Configure the GitLab chart with an external database

The bundled Bitnami PostgreSQL chart is not production ready. For a production-ready GitLab chart deployment, use an external database.

From GitLab 19.0, the GitLab Helm chart will no longer bundle the Bitnami PostgreSQL. For more information, see the deprecation announcement and migrate to an external alternative.

Prerequisites:

A deployment of required version of PostgreSQL. If you do not have one, consider a cloud provided solution like AWS RDS PostgreSQL or GCP Cloud SQL. For an alternative solution, consider the Linux package.
An empty database named gitlabhq_production by default.
A user with full database access. See the external database documentation for details.
A Kubernetes Secret with the password for the database user.
The amcheck, pg_trgm and btree_gist extensions. If you don’t provide an account with the Superuser flag to GitLab, ensure these extensions are loaded prior to proceeding with the database installation.

Networking prerequisites:

Ensure that the database is reachable from the cluster. Be sure that your firewall policies allow traffic.
If you plan to use PostgreSQL as a load balancing cluster and Kubernetes DNS for service discovery, when you install the bitnami/postgresql chart, use --set slave.service.clusterIP=None. This setting configures the PostgreSQL secondary service as a headless service to allow DNS A records to be created for each secondary instance.

For an example of how to use Kubernetes DNS for service discovery, see examples/database/values-loadbalancing-discover.yaml.

To configure the GitLab chart to use an external database:

Set the following parameters:
- postgresql.install: Set to false to disable the embedded database.
- global.psql.host: Set to the hostname of the external database, can be a domain or an IP address.
- global.psql.password.secret: The name of the secret that contains the database password for the gitlab user.
- global.psql.password.key: Within the secret, the key that contains the password.
Optional. The following items can be further customized if you are not using the defaults:
- global.psql.port: The port the database is available on. Defaults to 5432.
- global.psql.database: The name of the database.
- global.psql.username: The user with access to the database.
Optional. If you use a mutual TLS connection to the database, set the following:
- global.psql.ssl.secret: A secret that contains the client certificate, key, and certificate authority.
- global.psql.ssl.serverCA: In the secret, the key that refers to the certificate authority (CA).
- global.psql.ssl.clientCertificate: In the secret, the key that refers to the client certificate.
- global.psql.ssl.clientKey: In the secret, the client.

When you deploy the GitLab chart, add the values by using the --set flag. For example:

helm install gitlab gitlab/gitlab
  --set postgresql.install=false
  --set global.psql.host=psql.example
  --set global.psql.password.secret=gitlab-postgresql-password
  --set global.psql.password.key=postgres-password