Skip to content

gitlab

Metadata

Field Value
Service gitlab
Purpose Full self-hosted DevOps platform for Git, CI/CD, registry, and web workflows
Criticality Tier 2
Owner Platform / SCM owner
Clusters homelab
Namespace gitlab
Exposure internet
Stateful yes
Backup class app-native
RPO / RTO Daily backup target, 4 to 8 hours to restore
Last reviewed 2026-05-20

1. Service Overview

GitLab provides repository hosting, CI/CD, and related developer workflows from a single omnibus-style deployment.

Summary

If GitLab fails, repository access, CI/CD, and related web workflows stop for consumers of this instance.

Dependencies

Dependency Type Why it matters
PostgreSQL database Stores GitLab metadata and service state
Traefik ingress External HTTPS and Git entry points
PVC-backed storage storage Preserves omnibus data, logs, and application state

2. Architecture Diagram

[Browser / git client]
  -> [Traefik]
  -> [GitLab omnibus]
  -> [PostgreSQL]
  -> [PVC-backed config, logs, and data]

3. Deployment Specifications

Item Value
Source path gitlab/base and gitlab/overlays/homelab
Deployment model Kustomize plus Fleet bundle
Namespace gitlab
Workload kind Deployment plus PostgreSQL workload
Chart or image version See base manifests for current GitLab CE image tag
Config files base/kustomization.yaml, overlays/homelab/kustomization.yaml, fleet.yaml

Cluster mapping

Cluster Overlay path Notes
homelab gitlab/overlays/homelab Current homelab deployment

4. Configuration Guide

Environment variables

Variable Source Purpose Secret?
GitLab omnibus settings base manifests and overlay secrets App bootstrap, DB, mail, registry, and hostname settings mixed

ConfigMaps

Resource Path Purpose
Kustomize-managed runtime config gitlab/base and gitlab/overlays/homelab Application and exposure configuration

Secrets management

  • Secret names: DB credentials, application secrets, and external integration credentials in the gitlab namespace
  • Source of truth: overlay secret inputs and generated manifests
  • Rotation trigger: credential rotation, registry changes, or security response
  • Recovery note: restore all required secrets before restarting the omnibus pod

5. Access Protocols

Path URL or endpoint Audience Auth TLS terminates at
Internal Services inside the gitlab namespace Cluster workloads namespace RBAC Traefik / GitLab
External https://gitlab.mutana.fr Developers and operators GitLab auth Traefik

6. Operations and Observability

  • Primary health indicators: web UI responsive, background jobs healthy, DB healthy, and ingress routes serving traffic.
  • Dashboards or alerts: shared monitoring and ingress health.
  • Log locations: GitLab application logs, sidecar logs, and database logs.
  • Known failure modes: DB issues, storage exhaustion, ingress drift, and slow recovery after image upgrades.

7. Backup and Recovery Notes

  • Backup method: GitLab backup tooling plus PVC snapshot and DB backup.
  • Restore prerequisites: restored secrets, persistent storage, and DB state.
  • Related runbook: ../runbooks/gitlab.md

8. Release and Change Notes

  • Current deployed app version: see gitlab/base image tags.
  • Current chart version: N/A.
  • Last significant change: current repository state documents the standardized overlays/homelab layout for GitLab.
  • Rollback reference: previous overlay revision in Git.