It's not as bad as you think, I run the helm upgrade when patches come out, the backing store is S3 or managed SQL, it runs a nightly k8s cron called gitlab-backup which tarballs the whole thing into an s3 bucket with a single command restore should disaster strike. (This is part of the product, not a thing I wrote.)

I probably only babysit it for 30 minutes per year, including all the upgrades.