Preliminary version. The functionality may change, but the basic features will be preserved. Compatibility with future versions is ensured, but may require additional migration actions.
Code components overview
Section provides high-level overview of existing components and their functions
- Gitaly - git RPC service for handling all Git calls made by GitLab
- Praefect - a transparent proxy between any Git client and Gitaly storage nodes.
- Sidekiq - background jobs processor
- Webservice - exposes product UI and public API
- Webservice-internal-api - serves API request from other components of Gitlab
- Shell - a program designed at GitLab to handle SSH-based git sessions, and modifies the list of authorized keys
- Toolbox - a swiss-knife that enables administrators to do restore from backups or use rails-console
- Exporter - process designed in house that allows us to export metrics about Code application internals to Prometheus
- MRA - stands for merge request approval. A service that implements corresponding Gitlab functionality along with CODEOWNERS feature
- Migrations-job - job that does database migrations
- Backup-cronjob - cronjob responsible for backup process
- Pages - a feature that allows you to publish static websites directly from a repository in GitLab. Optional component
- Registry - Container registry, allows pushing and pulling of images. Optional component
To learn more about specific components and their purposes you can do here in official documentation.
Full CodeInstance CRD
Take into account that some parameters might be mutually exclusive (like redis.host and redis.sentinel)
apiVersion: deckhouse.io/v1
kind: CodeInstance
metadata:
name: code
spec:
appConfig:
contentSecurityPolicy:
enabled: <bool>
reportOnly: <bool>
directives: { }
cronJobs:
<cron job name>:
cron: string
jobClass: string
customHtmlHeaderTags: <string>
ldap:
preventSignin: <bool>
servers:
main:
label: <string>
host: <string>
port: <int>
uid: <string>
base: <string>
encryption: <string>
verifyCertificates: <bool>
timeout: <int>
activeDirectory: <bool>
allowUsernameOrEmailLogin: <bool>
blockAutoCreatedUsers: <bool>
userFilter: <string>
lowercaseUsernames: <bool>
bindDn: <string>
password: <string>
attributes:
username: <array>
email: <array>
name: <string>
firstName: <string>
lastName: <string>
omniauth:
enabled: <bool>
allowBypassTwoFactor: <bool>
allowSingleSignOn: <bool|array>
autoLinkLdapUser: <bool>
autoLinkSamlUser: <bool>
autoLinkUser: <bool>
autoSignInWithProvider: <string>
blockAutoCreatedUsers: <bool>
syncProfileAttributes: <array>
syncProfileFromProvider: <array>
externalProviders: <array>
providers: <array>
rackAttack:
gitlabBasicAuth:
ipWhitelist: <array>
maxretry: <int>
findtime: <int>
bantime: <int>
signinEnabled: <bool>
signupEnabled: <bool>
usernameChangeEnabled: <bool>
backup:
backupBeforeUpdate: <bool>
backupStorageGb: <int>
enabled: <bool>
s3:
bucketName: <string>
tmpBucketName: <string>
external:
accessKey: <string>
endpoint: <string>
provider: <string>
region: <string>
secretKey: <string>
cronSchedule: <string>
skipComponents: <array>
nodeSelector: {}
tolerations: {}
persistentVolumeClaim:
enabled: <bool>
storageClass: <string>
gitData:
storagePerReplicaGb: <int>
storageClass: <string>
resources:
memory: <string>
cpu: <string>
storages:
postgres:
mode: <string>
external:
host: <string>
port: <int>
database: <string>
username: <string>
password: <string>
praefectDatabase: <string>
praefectUsername: <string>
praefectPassword: <string>
sslMode: <string>
intenal: { }
redis:
mode: <string>
external:
auth:
enabled: <bool>
passowrd: <string>
username: <string>
host: <string>
port: <string>
sentinels: <array>
masterName: <string>
scheme: <string>
serverCA: <string>
internal: { }
s3:
mode: <string>
bucketNames:
artifacts: <string>
ciSecureFiles: <string>
dependecyProxy: <string>
externalDiffs: <string>
lfs: <string>
packages: <string>
terraformState: <string>
uploads: <string>
external:
provider: <string>
region: <string>
endpoint: <string>
accessKey: <string>
secretKey: <string>
proxyDownload: <bool>
storageOptions:
serverSideEncryption: <string>
serverSideEncryptionKmsKeyId: <string>
internal: { }
network:
ingressClass: <string>
useOwnLoadBalancer: <bool>
web:
hostname: <string>
annotations: { }
https:
mode: <string>
customCertificate:
secretName: <string>
certManager:
clusterIssuerName: <string>
gitSsh:
hostname: <string>
service:
annotations: { }
type: <string>
nodePort: <int>
features:
mail:
outgoingEmail:
displayName: <string>
from: <string>
replyTo: <string>
subjectSuffix: <string>
smtp:
enabled: <bool>
address: <string>
port: <int>
authentication: <string>
username: <string>
password: <string>
domain: <string>
tls: <bool>
starttlsAuto: <bool>
opensslVerifyMode: <string>
incomingEmail:
enabled: <bool>
address: <string>
host: <string>
port: <int>
ssl: <bool>
startTls: <bool>
user: <string>
password: <string>
serviceDeskEmail:
enabled: <bool>
address: <string>
host: <string>
port: <int>
ssl: <bool>
startTls: <bool>
user: <string>
password: <string>
pages:
enabled: <bool>
s3:
mode: <string>
bucketPrefix: <string>
internal: { }
external:
provider: <string>
region: <string>
endpoint: <string>
accessKey: <string>
secretKey: <string>
storageOptions:
serverSideEncryption: <string>
serverSideEncryptionKmsKeyId: <string>
registry:
enabled: <bool>
s3:
mode: <string>
bucketName: <string>
internal: { }
external:
provider: <string>
region: <string>
endpoint: <string>
accessKey: <string>
secretKey: <string>
ingress:
annotations: {}
hostname: <string>
https:
mode: <string>
customCertificate:
secretName: <string>
certManager:
clusterIssuerName: <string>
maintenance:
readOnly:
enabled: <bool>
uploadPuring:
enabled: <bool>
age: <string>
interval: <string>
dryrun: <bool>
scaling:
highAvailability: <bool>
targetUserCount: <int>
Detailed fields description
If you look for allowed or default values for specific parameter - please check that section. Most of parameters are optional and have reasonable defaults. Specific examples of configurations for particular sections can be found here
appConfig- application-config of Code. Semantically identical togitlab.rbof Gitlab to facilitate ease of transferring app settings from existing instanceappConfig.contentSecurityPolicy- section with Content Security Policy settings. Read more hereappConfig.contentSecurityPolicy.enabled- Enable Content Security PolicyappConfig.contentSecurityPolicy.reportOnly- Enable Content Security Policy in report-only modeappConfig.contentSecurityPolicy.directives- Content Security Policy directives
appConfig.cronJobs- List of periodically executed jobs, to self-heal, do external synchronizations, etc.appConfig.cronJobs.<cron_job_name>.cron- Schedule for jobappConfig.cronJobs.<cron_job_name>.jobClass- Override job class
appConfig.customHtmlHeaderTags- set additional custom HTML header tags for UIappConfig.omniauth- section with omniauth Read more hereappConfig.omniauth.enabled- enable OmniAuthappConfig.omniauth.allowBypassTwoFactor- sign in without using two-factor authentication (2FA) with certain OmniAuth providerappConfig.omniauth.allowSingleSignOn- defines the list of providers that can be used for single sign-onappConfig.omniauth.autoLinkLdapUser- automatically link OmniAuth users with existing GitLab users if their email addresses matchappConfig.omniauth.autoLinkSamlUser- automatically link OmniAuth users with existing GitLab users if their email addresses matchappConfig.omniauth.autoLinkUser- automatically link OmniAuth users with existing GitLab users if their email addresses matchappConfig.omniauth.autoSignInWithProvider- to redirect login requests to your OmniAuth provider for authenticationappConfig.omniauth.blockAutoCreatedUsers- Places automatically-created users in a pending approval state (unable to sign in) until they are approved by an administratorappConfig.omniauth.syncProfileAttributes- List of profile attributes to sync from the provider when signing inappConfig.omniauth.syncProfileFromProvider- List of provider names that GitLab should automatically sync profile information fromappConfig.omniauth.externalProviders- Enables you to define which OmniAuth providers you want to be external, so that all users creating accounts, or signing in through these providers are unable to access internal projectsappConfig.omniauth.providers- The provider names are available in the supported providers list
appConfig.ldap- section with LDAP integration settings.appConfig.ldap.preventSignin- Disable web sign in for LDAP users.appConfig.ldap.serversappConfig.ldap.servers.main.label- A human-friendly name for LDAP server.appConfig.ldap.servers.main.host- FQDN-address of LDAP server.appConfig.ldap.servers.main.port- The port to connect with on LDAP server.appConfig.ldap.servers.main.uid- The LDAP attribute that maps to the username that users use to sign in.appConfig.ldap.servers.main.base- Base DN where we can search for users.appConfig.ldap.servers.main.encryption- Encryption method for connection.appConfig.ldap.servers.main.verifyCertificates- Enables SSL certificate verification if encryption method is “StartTls” or “SimpleTls”.appConfig.ldap.servers.main.timeout- Set a timeout, in seconds, for LDAP queries.appConfig.ldap.servers.main.activeDirectory- setting specifies if LDAP server is Active Directory LDAP server.appConfig.ldap.servers.main.allowUsernameOrEmailLogin- If enabled, GitLab ignores everything after the first@in the LDAP username submitted by the user on sign-in.appConfig.ldap.servers.main.blockAutoCreatedUsers- Setting to keep new users blocked until they have been cleared by an administrator.appConfig.ldap.servers.main.userFilter- Filter LDAP users. Follows the format ofRFC 4515.appConfig.ldap.servers.main.lowercaseUsernames- If enabled, GitLab converts the name to lower case.appConfig.ldap.servers.main.bindDn- The full DN of the user you bind with.appConfig.ldap.servers.main.password- The password of the bind user.appConfig.ldap.servers.main.attributes- Settings with LDAP attributes mapping.appConfig.ldap.servers.main.attributes.username- The@usernamethat the Code account will be provisioned with. If the value contains an email address, the Code username is the part of the email address before the@.appConfig.ldap.servers.main.attributes.email- LDAP attribute for user email.appConfig.ldap.servers.main.attributes.name- LDAP attribute for user display name.appConfig.ldap.servers.main.attributes.firstName- LDAP attribute for user first name.appConfig.ldap.servers.main.attributes.lastName- LDAP attribute for user last name.
appConfig.ldap.servers.main.syncName- Sync user name from LDAPappConfig.ldap.servers.main.groupSync- Settings for group and membership syncappConfig.ldap.servers.main.groupSync.createGroups- Create groups automaticallyappConfig.ldap.servers.main.groupSync.base- Base DN where we can search for groupsappConfig.ldap.servers.main.groupSync.filter- Filter LDAP groups. Follows the format ofRFC 4515appConfig.ldap.servers.main.groupSync.prefix- Defines which attributes contains info about parent group. If attribute not found, default value is usedappConfig.ldap.servers.main.groupSync.prefix.attribute- name of LDAP group attribute containing info about parent groupappConfig.ldap.servers.main.groupSync.prefix.default- default Gitlab group to be parent ifprefix.attributeis empty for certain LDAP group
appConfig.ldap.servers.main.groupSync.topLevelGroup- Top level group where groups will be created. Omit if you need top level groupsappConfig.ldap.servers.main.groupSync.nameMaksk- Regular expressions to retrieve group name from DNappConfig.ldap.servers.main.groupSync.owner- User to set as owner of all created groupsappConfig.ldap.servers.main.groupSync.scope- Search scope (0 — Base, 1 — SingleLevel, 2 — WholeSubtree)appConfig.ldap.servers.main.groupSync.roleMapping- List of role mapping dictionaries. Each dictionary should containbyNameandgitlabRolekeys.byNameis a regular expression for group name. If group name matches expressions, permissions will be granted according togitlabRoleparameter
appConfig.rackAttack.gitlabBasicAuth- rate limiter Gitlab uses to customize throttling and blocking users. More info hereappConfig.rackAttack.gitlabBasicAuth.ipWhitelist- list of IPs not falling under the rackAttack rulesappConfig.rackAttack.gitlabBasicAuth.maxretry- Limit the number of Git HTTP authentication attempts per IPappConfig.rackAttack.gitlabBasicAuth.findtime- Reset the auth attempt counter per IP after N secondsappConfig.rackAttack.gitlabBasicAuth.bantime- Ban an IP for N seconds after too many auth attempts
appConfig.signinEnabled- whether to enable sign-in page or notappConfig.signupEnabled- whether to allow sign-up for new users or notappConfig.usernameChangeEnabled- allow username changes for existing usersappConfig.defaultColorMode- UI default color theme
backup- section related to product backup processbackup.enabled- whether backup process enabled or notbackup.backupBeforeUpdate- automatic creation of a full backup of GitLab components before updating the modulebackup.cronSchedule- cron-like schedule when to run backup operationsbackup.backupStorageGb- expected overall size of backups (tar archive) to tune up underlying storagebackup.nodeSelector- kubernetes selector to choose node where to run backup process from (by toolbox)backup.tolerations- tolerations for backup pod(toolbox). Used during schedulingbackup.skipComponents- list of components to skip during backupbackup.s3- section to describe params of remote object storage that will keep your backupsbackup.s3.external- configuration block for setting up parameters of the S3 storage. If this section is not specified at all, the settings from thestorages.s3.externalsection will be used, and it will be sufficient to just specifybackup.s3.bucketNamebackup.s3.bucketName- name of the bucket in object storagebackup.s3.tmpBucketName- name of the temp bucket where backups will be stored before upload to objectStoragebackup.s3.external.provider- object storage providerbackup.s3.external.region- bucket regionbackup.s3.external.endpoint- buckets endpointbackup.s3.external.accessKey- access key for the bucketbackup.s3.external.secretKey- secret key for the bucket
backup.persistentVolumeClaim- section to describe params of persistent k8s storage used during backup and restorebackup.persistentVolumeClaim.enabled- whether to use persistent volumes. OtherwiseemptyDirwill be usedbackup.persistentVolumeClaim.storageClass- whether to use specific k8s storageClass for persistence volumes
gitData- everything related to your Git data and their storagegitData.storageClass- kubernetes storageClass to be used for persistence volumesgitData.storagePerReplicaGb- size of all your git data. Needed to calculate size of Volumes for each replicagitData.resources- section defines amount of resources for single workload hosting Git data (gitaly)gitData.resources.memory- amount of RAM allocated to host git datagitData.resources.cpu- amount of RAM allocated to host git data
storages- everything related to storages used byCode. Currently only external storages are supportedstorages.postgres- section with settings for postgres databasestorages.postgres.mode- whether external or internal database will be usedstorages.postgres.external- section with settings for external postgres databasestorages.postgres.external.host- FQDN address of database serverstorages.postgres.external.port- port exposed by postgres database for connectionstorages.postgres.external.database- main database namestorages.postgres.external.username- username for main databasestorages.postgres.external.password- password for main databasestorages.postgres.external.praefectDatabase- praefect(secondary) database namestorages.postgres.external.praefectUsername- username for praefect databasestorages.postgres.external.praefectPassword- password for praefect databasestorages.postgres.external.sslMode- SSL connection priority
storages.postgres.internal- currently not supported. Section is for future use
storages.redis- section with settings for redis message brokerstorages.redis.mode- whether external or internal message broker will be usedstorages.redis.external- section with settings for external redis message brokerstorages.redis.external.auth- redis auth sectionstorages.redis.external.auth.enabled- whether authentication for external redis enabled or notstorages.redis.external.auth.password- redis password, if auth is enabledstorages.redis.external.auth.username- redis username, if auth is enabled
storages.redis.external.host- FQDN for single redis instance. Not needed when sentinels usedstorages.redis.external.port- port for single redis instance. Not needed when sentinels usedstorages.redis.external.serverCA- CA certificate for redis serverstorages.redis.external.sentinels- section with array for sentinels host and port maps. Needed only if sentinel usedstorages.redis.external.sentinels.host- host of particular sentinel instancestorages.redis.external.sentinels.port- port of particular sentinel instance
storages.redis.external.scheme- redis connection schemestorages.redis.external.masterName- name of master node. For sentinels only
storages.redis.internal- currently not supported. Section is for future use
storages.s3- section with settings for object storagestorages.s3.mode- whether external or internal object storage will be usedstorages.s3.bucketNames- section with map that specifies names to be used for all needed bucketsstorages.s3.bucketNames.artifacts- name of the bucket for artifactsstorages.s3.bucketNames.ciSecureFiles- name of the bucket for CI secure files like CI secretsstorages.s3.bucketNames.dependencyProxy- name of the bucket for dependency proxystorages.s3.bucketNames.externalDiffs- name of the bucket for MR diffsstorages.s3.bucketNames.lfs- name of the bucket for git-lfsstorages.s3.bucketNames.packages- name of the bucket for packagesstorages.s3.bucketNames.terraformState- name of the bucket for terraform statesstorages.s3.bucketNames.uploads- name of the bucket for uploads
storages.s3.external- section with parameters for external object storagestorages.s3.external.provider- object storage providerstorages.s3.external.region- buckets regionstorages.s3.external.endpoint- buckets endpointstorages.s3.external.proxyDownload- Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all datastorages.s3.external.accessKey- access key for the bucketsstorages.s3.external.secretKey- secret key for the bucketsstorages.s3.external.storageOptions- section contains low-level encryption configuration for component’s object storagestorages.s3.external.storageOptions.serverSideEncryption- Encryption mode (AES256 or aws:kms)storages.s3.external.storageOptions.serverSideEncryptionKmsKeyId- Amazon Resource Name. Only needed when aws:kms is used for serverSideEncryption
storages.s3.internal- currently not supported. Section is for future use
network- section for network configuration customizationnetwork.ingressClass- ingress class to use in modulenetwork.useOwnLoadBalancer- if true define one LoadBalance service for both Git SSH and UI.network.web- section for webservice (UI) network customizationnetwork.web.hostname- top-level custom prefix for UI hostnamenetwork.web.annotations- map of additional annotations(key-value format) to be populated for webservice deploymentnetwork.web.https- section describes https settings, specifically parameters related to certificatesnetwork.web.https.mode- way you store/issue certificate. Might be custom/certManager/globalnetwork.web.https.customCertificate.secretName- name of secret where custom certificate is storednetwork.web.https.certManager.clusterIssuerName- name of cluster issuer of SSL certificates
network.gitSsh- section for shell (component intended for git support over SSH) network customizationnetwork.gitSsh.hostname- override shell-hostname name to be different rather than default onenetwork.gitSsh.service- section contains settings related to kubernetes service for shell componentnetwork.gitSsh.service.annotations- map of additional annotations(key-value format) to be populated for shell deploymentnetwork.gitSsh.service.type- type of kubernetes service for exposing your shell component. For singleNode cluster nodePort is reasonable, otherwise LoadBalancer is recommendednetwork.gitSsh.service.nodePort- nodePort used to expose your service. Applicable only for service.type=NodePort
features- other optional components to be enabled on-demand basis. So all configuration below is component-basedfeatures.mail- section contains settings for different emails: incoming / outgoing / serviceDeskfeatures.mail.outgoingEmail- section contains configuration for outgoing email. Read more about params herefeatures.mail.outgoingEmail.displayName- Name that appears as the sender for emails from GitLabfeatures.mail.outgoingEmail.from- Email address that appears as the sender for emails from GitLabfeatures.mail.outgoingEmail.replyTo- Reply-to email listed in emails from GitLabfeatures.mail.outgoingEmail.subjectSuffix- Suffix on the subject of all outgoing email from GitLabfeatures.mail.outgoingEmail.smtpfeatures.mail.outgoingEmail.smtp.enabled- enable outgoing emailfeatures.mail.outgoingEmail.smtp.address- Hostname or IP of the remote mail serverfeatures.mail.outgoingEmail.smtp.port- Port for SMTPfeatures.mail.outgoingEmail.smtp.authentication- Type of SMTP authentication (“plain”, “login”, “cram_md5”, or "" for no authentication)features.mail.outgoingEmail.smtp.username- Username for SMTP authentication httpsfeatures.mail.outgoingEmail.smtp.password- SMTP passwordfeatures.mail.outgoingEmail.smtp.domain- Optional HELO domain for SMTPfeatures.mail.outgoingEmail.smtp.tls- Enables SMTP/TLS (SMTPS: SMTP over direct TLS connection)features.mail.outgoingEmail.smtp.starttlsAuto- Use STARTTLS if enabled on the mail serverfeatures.mail.outgoingEmail.smtp.opensslVerifyModeTLS verification mode (“none”, “peer”, “client_once”, or “fail_if_no_peer_cert”)
features.mail.incomingEmail- section contains configuration for incoming email. Read more about params herefeatures.mail.incomingEmail.enabled- enable incoming emailfeatures.mail.incomingEmail.address- The email address to reference the item being replied to (example: gitlab-incoming+%{key}@gmail.com). Note that the +%{key} suffix should be included in its entirety within the email address and not replaced by another value.features.mail.incomingEmail.host- Host for IMAPfeatures.mail.incomingEmail.port- Port for IMAPfeatures.mail.incomingEmail.ssl- Whether IMAP server uses SSLfeatures.mail.incomingEmail.startTls- Whether IMAP server uses StartTLSfeatures.mail.incomingEmail.user- Username for IMAP authenticationfeatures.mail.incomingEmail.password- IMAP passwordfeatures.mail.serviceDeskEmail- section contains configuration for service desk email. Read more about params herefeatures.mail.incomingEmail.serviceDeskEmail.enabled- Enable Service Desk emailfeatures.mail.incomingEmail.serviceDeskEmail.address- The email address to reference the item being replied to (example: project_contact+%{key}@gmail.com)features.mail.incomingEmail.serviceDeskEmail.host- Host for IMAPfeatures.mail.incomingEmail.serviceDeskEmail.port- Port for IMAPfeatures.mail.incomingEmail.serviceDeskEmail.ssl- Whether IMAP server uses SSLfeatures.mail.incomingEmail.serviceDeskEmail.startTls- Whether IMAP server uses StartTLSfeatures.mail.incomingEmail.serviceDeskEmail.user- Username for IMAP authenticationfeatures.mail.incomingEmail.serviceDeskEmail.password- IMAP password
features.pages- section contains configuration parameters for Page componentfeatures.pages.enabled- whether enable component or notfeatures.pages.s3- section contains configuration parameters for component’s object storagefeatures.pages.s3.mode- whether use external or internal object storagefeatures.pages.s3.bukcetPrefix- prefix for buckets names. Real bucket name will-be {prefix}-{name}features.pages.s3.internal- not currently supported. For future usefeatures.pages.s3.external- section with parameters for external object storagefeatures.pages.s3.external.endpoint- custom endpoint for object storagefeatures.pages.s3.external.provider- object storage providerfeatures.pages.s3.external.region- buckets regionfeatures.pages.s3.external.accessKey- access key for the bucketfeatures.pages.s3.external.secretKey- secret key for the bucketfeatures.pages.s3.external.storageOptions- section contains low-level encryption configuration for component’s object storagefeatures.pages.s3.external.storageOptions.serverSideEncryption- Encryption mode (AES256 or aws:kms)features.pages.s3.external.storageOptions.serverSideEncryptionKmsKeyId- Amazon Resource Name. Only needed when aws:kms is used for serverSideEncryption
features.registry- section contains configuration parameters for Registry componentfeatures.registry.enabled- whether enable component or notfeatures.registry.ingress- section contains configuration parameters for component’s ingress(incoming) network connectionsfeatures.registry.ingress.annotations- map of additional annotations to be populated for registry servicefeatures.registry.ingress.hostname- top-level prefix for registry hostnamefeatures.registry.ingress.https- https configuration for component’s ingress(incoming) network connectionsfeatures.registry.ingress.https.mode- way you store/issue certificate. Might be custom/certManager/globalfeatures.registry.ingress.https.certManager.clusterIssuerName- name of cluster issuer of SSL certificatesfeatures.registry.ingress.https.customCertificate.secretName- name of secret where custom certificate is stored
features.registry.s3- section contains configuration parameters for component’s object storagefeatures.registry.s3.mode- whether use external or internal object storage for Registry componentfeatures.registry.s3.bucketName- name of registry’s bucketfeatures.registry.s3.external- section with parameters for external object storagefeatures.registry.s3.external.provider- object storage providerfeatures.registry.s3.external.endpoint- custom endpoint for object storagefeatures.registry.s3.external.region- buckets regionfeatures.registry.s3.external.accessKey- access key for the bucketfeatures.registry.s3.external.secretKey- secret key for the bucket
features.registry.s3.internal- not currently supported. For future usefeatures.registry.s3.bucketName- name of the bucket to be used as object storage for Registry
features.registry.maintenance- section contains Registry maintenance settingsfeatures.registry.maintenance.readOnly.enabled- Enable read-only mode for registry for maintenance purposesfeatures.registry.maintenance.uploadPurging- section describes another maintenance feature that deletes image upload artifacts from the storage backend, the upload purger does not delete any image data (only upload artifacts)features.registry.maintenance.uploadPurging.enabled- whether to enable uploadPurging or not. Disabled while in readOnly modefeatures.registry.maintenance.uploadPurging.age- age thresholds for artifacts to be deleted. Measured in hoursfeatures.registry.maintenance.uploadPurging.interval- interval of runfeatures.registry.maintenance.uploadPurging.dryrun- whether to use in test / dry-run mode or not
scalingscaling.targetUserCount- how many users are expected to use the app. That impacts a lot of underlying aspects responsible for horizontal and vertical app’s scaling. Read more herescaling.highAvailability- whether High Availability (HA) mode enabled or not