Deploy GitLab

Instead of using the official helm chart for GitLab, we use a stripped down version that

  • Exposes GitLab at
  • Exposes Docker Registry at
  • Listens only on HTTP while TLS is handled by Ingress.
  • Uses an admin service account.
  • Uses a PVC to store data.

To deploy GitLab run:

$ kubectl apply -f gitlab/gitlab.yaml

To expose GitLab, create an Ingress resource:

$ kubectl apply -f gitlab/ingress.yaml

To visit GitLab go to


Serving GitLab under prefix is not that straightforward (see

Add Kubernetes Cluster to GitLab

To add the Kubernetes Cluster to GitLab follow

We have enabled private access to the EKS cluster so we have to allow Requests to the local network in GitLab (see Go to Admin -> Settings -> Network -> Outbound Requests -> Allow requests to the local network from hooks and services and allow both.

To obtain the endpoint of the cluster run:

$ kubectl config view -o json --raw --minify=true | jq -r '.clusters[].cluster.server'

To obtain the CA certificate of the cluster run:

$ kubectl config view -o json --raw --minify=true | \
>     jq -r '.clusters[].cluster["certificate-authority-data"]' | \
>           base64 -d

To obtain an admin token, since GitLab is already running with admin service account create a dedicated admin token:

$ kubectl apply -f gitlab/gitlab-admin-token.yaml
$ kubectl get secrets -n gitlab gitlab-admin-token -o json | \
>     jq -r '.data.token' | base64 -d