gitlab
| Field |
Value |
| Service |
gitlab |
| Purpose |
Full self-hosted DevOps platform for Git, CI/CD, registry, and web workflows |
| Criticality |
Tier 2 |
| Owner |
Platform / SCM owner |
| Clusters |
homelab |
| Namespace |
gitlab |
| Exposure |
internet |
| Stateful |
yes |
| Backup class |
app-native |
| RPO / RTO |
Daily backup target, 4 to 8 hours to restore |
| Last reviewed |
2026-05-20 |
1. Service Overview
GitLab provides repository hosting, CI/CD, and related developer workflows from a single omnibus-style deployment.
Summary
If GitLab fails, repository access, CI/CD, and related web workflows stop for consumers of this instance.
Dependencies
| Dependency |
Type |
Why it matters |
| PostgreSQL |
database |
Stores GitLab metadata and service state |
| Traefik |
ingress |
External HTTPS and Git entry points |
| PVC-backed storage |
storage |
Preserves omnibus data, logs, and application state |
2. Architecture Diagram
[Browser / git client]
-> [Traefik]
-> [GitLab omnibus]
-> [PostgreSQL]
-> [PVC-backed config, logs, and data]
3. Deployment Specifications
| Item |
Value |
| Source path |
gitlab/base and gitlab/overlays/homelab |
| Deployment model |
Kustomize plus Fleet bundle |
| Namespace |
gitlab |
| Workload kind |
Deployment plus PostgreSQL workload |
| Chart or image version |
See base manifests for current GitLab CE image tag |
| Config files |
base/kustomization.yaml, overlays/homelab/kustomization.yaml, fleet.yaml |
Cluster mapping
| Cluster |
Overlay path |
Notes |
| homelab |
gitlab/overlays/homelab |
Current homelab deployment |
4. Configuration Guide
Environment variables
| Variable |
Source |
Purpose |
Secret? |
| GitLab omnibus settings |
base manifests and overlay secrets |
App bootstrap, DB, mail, registry, and hostname settings |
mixed |
ConfigMaps
| Resource |
Path |
Purpose |
| Kustomize-managed runtime config |
gitlab/base and gitlab/overlays/homelab |
Application and exposure configuration |
Secrets management
- Secret names: DB credentials, application secrets, and external integration credentials in the gitlab namespace
- Source of truth: overlay secret inputs and generated manifests
- Rotation trigger: credential rotation, registry changes, or security response
- Recovery note: restore all required secrets before restarting the omnibus pod
5. Access Protocols
| Path |
URL or endpoint |
Audience |
Auth |
TLS terminates at |
| Internal |
Services inside the gitlab namespace |
Cluster workloads |
namespace RBAC |
Traefik / GitLab |
| External |
https://gitlab.mutana.fr |
Developers and operators |
GitLab auth |
Traefik |
6. Operations and Observability
- Primary health indicators: web UI responsive, background jobs healthy, DB healthy, and ingress routes serving traffic.
- Dashboards or alerts: shared monitoring and ingress health.
- Log locations: GitLab application logs, sidecar logs, and database logs.
- Known failure modes: DB issues, storage exhaustion, ingress drift, and slow recovery after image upgrades.
7. Backup and Recovery Notes
- Backup method: GitLab backup tooling plus PVC snapshot and DB backup.
- Restore prerequisites: restored secrets, persistent storage, and DB state.
- Related runbook: ../runbooks/gitlab.md
8. Release and Change Notes
- Current deployed app version: see gitlab/base image tags.
- Current chart version: N/A.
- Last significant change: current repository state documents the standardized
overlays/homelab layout for GitLab.
- Rollback reference: previous overlay revision in Git.