Using the GitLab Pages chart

The gitlab-pages subchart provides a daemon for serving static websites from GitLab projects.


This chart depends on access to the Workhorse services, either as part of the complete GitLab chart or provided as an external service reachable from the Kubernetes cluster this chart is deployed onto.


The gitlab-pages chart is configured as follows: Global Settings and Chart Settings.

Global Settings

We share some common global settings among our charts. See the Globals Documentation for details.

Chart settings

The tables in following two sections contains all the possible chart configurations that can be supplied to the helm install command using the --set flags.

General settings

Parameter Default Description
annotations   Pod annotations
common.labels {} Supplemental labels that are applied to all objects created by this chart.
deployment.strategy {} Allows one to configure the update strategy used by the deployment. When not provided, the cluster default is used.
extraEnv   List of extra environment variables to expose
image.pullPolicy IfNotPresent GitLab image pull policy
image.pullSecrets   Secrets for the image repository
image.repository GitLab Exporter image repository
image.tag   image tag
init.image.repository   initContainer image
init.image.tag   initContainer image tag
metrics.enabled true Toggle Prometheus metrics exporter
metrics.port 9235 Listen port for the Prometheus metrics exporter
podLabels   Supplemental Pod labels. Will not be used for selectors.
resources.requests.cpu 75m GitLab Pages minimum CPU
resources.requests.memory 100M GitLab Pages minimum memory
securityContext.fsGroup 1000 Group ID under which the pod should be started
securityContext.runAsUser 1000 User ID under which the pod should be started
service.externalPort 8090 GitLab Pages exposed port
service.internalPort 8090 GitLab Pages internal port gitlab-pages GitLab Pages service name
service.customDomains.type LoadBalancer Type of service created for handling custom domains
service.customDomains.internalHTTPSPort 8091 Port where Pages daemon listens for HTTPS requests
service.customDomains.nodePort.http   Node Port to be opened for HTTP connections. Valid only if service.customDomains.type is NodePort
service.customDomains.nodePort.https   Node Port to be opened for HTTPS connections. Valid only if service.customDomains.type is NodePort
serviceLabels {} Supplemental service labels
tolerations [] Toleration labels for pod assignment

Pages specific settings

Parameter Default Description
artifactsServerTimeout 10 Timeout (in seconds) for a proxied request to the artifacts server
artifactsServerUrl   API URL to proxy artifact requests to
domainConfigSource gitlab Domain configuration source
extraVolumeMounts   List of extra volumes mounts to add
extraVolumes   List of extra volumes to create
gitlabClientHttpTimeout   GitLab API HTTP client connection timeout in seconds
gitlabClientJwtExpiry   JWT Token expiry time in seconds
gitlabServer   GitLab server FQDN
headers [] The additional http header(s) that should be send to the client
insecureCiphers false Use default list of cipher suites, may contain insecure ones like 3DES and RC4
internalGitlabServer   Internal GitLab server used for API requests
logFormat json Log output format
logVerbose false Verbose logging
maxConnections   Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners
redirectHttp false Redirect pages from HTTP to HTTPS
sentry.enabled false Enable Sentry reporting
sentry.dsn   The address for sending Sentry crash reporting to
sentry.environment   The environment for Sentry crash reporting
statusUri   The URL path for a status page
tls.minVersion   Specifies the minimum SSL/TLS version
tls.maxVersion   Specifies the maximum SSL/TLS version
useHttp2 true Enable HTTP2 support

Configuring the ingress

This section controls the GitLab Pages Ingress.

Name Type Default Description
annotations String   This field is an exact match to the standard annotations for Kubernetes Ingress.
configureCertmanager Boolean false Toggles Ingress annotation The acquisition of a TLS certificate for GitLab Pages via cert-manager is disabled because a wildcard certificate acquisition requires a cert-manager Issuer with a DNS01 solver, and the Issuer deployed by this chart only provides a HTTP01 solver. For more information see the TLS requirement for GitLab Pages.
enabled Boolean   Setting that controls whether to create Ingress objects for services that support them. When not set, the global.ingress.enabled setting is used.
tls.enabled Boolean   When set to false, you disable TLS for the Registry subchart. This is mainly useful for cases in which you cannot use TLS termination at ingress-level, like when you have a TLS-terminating proxy before the Ingress Controller.
tls.secretName String   The name of the Kubernetes TLS Secret that contains a valid certificate and key for the registry URL. When not set, the global.ingress.tls.secretName is used instead. Defaults to not being set.

Chart configuration examples


extraVolumes allows you to configure extra volumes chart-wide.

Below is an example use of extraVolumes:

extraVolumes: |
  - name: example-volume
      claimName: example-pvc


extraVolumeMounts allows you to configure extra volumeMounts on all containers chart-wide.

Below is an example use of extraVolumeMounts:

extraVolumeMounts: |
  - name: example-volume
    mountPath: /etc/example