Installation command line options

The tables below contain all the possible charts configurations that can be supplied to the helm install command using the --set flags.

Basic configuration

ParameterDescriptionDefault
gitlab.migrations.initialRootPassword.keyKey pointing to the root account password in the migrations secretpassword
gitlab.migrations.initialRootPassword.secretGlobal name of the secret containing the root account password{Release.Name}-gitlab-initial-root-password
global.gitlab.license.keyKey pointing to the Enterprise license in the license secretlicense
global.gitlab.license.secretGlobal name of the secret containing the Enterprise licensenone
global.application.createCreate an Application resource for GitLabfalse
global.editionThe edition of GitLab to install. Enterprise Edition (ee) or Community Edition (ce)ee
global.gitaly.enabledGitaly enable flagtrue
global.hosts.domainDomain name that will be used for all publicly exposed servicesRequired
global.hosts.externalIPStatic IP to assign to NGINX Ingress ControllerRequired
global.hosts.sshDomain name that will be used for Git SSH accessgitlab.{global.hosts.domain}
global.imagePullPolicySet a default imagePullPolicy for all chartsIfNotPresent
global.minio.enabledMinIO enable flagtrue
global.psql.hostGlobal hostname of an external psql, overrides subcharts’ psql configurationUses in-cluster non-production PostgreSQL
global.psql.password.keyKey pointing to the psql password in the psql secretUses in-cluster non-production PostgreSQL
global.psql.password.secretGlobal name of the secret containing the psql passwordUses in-cluster non-production PostgreSQL
global.registry.bucketregistry bucket nameregistry
global.service.annotationsAnnotations to add to every Service{}
global.time_zoneGlobal time zoneUTC

TLS configuration

ParameterDescriptionDefault
certmanager-issuer.emailEmail for Let’s Encrypt accountfalse
gitlab.unicorn.ingress.tls.secretNameExisting Secret containing TLS certificate and key for GitLabnone
global.hosts.httpsServe over httpstrue
global.ingress.configureCertmanagerConfigure cert-manager to get certificates from Let’s Encrypttrue
global.ingress.tls.secretNameExisting Secret containing wildcard TLS certificate and keynone
minio.ingress.tls.secretNameExisting Secret containing TLS certificate and key for MinIOnone
registry.ingress.tls.secretNameExisting Secret containing TLS certificate and key for registrynone

Outgoing Email configuration

ParameterDescriptionDefault
global.email.display_nameName that appears as the sender for emails from GitLabGitLab
global.email.fromEmail address that appears as the sender for emails from GitLabgitlab@example.com
global.email.reply_toReply-to email listed in emails from GitLabnoreply@example.com
global.email.smime.certNameSecret object key value for locating the S/MIME certificate filetls.crt
global.email.smime.enabledAdd the S/MIME signatures to outgoing emailfalse
global.email.smime.keyNameSecret object key value for locating the S/MIME key filetls.key
global.email.smime.secretNameKubernetes Secret object to find the X.509 certificate (S/MIME Cert for creation )””
global.email.subject_suffixSuffix on the subject of all outgoing email from GitLab””
global.smtp.addressHostname or IP of the remote mail serversmtp.mailgun.org
global.smtp.authenticationType of SMTP authentication (“plain”, “login”, “cram_md5”, or “” for no authentication)plain
global.smtp.domainOptional HELO domain for SMTP””
global.smtp.enabledEnable outgoing emailfalse
global.smtp.openssl_verify_modeTLS verification mode (“none”, “peer”, or “ssl/tls”)peer
global.smtp.password.keyKey in global.smtp.password.secret that contains the SMTP passwordpassword
global.smtp.password.secretName of a Secret containing the SMTP password””
global.smtp.portPort for SMTP2525
global.smtp.starttls_autoUse STARTTLS if enabled on the mail serverfalse
global.smtp.tlsEnables SMTP/TLS (SMTPS: SMTP over direct TLS connection)none
global.smtp.user_nameUsername for SMTP authentication https””

Incoming Email configuration

ParameterDescriptionDefault
global.appConfig.incomingEmail.addressThe email address to reference the item being replied to (example: gitlab-incoming+%{key}@gmail.com)empty
global.appConfig.incomingEmail.enabledEnable incoming emailfalse
global.appConfig.incomingEmail.hostHost for IMAPempty
global.appConfig.incomingEmail.idleTimeoutThe IDLE command timeout60
global.appConfig.incomingEmail.mailboxMailbox where incoming mail will end up.inbox
global.appConfig.incomingEmail.password.keyKey in global.appConfig.incomingEmail.password.secret that contains the IMAP passwordpassword
global.appConfig.incomingEmail.password.secretName of a Secret containing the IMAP passwordempty
global.appConfig.incomingEmail.portPort for IMAP993
global.appConfig.incomingEmail.sslWhether IMAP server uses SSLtrue
global.appConfig.incomingEmail.startTlsWhether IMAP server uses StartTLSfalse
global.appConfig.incomingEmail.userUsername for IMAP authenticationempty
global.appConfig.incomingEmail.userUsername for IMAP authenticationempty
global.appConfig.incomingEmail.expungeDeletedWhether to expunge (permanently remove) messages from the mailbox when they are deleted after deliveryfalse
global.appConfig.incomingEmail.logger.logPathPath to write JSON structured logs to; set to “” to disable this logging/dev/stdout

Default Project Features configuration

ParameterDescriptionDefault
global.appConfig.defaultProjectsFeatures.buildsEnable project buildstrue
global.appConfig.defaultProjectsFeatures.containerRegistryEnable container registy project featurestrue
global.appConfig.defaultProjectsFeatures.issuesEnable project issuestrue
global.appConfig.defaultProjectsFeatures.mergeRequestsEnable project merge requeststrue
global.appConfig.defaultProjectsFeatures.snippetsEnable project snippetstrue
global.appConfig.defaultProjectsFeatures.wikiEnable project wikistrue

GitLab Shell

ParameterDescriptionDefault
global.shell.authTokenSecret containing shared secret 
global.shell.hostKeysSecret containing SSH host keys 
global.shell.portPort number to expose on Ingress for SSH 

RBAC Settings

ParameterDescriptionDefault
certmanager.rbac.createCreate and use RBAC resourcestrue
gitlab-runner.rbac.createCreate and use RBAC resourcestrue
nginx-ingress.rbac.createCreate and use default RBAC resourcesfalse
nginx-ingress.rbac.createClusterRoleCreate and use Cluster rolefalse
nginx-ingress.rbac.createRoleCreate and use namespaced roletrue
prometheus.rbac.createCreate and use RBAC resourcestrue

Advanced NGINX Ingress configuration

Prefix NGINX Ingress values with nginx-ingress. For example, set the controller image tag using nginx-ingress.controller.image.tag.

See nginx-ingress chart.

Advanced in-cluster Redis configuration

ParameterDescriptionDefault
redis.installInstall the stable/redis charttrue
redis.existingSecretSpecify the Secret for Redis servers to usegitlab-redis-secret
redis.existingSecretKeySecret key where password is storedredis-password

Any additional configuration of the Redis service should use the configuration settings from the Redis chart.

Advanced registry configuration

ParameterDescriptionDefault
registry.authEndpointAuth endpointUndefined by default
registry.enabledEnable docker registrytrue
registry.httpSecretHttps secret 
registry.minio.bucketMinIO registry bucket nameregistry
registry.service.annotationsAnnotations to add to the Service{}
registry.tokenIssuerJWT token issuergitlab-issuer
registry.tokenServiceJWT token servicecontainer_registry

Advanced MinIO configuration

ParameterDescriptionDefault
minio.defaultBucketsMinIO default buckets[{"name": "registry"}]
minio.imageMinIO imageminio/minio
minio.imagePullPolicyMinIO image pull policyAlways
minio.imageTagMinIO image tagRELEASE.2017-12-28T01-21-00Z
minio.minioConfig.browserMinIO browser flagon
minio.minioConfig.domainMinIO domain 
minio.minioConfig.regionMinIO regionus-east-1
minio.mountPathMinIO config file mount path/export
minio.persistence.accessModeMinIO persistence access modeReadWriteOnce
minio.persistence.enabledMinIO enable persistence flagtrue
minio.persistence.matchExpressionsMinIO label-expression matches to bind 
minio.persistence.matchLabelsMinIO label-value matches to bind 
minio.persistence.sizeMinIO persistence volume size10Gi
minio.persistence.storageClassMinIO storageClassName for provisioning 
minio.persistence.subPathMinIO persistence volume mount path 
minio.persistence.volumeNameMinIO existing persistent volume name 
minio.replicasMinIO number of replicas4
minio.resources.requests.cpuMinIO minimum cpu requested250m
minio.resources.requests.memoryMinIO minimum memory requested256Mi
minio.service.annotationsAnnotations to add to the Service{}
minio.servicePortMinIO service port9000
minio.serviceTypeMinIO service typeClusterIP

Advanced GitLab configuration

ParameterDescriptionDefault
gitlab-runner.checkIntervalpolling interval30s
gitlab-runner.concurrentnumber of concurrent jobs20
gitlab-runner.installinstall the gitlab-runner charttrue
gitlab-runner.imagerunner imagegitlab/gitlab-runner:alpine-v10.5.0
gitlab-runner.imagePullPolicyimage pull policyIfNotPresent
gitlab-runner.rbac.clusterWideAccessdeploy containers of jobs cluster-widefalse
gitlab-runner.rbac.createwhether to create rbac service accounttrue
gitlab-runner.rbac.serviceAccountNamename of the rbac service account to createdefault
gitlab-runner.resources.limits.cpurunner resources 
gitlab-runner.resources.limits.memoryrunner resources 
gitlab-runner.resources.requests.cpurunner resources 
gitlab-runner.resources.requests.memoryrunner resources 
gitlab-runner.runners.build.cpuRequestsbuild container limit 
gitlab-runner.runners.build.memoryLimitbuild container limit 
gitlab-runner.runners.build.memoryRequestsbuild container limit 
gitlab-runner.runners.builds.cpuLimitbuild container limit 
gitlab-runner.runners.cache.cacheSharedshare the cache between runnerstrue
gitlab-runner.runners.cache.cacheTypecache types3
gitlab-runner.runners.cache.s3BucketLocationbucket regionus-east-1
gitlab-runner.runners.cache.s3BucketNamename of the bucketrunner-cache
gitlab-runner.runners.cache.s3CacheInsecureuse httpfalse
gitlab-runner.runners.cache.s3CachePathpath in the bucketgitlab-runner
gitlab-runner.runners.cache.secretNamesecret to accesskey and secretkey fromgitlab-minio
gitlab-runner.runners.imagedefault container image to use in buildsubuntu:16.04
gitlab-runner.runners.imagePullSecretsimagePullSecrets[]
gitlab-runner.runners.namespacenamespace to run jobs indefault
gitlab-runner.runners.privilegedrun in privieleged mode,needed for dindfalse
gitlab-runner.runners.service.cpuLimitservice container limit 
gitlab-runner.runners.service.cpuRequestsservice container limit 
gitlab-runner.runners.service.memoryLimitservice container limit 
gitlab-runner.runners.service.memoryRequestsservice container limit 
gitlab-runner.unregisterRunnersunregister all runners before terminationtrue
gitlab.gitaly.authToken.keyKey to Gitaly token in the secrettoken
gitlab.gitaly.authToken.secretGitaly secret name{.Release.Name}-gitaly-secret
gitlab.gitaly.image.pullPolicyGitaly image pull policyAlways
gitlab.gitaly.image.repositoryGitaly image repositoryregistry.gitlab.com/gitlab-org/build/cng/gitaly
gitlab.gitaly.image.tagGitaly image taglatest
gitlab.gitaly.persistence.accessModeGitaly persistence access modeReadWriteOnce
gitlab.gitaly.persistence.enabledGitaly enable persistence flagtrue
gitlab.gitaly.persistence.matchExpressionsLabel-expression matches to bind 
gitlab.gitaly.persistence.matchLabelsLabel-value matches to bind 
gitlab.gitaly.persistence.sizeGitaly persistence volume size50Gi
gitlab.gitaly.persistence.storageClassstorageClassName for provisioning 
gitlab.gitaly.persistence.subPathGitaly persistence volume mount path 
gitlab.gitaly.persistence.volumeNameExisting persistent volume name 
gitlab.gitaly.securityContext.fsGroupGroup ID under which the pod should be started1000
gitlab.gitaly.securityContext.runAsUserUser ID under which the pod should be started1000
gitlab.gitaly.service.annotationsAnnotations to add to the Service{}
gitlab.gitaly.service.externalPortGitaly service exposed port8075
gitlab.gitaly.service.internalPortGitaly internal port8075
gitlab.gitaly.service.nameGitaly service namegitaly
gitlab.gitaly.service.typeGitaly service typeClusterIP
gitlab.gitaly.serviceNameGitaly service namegitaly
gitlab.gitaly.shell.authToken.keyShell keysecret
gitlab.gitaly.shell.authToken.secretShell secret{Release.Name}-gitlab-shell-secret
gitlab.gitlab-shell.authToken.keyShell auth secret keysecret
gitlab.gitlab-shell.authToken.secretShell auth secret{Release.Name}-gitlab-shell-secret
gitlab.gitlab-shell.enabledShell enable flagtrue
gitlab.gitlab-shell.image.pullPolicyShell image pull policyAlways
gitlab.gitlab-shell.image.repositoryShell image repositoryregistry.gitlab.com/gitlab-org/build/cng/gitlab-shell
gitlab.gitlab-shell.image.tagShell image taglatest
gitlab.gitlab-shell.replicaCountShell replicas1
gitlab.gitlab-shell.service.annotationsAnnotations to add to the Service{}
gitlab.gitlab-shell.service.externalPortShell exposed port22
gitlab.gitlab-shell.service.internalPortShell internal port22
gitlab.gitlab-shell.service.nameShell service namegitlab-shell
gitlab.gitlab-shell.service.typeShell service typeClusterIP
gitlab.gitlab-shell.unicorn.serviceNameUnicorn service nameunicorn
gitlab.migrations.bootsnap.enabledMigrations Bootsnap enable flagtrue
gitlab.migrations.enabledMigrations enable flagtrue
gitlab.migrations.image.pullPolicyMigrations pull policyAlways
gitlab.migrations.image.repositoryMigrations image repositoryregistry.gitlab.com/gitlab-org/build/cng/gitlab-task_runner-ee
gitlab.migrations.image.tagMigrations image taglatest
gitlab.migrations.psql.password.keykey to psql password in psql secretpsql-password
gitlab.migrations.psql.password.secretpsql secretgitlab-postgres
gitlab.migrations.psql.portSet PostgreSQL server port. Takes precedence over global.psql.port 
   
gitlab.sidekiq.concurrencySidekiq default concurrency10
gitlab.sidekiq.enabledSidekiq enabled flagtrue
gitlab.sidekiq.gitaly.authToken.keykey to Gitaly token in Gitaly secrettoken
gitlab.sidekiq.gitaly.authToken.secretGitaly secret{.Release.Name}-gitaly-secret
gitlab.sidekiq.gitaly.serviceNameGitaly service namegitaly
gitlab.sidekiq.image.pullPolicySidekiq image pull policyAlways
gitlab.sidekiq.image.repositorySidekiq image repositoryregistry.gitlab.com/gitlab-org/build/cng/gitlab-sidekiq-ee
gitlab.sidekiq.image.tagSidekiq image taglatest
gitlab.sidekiq.psql.password.keykey to psql password in psql secretpsql-password
gitlab.sidekiq.psql.password.secretpsql password secretgitlab-postgres
gitlab.sidekiq.psql.portSet PostgreSQL server port. Takes precedence over global.psql.port 
   
gitlab.sidekiq.replicasSidekiq replicas1
gitlab.sidekiq.resources.requests.cpuSidekiq minimum needed cpu100m
gitlab.sidekiq.resources.requests.memorySidekiq minimum needed memory600M
gitlab.sidekiq.timeoutSidekiq job timeout5
gitlab.task-runner.annotationsAnnotations to add to the task runner{}
gitlab.task-runner.backups.cron.enabledBackup CronJob enabled flagfalse
gitlab.task-runner.backups.cron.extraArgsString of args to pass to the backup utility 
gitlab.task-runner.backups.cron.persistence.accessModeBackup cron persistence access modeReadWriteOnce
gitlab.task-runner.backups.cron.persistence.enabledBackup cron enable persistence flagfalse
gitlab.task-runner.backups.cron.persistence.matchExpressionsLabel-expression matches to bind 
gitlab.task-runner.backups.cron.persistence.matchLabelsLabel-value matches to bind 
gitlab.task-runner.backups.cron.persistence.sizeBackup cron persistence volume size10Gi
gitlab.task-runner.backups.cron.persistence.storageClassstorageClassName for provisioning 
gitlab.task-runner.backups.cron.persistence.subPathBackup cron persistence volume mount path 
gitlab.task-runner.backups.cron.persistence.volumeNameExisting persistent volume name 
gitlab.task-runner.backups.cron.resources.requests.cpuBackup cron minimum needed cpu50m
gitlab.task-runner.backups.cron.resources.requests.memoryBackup cron minimum needed memory350M
gitlab.task-runner.backups.cron.scheduleCron style schedule string0 1 * * *
gitlab.task-runner.backups.objectStorage.backendObject storage provider to use (s3 or gcs)s3
gitlab.task-runner.backups.objectStorage.config.gcpProjectGCP Project to use when backend is gcs””
gitlab.task-runner.backups.objectStorage.config.keykey containing credentials in secret””
gitlab.task-runner.backups.objectStorage.config.secretObject storage credentials secret””
gitlab.task-runner.backups.objectStorage.configAuthentication information for object storage{}
gitlab.task-runner.bootsnap.enabledEnable Bootsnap cache in Task runnertrue
gitlab.task-runner.enabledTask runner enabled flagtrue
gitlab.task-runner.image.pullPolicyTask runner image pull policyIfNotPresent
gitlab.task-runner.image.repositoryTask runner image repositoryregistry.gitlab.com/gitlab-org/build/cng/gitlab-task-runner-ee
gitlab.task-runner.image.tagTask runner image taglatest
gitlab.task-runner.init.image.repositoryTask runner init image repository 
gitlab.task-runner.init.image.tagTask runner init image tag 
gitlab.task-runner.init.resources.requests.cpuTask runner init minimum needed cpu50m
gitlab.task-runner.persistence.accessModeTask runner persistence access modeReadWriteOnce
gitlab.task-runner.persistence.enabledTask runner enable persistence flagfalse
gitlab.task-runner.persistence.matchExpressionsLabel-expression matches to bind 
gitlab.task-runner.persistence.matchLabelsLabel-value matches to bind 
gitlab.task-runner.persistence.sizeTask runner persistence volume size10Gi
gitlab.task-runner.persistence.storageClassstorageClassName for provisioning 
gitlab.task-runner.persistence.subPathTask runner persistence volume mount path 
gitlab.task-runner.persistence.volumeNameExisting persistent volume name 
gitlab.task-runner.resources.requests.cpuTask runner minimum needed cpu50m
gitlab.task-runner.resources.requests.memoryTask runner minimum needed memory350M
gitlab.task-runner.psql.portSet PostgreSQL server port. Takes precedence over global.psql.port 
   
gitlab.unicorn.enabledUnicorn enabled flagtrue
gitlab.unicorn.gitaly.authToken.keyKey to Gitaly token in Gitaly secrettoken
gitlab.unicorn.gitaly.authToken.secretGitaly secret name{.Release.Name}-gitaly-secret
gitlab.unicorn.gitaly.serviceNameGitaly service namegitaly
gitlab.unicorn.image.pullPolicyUnicorn image pull policyAlways
gitlab.unicorn.image.repositoryUnicorn image repositoryregistry.gitlab.com/gitlab-org/build/cng/gitlab-webservice-ee
gitlab.unicorn.image.tagUnicorn image taglatest
gitlab.unicorn.psql.password.keyKey to psql password in psql secretpsql-password
gitlab.unicorn.psql.password.secretpsql secret namegitlab-postgres
gitlab.unicorn.psql.portSet PostgreSQL server port. Takes precedence over global.psql.port 
   
gitlab.unicorn.registry.api.portRegistry port5000
gitlab.unicorn.registry.api.protocolRegistry protocolhttp
gitlab.unicorn.registry.api.serviceNameRegistry service nameregistry
gitlab.unicorn.registry.tokenIssuerRegistry token issuergitlab-issuer
gitlab.unicorn.replicaCountUnicorn number of replicas1
gitlab.unicorn.resources.requests.cpuUnicorn minimum cpu200m
gitlab.unicorn.resources.requests.memoryUnicorn minimum memory1.4G
gitlab.unicorn.service.annotationsAnnotations to add to the Service{}
gitlab.unicorn.service.externalPortUnicorn exposed port8080
gitlab.unicorn.service.internalPortUnicorn internal port8080
gitlab.unicorn.service.typeUnicorn service typeClusterIP
gitlab.unicorn.service.workhorseExternalPortWorkhorse exposed port8181
gitlab.unicorn.service.workhorseInternalPortWorkhorse internal port8181
gitlab.unicorn.shell.authToken.keyKey to shell token in shell secretsecret
gitlab.unicorn.shell.authToken.secretShell token secret{Release.Name}-gitlab-shell-secret
gitlab.unicorn.workerProcessesUnicorn number of workers2
gitlab.unicorn.workerTimeoutUnicorn worker timeout60
gitlab.unicorn.workhorse.extraArgsString of extra parameters for workhorse””
gitlab.unicorn.workhorse.imageWorkhorse image repositoryregistry.gitlab.com/gitlab-org/build/cng/gitlab-workhorse-ee
gitlab.unicorn.workhorse.sentryDSNDSN for Sentry instance for error reporting””
gitlab.unicorn.workhorse.tagWorkhorse image tag 

External Charts

GitLab makes use of several other charts. These are treated as parent-child relationships. Ensure that any properties you wish to configure are provided as chart-name.property.

Prometheus

Prefix Prometheus values with prometheus. For example, set the persistence storage value using prometheus.server.persistentVolume.size.

Refer to the Prometheus chart documentation for the exhaustive list of configuration options.