DevOps

Use minio as an external object storage with Gitlab

Troubleshooting the replacement of the built-in minio S3 storage used by Gitlab in a managed installation

gitlab

minio

storage

kubernetes

helm

Context

Gitlab can be installed on a Kubernetes cluster with the help of the official Gitlab Helm chart. Here I install it on a Rancher managed Kubernetes cluster with the usual griefs that come with the installation of such a behemoth: optimizing resources, picking the right subchart to install and how to install it. The installation is notoriously tedious given the substantial amount of subcharts and options, not counting the optimization needed to fit it in a resource-constrained cluster. Everything was working fine until we had a cluster issue with nodes crashing and I had to reinstall Gitlab from the custom chart I created. The installation only kept the gitaly, postgresql and redis PVCs, and to my devopsy sorrow, the minio storage was gone. There is no way around it, minio has to be installed seprately for a production ready self managed Gitlab. Here's how.

Pre-requisites

A working Kubernetes installation and a distributed block storage for Kubernetes (I am using Longhorn on Rancher)
A working helm tooling
Needles to say, a sufficiently provisioned cluster with preferably a backup and restoration routine

Install a minio chart

EASY~30MIN

We'll use a Bitnami chart to install a standalone Minio instance:

minio-external:
  mode: standalone
  enabled: true
  persistence:
    enabled: true
    size: 10Gi
    annotations:
      helm.sh/resource-policy: keep
  auth:
    rootUser: <REDACTED>
    rootPassword: <REDACTED>
  provisioning:
    enabled: true
    users:
      - username: <REDACTED>
        password: <REDACTED>
        disabled: false
        policies:
          - readwrite
          - consoleAdmin
          - diagnostics  
        setPolicies: false
  accessKey:
    password: <REDACTED>
  secretKey:
    password: <REDACTED>
  # volumePermissions:
  #   enabled: true
  defaultBuckets: default,gitlab-registry-storage,gitlab-lfs,gitlab-artifacts,gitlab-uploads,gitlab-packages,gitlab-mr-diffs,gitlab-terraform-state,gitlab-ci-secure-files,gitlab-dependency-proxy,gitlab-pages

Use this configuration to kickstart a Minio instance with the buckets needed by Gitlab (defaultBuckets). These buckets are needed by different services of Gitlab and they will be mentionned in appConfig later.

The default minio values for this helm chart are available [here](# charts/bitnami/minio/values.yaml at main · bitnami/charts · GitHub).

Disable managed minio

MEDIUM~1MIN

Since we are using an external Minio instance we do not need the Gitlab managed one anymore. In your Gitlab values file disable minio:

global:
  ...
  minio:
    enabled: false

:warning: This will delete your Gitlab Minio instance and all its data. Please proceed with caution. Consider backuping your data and migrating it afterwards using your tool of choice. I would use minio command line.

Create a secret

MEDIUM~2MIN

apiVersion: v1  
kind: Secret
metadata:  
    name: gitlab-object-storage
stringData:
  connection: |
    provider: AWS
    region: us-east-1
    aws_access_key_id: <REDACTED>
    aws_secret_access_key: <REDACTED>
    endpoint: "gitlab-minio-external:9000"

Connect Gitlab to the new Minio instance