaults to5432
. -
global.psql.database
: The name of the database. -
global.psql.username
: The user with access to the database.
If you use a mutual TLS connection to the database:
-
global.psql.ssl.secret
: A secret containing client certificate, key and certificate authority. -
global.psql.ssl.serverCA
: The key inside the secret referring the certificate authority (CA). -
global.psql.ssl.clientCertificate
: The key inside the secret referring the client certificate. -
global.psql.ssl.clientKey
: The client inside the secret.
For example, pass these values via Helm’s --set
flag while deploying:
helm install gitlab gitlab/gitlab
--set postgresql.install=false
--set global.psql.host=psql.example
--set global.psql.password.secret=gitlab-postgresql-password
--set global.psql.password.key=postgres-password
Help and feedback
If there's something you don't like about this feature
To propose functionality that GitLab does not yet offer
To further help GitLab in shaping new features
If you didn't find what you were looking for
If you want help with something very specific to your use case, and can use some community support
POST ON GITLAB FORUM
If you have problems setting up or using this feature (depending on your GitLab subscription)
REQUEST SUPPORT
To view all GitLab tiers and features or to upgrade
If you want to try all features available in GitLab.com
If you want to try all features available in GitLab self-managed
If you spot an error or a need for improvement and would like to fix it yourself in a merge request
EDIT THIS PAGE
If you would like to suggest an improvement to this doc