Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Getting started with Managed Service for GitLab

Written by
Improved by
Updated at April 22, 2025

To get started with the service:

  1. Create an instance.
  2. Set up a working environment.
  3. Add SSH keys to GitLab.
  4. Start using the repository.

Warning

To start working with Managed Service for GitLab, check this guide on how to migrate your projects from a GitLab custom installation to the service.

For more information about the differences between Managed Service for GitLab and the GitLab Community Edition custom installation, see the Service advantages over a GitLab custom installation section.

Getting started

  1. Go to the management console and log in to Yandex Cloud or sign up if not signed up yet.

  2. If you do not have a folder yet, create one:

    1. In the management console, select the appropriate cloud from the list on the left.

    2. At the top right, click Create folder.

    3. Give your folder a name. The naming requirements are as follows:

      • It must be from 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    4. Optionally, specify the description for your folder.

    5. Select Create a default network. This will create a network with subnets in each availability zone. Within this network, you will also have a default security group, inside which all network traffic will be allowed.

    6. Click Create.

  3. Assign the vpc.user role and the gitlab.editor role or higher to your Yandex Cloud account. These roles allow you to create an instance.

    Note

    If you are unable to manage roles, contact your cloud or organization administrator.

  4. Configure the default security group for access to the Managed Service for GitLab instance.

    Warning

    The security group's setup determines the Managed Service for GitLab instance performance and availability.

Create an instance

Warning

Once you have created an instance, you cannot change its network configuration, i.e., availability zone and subnet.

  1. In the management console, select the folder where you want to create a GitLab instance.

  2. Select Managed Service for GitLab.

  3. Click Create instance.

  4. At the top of the page:

    1. Enter the instance name. It must be unique throughout Yandex Cloud.

      • It must be from 2 to 63 characters long.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must start with a letter and cannot end with a hyphen.

    2. (Optional) Enter a description of the instance.

    3. (Optional) Add tags to break instances into logical groups.

    4. (Optional) Set instance protection against accidental deletion by the user.

  5. Under Configuration:

    1. Select the instance type. After you create an instance, you can change its type to a higher performing one.

    2. Specify the availability zone. After you create an instance, you cannot change its availability zone.

    3. Specify the subnet where the instance will be hosted. Currently, Yandex Cloud technical restrictions do not allow selecting a subnet with the 192.168.0.0/24 address range.

      The default security group for the selected network will be used for the instance. If you cannot open the GitLab web interface after you create the instance, configure your security group so that the rules allow incoming and outgoing traffic from required ports and IP addresses.

    4. Select the disk size. After you create an instance, you can increase its disk size.

    5. Specify the instance domain name: relevant DNS records will be automatically created for it in the .gitlab.yandexcloud.net domain.

      The domain name must be unique throughout Yandex Cloud.

      • Its length must be between 5 and 50 characters.
      • It may contain lowercase Latin letters, numbers, and hyphens.
      • It must not start or end with a dash character.

    6. Set up the retention period for automatic backups (in days).

    7. (Optional) Enable code approval rules. To do this, select the appropriate configuration for approval rules.

      Note

      The configuration you select affects the cost of using the instance's computing resources.

  6. Under Administrator data, specify:

    • Email: Email address of the GitLab instance administrator. This mailbox will receive an email with a link for creating a password.
    • Login: Administrator login.

  7. (Optional) Under Advanced settings, enable deletion of untagged images. This setting affects the amount of free disk space on the instance.

  8. Click Create.

  9. Wait for the instance to get ready: its status on the Managed Service for GitLab dashboard will change to Running. This may take some time.

Note

When you create an instance in Managed Service for GitLab, it automatically generates an SSL certificate. No additional configuration for using HTTPS is required.

Set up a working environment

  1. Activate the Managed Service for GitLab instance:

    1. Follow the link you received in your administrator mailbox after creating the instance.
    2. Change the administrator password.
    3. Log in using the administrator username and password.

  2. (Optional) Create a group to host the repository project.

    If there are several projects, you might want to group users together. This will allow you to:

    • Grant rights for specific projects to each group.
    • View issues and merge requests by group.
    • View analytics on group's activities.

    For more information, see the relevant GitLab documentation.

  3. Create an empty project to host the repository.

  4. Create users and add them to a group or project with the Maintainer or Owner role.

    You can only add your team members to a group or project by creating GitLab accounts for them.

Add SSH keys to GitLab

  1. Create a pair of public and private SSH keys for the GitLab account:

    1. Open the terminal.

    2. Use the ssh-keygen command to create a new key:

      ssh-keygen -t ed25519 -C "<optional_comment>"

      You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

      After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

      By default, the command prompts you to save the key under the id_ed25519 name in the following directory: /home/<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

    If you do not have OpenSSH installed yet, follow this guide to install it.

    1. Run cmd.exe or powershell.exe (make sure to update PowerShell before doing so).

    2. Use the ssh-keygen command to create a new key:

      ssh-keygen -t ed25519 -C "<optional_comment>"

      You can specify an empty string in the -C parameter to avoid adding a comment, or you may not specify the -C parameter at all: in this case, a default comment will be added.

      After running this command, you will be prompted to specify the name and path to the key files, as well as enter the password for the private key. If you only specify the name, the key pair will be created in the current directory. The public key will be saved in a file with the .pub extension, while the private key, in a file without extension.

      By default, the command prompts you to save the key under the id_ed25519 name in the following folder: C:\Users\<username>/.ssh. If there is already an SSH key named id_ed25519 in this directory, you may accidentally overwrite it and lose access to the resources it is used in. Therefore, you may want to use unique names for all SSH keys.

    Create keys using the PuTTY app:

    1. Download and install PuTTY.

    2. Add the folder with PuTTY to the PATH variable:

      1. Click Start and type Change system environment variables in the Windows search bar.
      2. Click Environment Variables... at the bottom right.
      3. In the window that opens, find the PATH parameter and click Edit.
      4. Add your folder path to the list.
      5. Click OK.

    3. Launch the PuTTYgen app.

    4. Select EdDSA as the pair type to generate. Click Generate and move the cursor in the field above it until key creation is complete.

      ssh_generate_key

    5. In Key passphrase, enter a strong password. Enter it again in the field below.

    6. Click Save private key and save the private key. Do not share its key phrase with anyone.

    7. Click Save public key and save the public key to a file named <key_name>.pub.

  2. Launch the SSH agent:

    1. Run this command:

      ssh-agent -s

    2. For the SSH agent to start on login, add the launch command to the ~/.profile file:

      ssh-agent -s
    1. Open the Start button context menu.
    2. Select Computer Management.
    3. Go to Services and ApplicationsServices.
    4. Open the context menu of the SSH agent service and select Properties.
    5. On the Main tab, change the startup type from Off to Automatic.
    6. Click OK and start the service.

  3. Add a key to the SSH agent:

    ssh-add <private_key_path>

  4. Assign a public SSH key to the GitLab account.

  5. Check that you can connect to GitLab:

    ssh -T git@<GitLab_instance_domain>

    Example:

    ssh -T git@example.gitlab.yandexcloud.net

    If connecting for the first time, you will get this or similar message:

    The authenticity of host 'gitlab.example.com (35.231.145.151)' can't be established.
ECDSA key fingerprint is SHA256:HbW3g8zUjNSksFbqTiUWPWg2Bq1x8xdGUrliXFzSnUw.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'gitlab.example.com' (ECDSA) to the list of known hosts.

    Type yes and press Enter.

    If it is not your first time, you will get this upon a successful connection:

    Welcome to GitLab, @<login>!

    In case of an error, run the connection in Verbose mode to get the logs:

    ssh -Tvvv git@<GitLab_instance_domain>

Ask each member of your group or project to create an SSH key pair this way and assign the public key to their account in GitLab.

Start using the repository

To start working with a local copy of your repository using the account you created, follow the steps below on your local computer:

  1. Install the Git client.

  2. Clone the repository using the SSH protocol.

    What to do if you get the Permission denied (publickey) error

    When cloning, you may get this error:

    Cloning into '<project_name>'...
git@<GitLab_instance_domain>: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

    If you get this error:

    1. Create and open a configuration file to set up SSH keys:

      nano ~/.ssh/config

    2. Add content to it:

      Host <GitLab_instance_domain>
   IdentityFile <private_key_path>

      In the IdentityFile parameter, specify the absolute path to the private key you created for the GitLab project.

    3. Save the file.

    4. Clone the repository again via SSH.

  3. Go to the repository folder:

    cd <project_name>

  4. Make changes to the repository files.

  5. Index and apply the changes in the local repository:

    git add . && git commit -m "<commit_name>"

  6. Push the changes to the remote repository:

    git push origin main
Next
All guides