talks/2025-08-29-gitlab-openshift

Gitlab installation

• Pre-requisites
  • Verify cluster auth status
  • Ensure cert manager is installed
• Install gitlab operator
• Create gitlab instance
• Log into gitlab

A short guide on installing GitLab in OpenShift 4.19.

Pre-requisites

Before we begin, let's ensure we are logged into our cluster in the terminal and the cluster meets our version requirements.

Verify cluster auth status

oc version && oc whoami

Client Version: 4.19.9
Kustomize Version: v5.5.0
Server Version: 4.19.9
Kubernetes Version: v1.32.7
admin

Ensure cert manager is installed

A pre-requisite for GitLab is having cert manager installed.

cat << EOF | oc apply --filename -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-cert-manager-operator
  namespace: cert-manager-operator
spec:
  channel: stable-v1
  installPlanApproval: Automatic
  name: openshift-cert-manager-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOF

subscription.operators.coreos.com/openshift-cert-manager-operator created

Install gitlab operator

Everything we deploy relating to GitLab will be via the GitLab Operator. Our first step is to create a Subscription that will install the Operator on our OpenShift cluster.

cat << EOF | oc apply --filename -
apiVersion: v1
kind: Namespace
metadata:
  name: gitlab-system

---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: gitlab-operator-kubernetes
  namespace: gitlab-system
spec:
  channel: stable
  installPlanApproval: Automatic
  name: gitlab-operator-kubernetes
  source: certified-operators
  sourceNamespace: openshift-marketplace
  startingCSV: gitlab-operator-kubernetes.v2.3.1
EOF

namespace/gitlab-system created
subscription.operators.coreos.com/gitlab-operator-kubernetes created

Create gitlab instance

Once the operator is installed we can create an instance of GitLab using the newly available GitLab CRD, a basic example is below:

cat << EOF | oc apply --filename -
apiVersion: apps.gitlab.com/v1beta1
kind: GitLab
metadata:
  name: gitlab
  namespace: gitlab-system
spec:
  chart:
    version: "9.3.1"
    values:
      certmanager:
        install: false
      certmanager-issuer:
        email: "nobody@nowhere.nosite"
      global:
        hosts:
          domain: $(oc get ingress.config.openshift.io cluster --output jsonpath={'.spec.domain'})
        ingress:
          annotations:
            route.openshift.io/termination: edge
          class: none
          configureCertmanager: true
          tls:
            secretName: null
      nginx-ingress:
        install: false
        enabled: false
      prometheus:
        install: false
EOF

gitlab.apps.gitlab.com/gitlab created

We can wait for the gitlab deployment to become ready by checking the condition of the Gitlab custom resource.

oc --namespace gitlab-system wait --for=condition=Available gitlab/gitlab --timeout=3m

gitlab.apps.gitlab.com/gitlab condition met

Log into gitlab

Once the gitlab instance is Available we can retrieve the Ingress hostname and login!

echo "https://"$(oc get ingress --namespace gitlab-system gitlab-webservice-default --output jsonpath={'.spec.tls[0].hosts[0]'})

https://gitlab.apps.cluster-x99pc.dynamic.redhatworkshops.io

oc get secret --namespace gitlab-system gitlab-gitlab-initial-root-password --output jsonpath={'.data.password'} | base64 --decode | wl-copy