From bee2ebab9f4eabd74834f742761910d94980a399 Mon Sep 17 00:00:00 2001 From: Hayley Swimelar Date: Wed, 2 Jul 2025 16:12:11 -0700 Subject: [PATCH 1/4] External Databases: document container registry database requirements --- doc/advanced/external-db/_index.md | 68 ++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/doc/advanced/external-db/_index.md b/doc/advanced/external-db/_index.md index 4907e67fa8..44ec8d737b 100644 --- a/doc/advanced/external-db/_index.md +++ b/doc/advanced/external-db/_index.md @@ -69,3 +69,71 @@ To configure the GitLab chart to use an external database: --set global.psql.password.secret=gitlab-postgresql-password --set global.psql.password.key=postgres-password ``` +### Container Registry Database (Optional) + +If you plan to use the [container registry metadata database](https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html), +you should also create the registry database and user: + +1. Create a `registry` user with a password of your choice. +1. Create the `registry` database and make the registry user an owner of the database. +1. Grant additional roles to your `registry` user as mentioned below for cloud-managed services. + +Example SQL commands: + +```sql +-- Create the registry user +CREATE USER registry WITH PASSWORD ''; + +-- Create the registry database +CREATE DATABASE registry OWNER registry; + +-- For cloud-managed services, grant additional roles as needed: +-- Amazon RDS: GRANT rds_superuser TO registry; +-- Azure Database: GRANT azure_pg_admin TO registry; +-- Google Cloud SQL: GRANT cloudsqlsuperuser TO registry; +``` + +{{< alert type="note" >}} + +Even if you're not immediately planning to use the registry metadata database, +creating these objects now will simplify future migration when you decide to +enable the registry database feature. + +{{< /alert >}} + +#### Example Configuration Section + +**Add to the existing configuration:** +```yaml +global: + # Main GitLab database + psql: + host: + port: + username: + database: gitlabhq_production + password: + secret: + key: + + # Registry database (when enabled) + registry: + database: + enabled: true + host: # Same host as main database + port: # Same port as main database + user: registry + password: + secret: + key: + dbname: registry + sslmode: require # See the PostgreSQL documentation for additional information https://www.postgresql.org/docs/16/libpq-ssl.html + sslcert: + sslkey: + sslrootcert: + + +# Disable built-in PostgreSQL +postgresql: + install: false +``` -- GitLab From 0ff2e67ec40c918ef9fe20066de00557762537a9 Mon Sep 17 00:00:00 2001 From: Hayley Swimelar Date: Wed, 2 Jul 2025 16:17:31 -0700 Subject: [PATCH 2/4] Apply 2 suggestion(s) to 1 file(s) --- doc/advanced/external-db/_index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/advanced/external-db/_index.md b/doc/advanced/external-db/_index.md index 44ec8d737b..f227009d4b 100644 --- a/doc/advanced/external-db/_index.md +++ b/doc/advanced/external-db/_index.md @@ -69,6 +69,7 @@ To configure the GitLab chart to use an external database: --set global.psql.password.secret=gitlab-postgresql-password --set global.psql.password.key=postgres-password ``` + ### Container Registry Database (Optional) If you plan to use the [container registry metadata database](https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html), @@ -104,6 +105,7 @@ enable the registry database feature. #### Example Configuration Section **Add to the existing configuration:** + ```yaml global: # Main GitLab database -- GitLab From 438a82aa485836733a07e03c6732e4ef6b9cd920 Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 4 Jul 2025 22:12:24 +0200 Subject: [PATCH 3/4] Apply 3 suggestion(s) to 1 file(s) --- doc/advanced/external-db/_index.md | 98 +++++++++++++++++------------- 1 file changed, 55 insertions(+), 43 deletions(-) diff --git a/doc/advanced/external-db/_index.md b/doc/advanced/external-db/_index.md index f227009d4b..fa6530a4a2 100644 --- a/doc/advanced/external-db/_index.md +++ b/doc/advanced/external-db/_index.md @@ -73,7 +73,15 @@ To configure the GitLab chart to use an external database: ### Container Registry Database (Optional) If you plan to use the [container registry metadata database](https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html), -you should also create the registry database and user: +you should also create the registry database and user. + +{{< alert type="note" >}} + +Even if you're not immediately planning to use the registry metadata database, +creating these objects now will simplify future migration when you decide to +enable the registry database. + +{{< /alert >}} 1. Create a `registry` user with a password of your choice. 1. Create the `registry` database and make the registry user an owner of the database. @@ -94,48 +102,52 @@ CREATE DATABASE registry OWNER registry; -- Google Cloud SQL: GRANT cloudsqlsuperuser TO registry; ``` -{{< alert type="note" >}} +To configure GitLab to use both databases: -Even if you're not immediately planning to use the registry metadata database, -creating these objects now will simplify future migration when you decide to -enable the registry database feature. +1. Export the Helm values: -{{< /alert >}} + ```shell + helm get values gitlab > gitlab_values.yaml + ``` -#### Example Configuration Section - -**Add to the existing configuration:** - -```yaml -global: - # Main GitLab database - psql: - host: - port: - username: - database: gitlabhq_production - password: - secret: - key: - - # Registry database (when enabled) - registry: - database: - enabled: true - host: # Same host as main database - port: # Same port as main database - user: registry - password: - secret: - key: - dbname: registry - sslmode: require # See the PostgreSQL documentation for additional information https://www.postgresql.org/docs/16/libpq-ssl.html - sslcert: - sslkey: - sslrootcert: - - -# Disable built-in PostgreSQL -postgresql: - install: false -``` +1. Edit `gitlab_values.yaml`: + + ```yaml + global: + # Main GitLab database + psql: + host: + port: + username: + database: gitlabhq_production + password: + secret: + key: + + # Registry database (when enabled) + registry: + database: + enabled: true + host: # Same host as main database + port: # Same port as main database + user: registry + password: + secret: + key: + dbname: registry + sslmode: require # See the PostgreSQL documentation for additional information https://www.postgresql.org/docs/16/libpq-ssl.html + sslcert: + sslkey: + sslrootcert: + + + # Disable built-in PostgreSQL + postgresql: + install: false + ``` + +1. Save the file and apply the new values: + + ```shell + helm upgrade -f gitlab_values.yaml gitlab gitlab/gitlab + ``` -- GitLab From 68012318c681f565d2a53726fbcffe4b9cc5c4cc Mon Sep 17 00:00:00 2001 From: Achilleas Pipinellis Date: Fri, 4 Jul 2025 22:13:12 +0200 Subject: [PATCH 4/4] Apply 1 suggestion(s) to 1 file(s) --- doc/advanced/external-db/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/advanced/external-db/_index.md b/doc/advanced/external-db/_index.md index fa6530a4a2..d94eb46e6c 100644 --- a/doc/advanced/external-db/_index.md +++ b/doc/advanced/external-db/_index.md @@ -70,7 +70,7 @@ To configure the GitLab chart to use an external database: --set global.psql.password.key=postgres-password ``` -### Container Registry Database (Optional) +### Container registry database (optional) If you plan to use the [container registry metadata database](https://docs.gitlab.com/ee/administration/packages/container_registry_metadata_database.html), you should also create the registry database and user. -- GitLab