set gitlab Initial root password - Gitlab Helm chart

1/13/2021

I am using the Gitlab helm chart to install Gitlab on my cluster. I want to set initialRootPassword so that I can login without doing kubectl get secret

  ## Initial root password for this GitLab installation
  ## Secret created according to doc/installation/secrets.md#initial-root-password
  ## If allowing shared-secrets generation, this is OPTIONAL.  
  initialRootPassword: {}
    # secret: RELEASE-gitlab-initial-root-password
    # key: password

The above block is a bit confusing. Can you please help me with this? Thanks.

-- Karthick Sundar
gitlab
helmfile
kubernetes
kubernetes-helm

1 Answer

1/13/2021

The initialRootPassword refers to a secret object within kubernetes, so you must first create a secret within the same namespace as your gitlab instance and then point initialRootPassword to it.

For example, if you want the root password to be "password", first you need to base64 encode it

$ echo -n "password"|base64
cGFzc3dvcmQ=

Then add it to kubernetes

# secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: gitlab-root-password
data:
  password: cGFzc3dvcmQ=
kubectl apply -f secret.yaml

There are other ways to create the secret, see the docs for more info on that.

You can then set the initialRootPassword

initialRootPassword:
    secret: gitlab-root-password
    key: password

The key here refers to the name of the data key in the secret object.

An alternative is to use Gitlab default values which allow you to create a secret object that will be used automatically without explicitly setting initialRootPassword

This example is taken from gitlab docs (Replace <name> with the name of the release).

kubectl create secret generic <name>-gitlab-initial-root-password --from-literal=password=$(head -c 512 /dev/urandom | LC_CTYPE=C tr -cd 'a-zA-Z0-9' | head -c 32)
-- Diddi Oskarsson
Source: StackOverflow