Gitlab hero border pattern left svg Gitlab hero border pattern right svg


Database Reliability at GitLab

The group of Database Reliability Engineers (DBREs) are on the Reliability Engineering teams that runs We care most about database reliability aspects of the infrastructure and GitLab as a product.

We strive to approach database reliability from a data driven perspective as much as we can. As such, we start by defining Service Level Objectives below and document what service levels we currently aim to maintain for

Database Architectural Diagrams

The Database diagram:

Database diagram

The pgbouncer setup for Read Write traffic:

PGBouncer RW diagram

The pgbouncer setup for Read Only traffic:

PGBouncer RO diagram

Database SLOs

We use Service Level Objects (SLOs) to reason about the performance and reliability aspects of the database. We think of SLOs as "commitments by the architects and operators that guide the design and operations of the system to meet those commitments."1

This list is by no means complete and we're just about to define SLOs and document them here. See #147.

OnGres Third-Party Support

In addition to the DBREs, the reliability of our database is supported by OnGres. OnGres provides 24x7 support with engineers in our PagerDuty escalation policy for database support (see Issues can be brought to the attention of OnGers engineers by affixed the ~Ongres or ~OngresSupport labels to Infrastructure issues. Finally, there is also a dedicated Slack channel, #ongres-gitlab, for issues.

Backup and Recovery

In backup and recovery, there are two SLOs:

SLO Current level Definition
DB-DR-TTR 8 hours Maximum time to recovery from a full database backup in case of disaster
DB-DR-RETENTION 7 days The number of days we keep backups for recovery purposes.

The backup strategy is to take a daily snapshot of the full database (basebackup) and store this in Google Cloud Storage. Additionally, we capture the write-ahead log data in GCS to be able to perform point-in-time recovery (PITR) using one of the basebackups. Read more on Disaster Recovery

For DB-DR-TTR we need to consider worst-case scenarios with the latest backup being 24 hours old. Hence recovery time includes the time it takes to perform PITR to recover from archive to a certain point in time (right before the disaster).

We are able to recover to any point in time within the last DB-DR-RETENTION days.

High Availability

For we maintain availability above 99.95%. For the PostgreSQL database, we define the following SLOs:

SLO Level Definition
DB-HA-UPTIME 99.9% General database availability
DB-HA-PERF p99 < 200ms 99th percentile of database queries runtime below this level.
DB-HA-LOSS 60s Maximum accepted data loss in face of a primary failure

A DB-HA-UPTIME of 99.9% allows for roughly 45 minutes of downtime per month. Uptime means, the database cluster is available to serve queries from the application while maintaining other database SLOs.

We allocate a downtime budget of 45 minutes per month for planned downtimes, although we strive to keep downtime as low as possible. The downtime budget can be used to introduce change to the system. If the budget is used up (planned or unplanned), we stop introducing change and focus on availability (similar to SRE error budgets).

As for DB-HA-PERF, 99% of queries should finish below 200ms.

With DB-HA-LOSS we require an upper bound on replication lag. A write on the primary is considered at risk as long as it has not been replicated to a secondary (or to the PITR archive).

To make it easier to find your way around you can find a list of useful or important links below.

As a database specialist the following tools can be very helpful:


The following (private) Grafana dashboard are important / useful for database specialists:


Basically everything under, but the following guides in particular are important:

For various other development related guides refer to

  1. From "Database Reliability Engineering", O'Reilly Media, 2017