The Challenge

Absci was running a self-hosted GitLab Enterprise Edition (v18.1.1) deployment on AWS EKS — a containerized setup supported by Amazon RDS, ElastiCache, and a VPN for secure remote access. While technically functional, this architecture introduced a growing list of operational overhead:

Infrastructure maintenance: patching, upgrades, and monitoring fell on the internal engineering team.

Scaling complexity: as team and project volume grew, so did the cost and effort of keeping the platform healthy.

VPN dependency: remote access relied on a VPN, introducing a single point of failure for developer access.

Operational overhead: backups, availability management, and incident response consumed engineering time that could be spent on product work.

Large binary assets: four repositories had grown beyond 5GB, requiring Git LFS and S3 backend management.

The organization needed a path to a modern, managed platform — one that would reduce friction, improve availability, and let the team focus on building, not maintaining infrastructure.

Our Approach

NextLink Labs conducted a thorough discovery engagement to map Absci's GitLab environment before recommending any migration path. This involved auditing the full scope of their deployment:

Discovery & Assessment

Catalogued 481 projects across 34 groups, mapping group hierarchy and project ownership.

Identified 14 project-level deploy tokens and 1 group-level deploy token requiring migration planning.

Documented CI/CD runner infrastructure.

Mapped third-party integrations: Okta SSO, Jira, and Slack.

Flagged four oversized repositories (5GB+) relying on Git LFS.

Noted active use of Container Registry, Package Registry, and Static Pages.

Migration Strategy: Direct Transfer

After evaluating options, NextLink Labs recommended GitLab's direct transfer method over export/import for its speed, data integrity, and reduced complexity at scale.

SSO & Identity Configuration

Absci was already using Okta for authentication on their self-hosted instance. We designed the GitLab.com SSO integration to match their existing identity model:

Configured SAML SSO at the top-level GitLab.com group.

Enabled SCIM provisioning via Okta Lifecycle Management for automated user add/remove.

Ensured NameID configuration matched GitLab's documented requirements.

Maintained temporary local admin accounts during cutover as a fallback.

Integration Reconnection

All third-party integrations were pre-configured and tested in a staging environment before the production cutover, including Jira issue linking, Slack pipeline and merge request notifications, and webhook endpoints for custom tooling.

Key Challenges & How We Solved Them

Username Namespace Conflicts

GitLab.com operates a global username namespace. Several Absci usernames conflicted with existing GitLab.com accounts, which would have broken user contribution mapping. NextLink Labs resolved this by pre-screening all 157 users against the GitLab.com namespace and coordinating with affected individuals on username alignment before migration began.

Package Registry Indexing

Post-migration, certain package registries did not index correctly under the new group hierarchy. NextLink Labs identified the root cause — a mismatch in project paths between the self-managed and SaaS namespaces. We re-triggered indexing via the GitLab API to restore full registry functionality.

Deploy Token & Automation Continuity

With 15 deploy tokens in active use across CI/CD and automation workflows, token recreation had to be carefully sequenced to avoid pipeline failures. We produced a token inventory, coordinated recreation with project owners, and updated downstream references before decommissioning the self-managed instance.

Large Repository Handling

A few repositories exceeding 5GB were migrated using Amazon S3. This approach bypassed the file size limitations of standard direct transfer, ensuring complete repository data — including Git LFS objects — arrived intact without manual intervention or data loss.

Results

The migration was completed within the planned maintenance window with zero data loss across all 481 projects — including full merge request history and issues.

Infrastructure Eliminated

Absci's engineering team no longer manages GitLab server infrastructure, database backups, Redis caches, or VPN access for GitLab. GitLab handles availability, upgrades, and security patching — freeing internal resources for product development.

Developer Productivity Restored

With VPN no longer required for GitLab access, developers gained frictionless access from any location. Okta SSO via GitLab.com provides the same secure, centralized authentication they were used to — without the maintenance burden.

Full Feature Parity Maintained

All GitLab EE capabilities — Container Registry, Package Registry, CI/CD pipelines, Jira integration, Slack notifications, and Static Pages — remained fully operational post-migration under a GitLab Premium SaaS license.

Acceptance Criteria Met

All repositories, commit history, branches, tags, and merge requests successfully migrated.

All 157 users authenticated via Okta SSO post-migration.

All CI/CD pipelines executed successfully with equivalent performance benchmarks.

Jira and Slack integrations confirmed operational with data sync verified.

About NextLink Labs