Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Getting started with Managed Service for GitLab

Written by
Improved by
Updated at May 12, 2026

To get started:

  1. Create an instance.
  2. Set up the runtime environment.
  3. Add SSH keys to GitLab.
  4. Start using the repository.

Warning

Before you begin, check this guide on how to migrate your projects from a custom GitLab installation to Managed Service for GitLab.

For more information about the differences between Managed Service for GitLab and the custom GitLab Community Edition installation, see Advantages over a custom GitLab installation.

Getting started

  1. Navigate to the management console and log in to Yandex Cloud or sign up if you do not have an account yet.

  2. If you do not have a folder yet, create one:

    1. In the management console, in the top panel, click or and select the cloud.

    2. To the right of the cloud name, click .

    3. Select Create folder.

      create-folder1

    4. Give your folder a name. The naming requirements are as follows:

      • Length: between 3 and 63 characters.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    5. Optionally, specify the description for your folder.

    6. Select Create a default network. This will create a network with subnets in each availability zone. Within this network, you will also have a default security group, within which all network traffic will be allowed.

    7. Click Create.

      create-folder2

  3. Assign the vpc.user role and the gitlab.editor role or higher to your Yandex Cloud account. These roles allow you to create an instance.

    Note

    If you cannot manage roles, contact your cloud or organization administrator.

Create an instance

Warning

Once you have created an instance, you cannot change its network configuration, i.e., availability zone and subnet.

  1. In the management console, select the folder where you want to create a GitLab instance.

  2. Go to Managed Service for GitLab.

  3. Click Create instance.

  4. At the top of the page:

    1. Enter a name for your instance. It must be unique within Yandex Cloud.

      • Length: between 3 and 63 characters.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    2. Optionally, enter a description for the instance.

    3. Optionally, add labels to break instances into logical groups.

    4. Optionally, set instance protection against accidental deletion by users.

  5. Under Configuration:

    1. Select the instance type. After you create an instance, you can upgrade its type to a higher performing one.

    2. Specify the availability zone. After you create an instance, you cannot change its availability zone.

    3. Specify the subnet to host the instance. Currently, Yandex Cloud technical restrictions do not allow selecting a subnet with the 192.168.0.0/24 address range.

    4. Select a security group or create a new one:

      1. Click Create group.
      2. Enter a name and description for the security group. You can add rules for the security group later in Virtual Private Cloud.
      3. Click Create.

      If you do not specify a separate security group, the default security group created in the instance network will apply.

      Configure your security group so that its rules allow incoming and outgoing traffic on the specified ports and IP addresses.

      Warning

      The security group's setup determines the Managed Service for GitLab instance performance and availability.

      If you have issues with setting up a security group, contact support.

    5. Select the disk size. After you create an instance, you can increase its disk size.

    6. Specify the instance domain name: the system will automatically create the relevant DNS records for it in the .gitlab.yandexcloud.net domain.

      The domain name must be unique within Yandex Cloud.

      • It must be from 5 to 50 characters long.
      • It can include lowercase Latin letters, numbers, and hyphens.
      • It cannot not start or end with a hyphen.

    7. Set up the automatic backup retention period in days.

    8. Optionally, enable approval rules. To do this, select the appropriate configuration for approval rules.

      Note

      The configuration you select affects the cost of using the instance computing resources.

  6. Under Administrator data, specify:

    • Email: Email address of the GitLab instance administrator. This is the address to receive the email with a link to create a password.
    • Login: Administrator login.

  7. Optionally, under Advanced settings, enable deletion of untagged images. This setting affects the amount of free disk space on the instance.

  8. Click Create.

  9. Wait until the instance is ready: its status on the Managed Service for GitLab dashboard will change to Running. This may take a while.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

  1. See the description of the CLI command for creating a Managed Service for GitLab instance:

    yc managed-gitlab instance create --help

  2. Select a subnet:

    yc vpc subnet list

    Result:

    +----------------------+---------------------------+----------------------+----------------+-------------------+-----------------+
|          ID          |           NAME            |      NETWORK ID      | ROUTE TABLE ID |       ZONE        |      RANGE      |
+----------------------+---------------------------+----------------------+----------------+-------------------+-----------------+
| e9bnlm18l70a******** |   default-ru-central1-a   | enpe3m3fa00u******** |                |   ru-central1-a   | [10.128.0.0/24] |
+----------------------+---------------------------+----------------------+----------------+-------------------+-----------------+

  3. Create a GitLab instance (this example does not use all available parameters):

    yc managed-gitlab instance create \
  --name first-instance \
  --resource-preset-id <host_class> \
  --disk-size <disk_size_in_GB> \
  --admin-login <admin_login> \
  --admin-email <admin_email_address> \
  --domain-prefix <instance_domain_name> \
  --deletion-protection \
  --approval-rules <approval_rule_configuration> \
  --subnet-id <subnet_ID>

    Where:

    • --name: Instance name, unique within Yandex Cloud. Follow these naming requirements:

      • Length: between 3 and 63 characters.
      • It can only contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    • --resource-preset-id: Host class. It determines the configuration of the VM to host the GitLab instance. The possible values are:

      • s2.micro: 2 vCPUs, 8 GB RAM
      • s2.small: 4 vCPUs, 16 GB RAM
      • s2.medium: 8 vCPUs, 32 GB RAM
      • s2.large: 16 vCPUs, 64 GB RAM

    • --disk-size: Disk size, in GB.

    • --admin-login: GitLab instance admin login.

    • --admin-email: Instance admin email address. This is the address to receive the email with a link to create a password.

    • --domain-prefix: Instance domain name. The system will automatically create the relevant DNS records for it in the .gitlab.yandexcloud.net domain.

      The domain name must be unique within Yandex Cloud.

      • It must be from 5 to 50 characters long.
      • It can include lowercase Latin letters, numbers, and hyphens.
      • It cannot not start or end with a hyphen.

    • --deletion-protection: Instance protection against accidental deletion by users.

    • --approval-rules: Approval rule configuration. The possible values are:

      • BASIC
      • STANDARD
      • ADVANCED

      Note

      The configuration you select affects the cost of using the instance computing resources.

    • --subnet-id: ID of the selected subnet.

    Result:

    id: c17c60tpadua********
folder_id: b1g2slt7p9ug********
created_at: "2025-07-20T18:34:16.078Z"
updated_at: "2025-07-20T18:34:16.078Z"
name: test-cli
resource_preset_id: s2.small
disk_size: "107374182400"
status: RUNNING
admin_login: admin-gl
admin_email: user@example.com
domain: test-domain-user.gitlab.yandexcloud.net
subnet_id: e9b4rrpuu2a********
backup_retain_period_days: "7"
deletion_protection: true
approval_rules_id: BASIC
gitlab_version: 17.11.6

    For more information about this command, see the CLI reference.

Note

When you create an instance in Managed Service for GitLab, the system automatically generates an SSL certificate. Using HTTPS requires no advanced setup.

Set up the runtime environment

  1. Activate your Managed Service for GitLab instance:

    1. Follow the link you received in your administrator mailbox after creating the instance.
    2. Change the administrator password.
    3. Log in using the administrator username and password.

  2. Optionally, create a group to host the repository project.

    When working with multiple projects, consider grouping users together. This will allow you to:

    • Grant permissions for specific projects to each group.
    • View issues and merge requests by group.
    • View group activity analytics.

    For more information, see this GitLab guide.

  3. Create an empty project to host the repository.

  4. Create users and add them to a group or project with the Maintainer or Owner role.

    You can only add your team members to a group or project by creating GitLab accounts for them.

Add SSH keys to GitLab

  1. Create a pair of public and private SSH keys for the GitLab account:

    1. Open the terminal.

    2. Use the ssh-keygen command to create a new key:

      ssh-keygen -t ed25519 -C "<optional_comment>"

      You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

      After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

      By default, the command prompts you to save the key under the id_ed25519 name in the following directory: /home/<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

    If you do not have OpenSSH installed yet, follow this guide to install it.

    1. Run cmd.exe or powershell.exe (make sure to update PowerShell before doing so).

    2. Use the ssh-keygen command to create a new key:

      ssh-keygen -t ed25519 -C "<optional_comment>"

      You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

      After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

      By default, the command prompts you to save the key under the id_ed25519 name in the following folder: C:\Users\<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

    Create keys using the PuTTY app:

    1. Download and install PuTTY.

    2. Add the folder with PuTTY to the PATH variable:

      1. Click Start and type Change system environment variables in the Windows search bar.
      2. Click Environment Variables... at the bottom right.
      3. In the window that opens, find the PATH parameter and click Edit.
      4. Add your folder path to the list.
      5. Click OK.

    3. Launch the PuTTYgen app.

    4. Select EdDSA as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.

      ssh_generate_key

    5. In Key passphrase, enter a strong password. Enter it again in the field below.

    6. Click Save private key and save the private key. Do not share its key phrase with anyone.

    7. Click Save public key and save the public key to a file named <key_name>.pub.

  2. Launch the SSH agent:

    1. Run this command:

      ssh-agent -s

    2. For the SSH agent to start on login, add the launch command to the ~/.profile file:

      ssh-agent -s
    1. Open the Start button context menu.
    2. Select Computer Management.
    3. Go to Services and ApplicationsServices.
    4. Open the context menu of the SSH agent service and select Properties.
    5. On the Main tab, change the startup type from Off to Automatic.
    6. Click OK and start the service.

  3. Add a key to the SSH agent:

    ssh-add <private_key_path>

  4. Assign a public SSH key to the GitLab account.

  5. Check that you can connect to GitLab:

    ssh -T git@<GitLab_instance_domain>

    Here is an example:

    ssh -T git@example.gitlab.yandexcloud.net

    If this is your first time connecting, you will see a message like this:

    The authenticity of host 'gitlab.example.com (35.231.145.151)' can't be established.
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.example.com' (ECDSA) to the list of known hosts.

    Type yes and press Enter.

    If you have connected before, you will get this message upon successful connection:

    Welcome to GitLab, @<login>!

    In case of an error, start the connection in verbose mode to get the logs:

    ssh -Tvvv git@<GitLab_instance_domain>

Ask each member of your group or project to create an SSH key pair in this manner and assign the public key to their account in GitLab.

Start using the repository

To start working with a local copy of your repository using the account you created, follow the steps below on your local computer:

  1. Install Git.

  2. Clone the repository over SSH.

    What to do if you get the Permission denied (publickey) error

    When cloning, you may get this error:

    Cloning into '<project_name>'...
git@<GitLab_instance_domain>: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

    If you get this error:

    1. Create and open a configuration file for SSH key setup:

      nano ~/.ssh/config

    2. Add this content to it:

      Host <GitLab_instance_domain>
   IdentityFile <private_key_path>

      In the IdentityFile parameter, specify the absolute path to the private key you created for the GitLab project.

    3. Save the file.

    4. Clone the repository over SSH again.

  3. Go to the repository directory:

    cd <project_name>

  4. Make changes to the repository files.

  5. Index and commit the changes in the local repository:

    git add . && git commit -m "<commit_name>"

  6. Push the changes to the remote repository:

    git push origin main
Next
All guides