Configure the GitLab chart with an external database

Configure the GitLab Helm chart with an external PostgreSQL instance, which is required for all deployments.

Prerequisites:

• A deployment of required version of PostgreSQL. If you do not have one, consider a cloud provided solution like AWS RDS PostgreSQL or GCP Cloud SQL. For an alternative solution, consider the Linux package.
• An empty database named gitlabhq_production by default.
• A user with full database access. See the external database documentation for details.
• A Kubernetes Secret with the password for the database user.
• The amcheck, pg_trgm and btree_gist extensions. If you don’t provide an account with the Superuser flag to GitLab, ensure these extensions are loaded prior to proceeding with the database installation.

Networking prerequisites:

• Ensure that the database is reachable from the cluster. Be sure that your firewall policies allow traffic.
• If you plan to use PostgreSQL as a load balancing cluster and Kubernetes DNS for service discovery, configure the PostgreSQL secondary service as a headless service to allow DNS A records to be created for each secondary instance. For an example, see examples/database/values-loadbalancing-discover.yaml.

To configure the GitLab chart to use an external database:

1. Set the following parameters:

   • global.psql.host: Set to the hostname of the external database, can be a domain or an IP address.
   • global.psql.password.secret: The name of the secret that contains the database password for the gitlab user.
   • global.psql.password.key: Within the secret, the key that contains the password.

2. Optional. The following items can be further customized if you are not using the defaults:

   • global.psql.port: The port the database is available on. Defaults to 5432.
   • global.psql.database: The name of the database.
   • global.psql.username: The user with access to the database.

3. Optional. If you use a mutual TLS connection to the database, set the following:

   • global.psql.ssl.secret: A secret that contains the client certificate, key, and certificate authority.
   • global.psql.ssl.serverCA: In the secret, the key that refers to the certificate authority (CA).
   • global.psql.ssl.clientCertificate: In the secret, the key that refers to the client certificate.
   • global.psql.ssl.clientKey: In the secret, the client.

4. When you deploy the GitLab chart, add the values by using the --set flag. For example:

   helm install gitlab gitlab/gitlab
     --set global.psql.host=psql.example
     --set global.psql.password.secret=gitlab-postgresql-password
     --set global.psql.password.key=postgres-password