Add latest changes from gitlab-org/gitlab@master

24 files changed, 61 insertions, 44 deletions

diff --git a/doc/administration/geo/replication/configuration.md b/doc/administration/geo/replication/configuration.md
index 798c75feffb..97bd13a0bcf 100644
--- a/doc/administration/geo/replication/configuration.md
+++ b/doc/administration/geo/replication/configuration.md
@@ -192,7 +192,7 @@ keys must be manually replicated to the **secondary** site.
 
    We recommend mentioning specific names for the `geo_node_name` such as `gitlab-usa` instead of generic names, such as `geo`.
    This makes the failover process easier because the physical location does not change, but the Geo site role can.
-   
+
 1. Reconfigure **each Rails and Sidekiq node on your secondary** site for the change to take effect:
 
    ```shell
diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md
index e914afde79f..53aec94ae15 100644
--- a/doc/administration/instance_limits.md
+++ b/doc/administration/instance_limits.md
@@ -641,7 +641,7 @@ Reports that go over the 20 MB limit won't be loaded. Affected reports:
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/8638) in GitLab 13.3.
 
 You can set a limit on the content of repository files that are indexed in
-Elasticsearch. Any files larger than this limit only index the file name. 
+Elasticsearch. Any files larger than this limit only index the file name.
 The file content is neither indexed nor searchable.
 
 Setting a limit helps reduce the memory usage of the indexing processes and
diff --git a/doc/administration/packages/container_registry.md b/doc/administration/packages/container_registry.md
index 9c34d07ed07..1fb7ed20cc7 100644
--- a/doc/administration/packages/container_registry.md
+++ b/doc/administration/packages/container_registry.md
@@ -617,7 +617,7 @@ In the examples below we set the Registry's port to `5001`.
 ## Disable Container Registry per project
 
 If Registry is enabled in your GitLab instance, but you don't need it for your
-project, you can [disable it from your project's settings](../../user/project/settings/index.md#sharing-and-permissions). 
+project, you can [disable it from your project's settings](../../user/project/settings/index.md#sharing-and-permissions).
 
 ## Use an external container registry with GitLab as an auth endpoint
 
diff --git a/doc/administration/postgresql/pgbouncer.md b/doc/administration/postgresql/pgbouncer.md
index 981a87be887..7171e90949e 100644
--- a/doc/administration/postgresql/pgbouncer.md
+++ b/doc/administration/postgresql/pgbouncer.md
@@ -202,8 +202,8 @@ Once you've performed the tasks or procedure, switch back to using PgBouncer:
 
 ## Fine tuning
 
-PgBouncer's default settings suit the majority of installations. 
-In specific cases you may want to change the performance-specific and resource-specific variables to either increase possible 
+PgBouncer's default settings suit the majority of installations.
+In specific cases you may want to change the performance-specific and resource-specific variables to either increase possible
 throughput or to limit resource utilization that could cause memory exhaustion on the database.
 
 You can find the parameters and respective documentation on the [official PgBouncer documentation](https://www.pgbouncer.org/config.html).
@@ -214,8 +214,8 @@ Listed below are the most relevant ones and their defaults on an Omnibus GitLab
 - `pgbouncer['default_pool_size']` (default: `100`)
     This is the "backend" pool in PgBouncer: connections from PgBouncer to the database.
 
-The ideal number for `default_pool_size` must be enough to handle all provisioned services that need to access 
-the database. Each of the listed services below use the following formula to define database pool size: 
+The ideal number for `default_pool_size` must be enough to handle all provisioned services that need to access
+the database. Each of the listed services below use the following formula to define database pool size:
 
 - `puma` : `max_threads + headroom` (default `14`)
   - `max_threads` is configured via: `gitlab['puma']['max_threads']` (default: `4`)
@@ -229,15 +229,15 @@ the database. Each of the listed services below use the following formula to def
 To calculate the `default_pool_size`, multiply the number of instances of `puma`, `sidekiq` and `geo-logcursor` by the
 number of connections each can consume as per listed above. The total will be the suggested `default_pool_size`.
 
-If you are using more than one PgBouncer with an internal Load Balancer, you may be able to divide the 
+If you are using more than one PgBouncer with an internal Load Balancer, you may be able to divide the
 `default_pool_size` by the number of instances to guarantee an evenly distributed load between them.
 
 The `pgbouncer['max_client_conn']` is the hard-limit of connections PgBouncer can accept. It's unlikely you will need
 to change this. If you are hitting that limit, you may want to consider adding additional PgBouncers with an internal
 Load Balancer.
 
-When setting up the limits for a PgBouncer that points to the Geo Tracking Database, 
-you can likely ignore `puma` from the equation, as it is only accessing that database sporadically. 
+When setting up the limits for a PgBouncer that points to the Geo Tracking Database,
+you can likely ignore `puma` from the equation, as it is only accessing that database sporadically.
 
 ## Troubleshooting
 
diff --git a/doc/ci/enable_or_disable_ci.md b/doc/ci/enable_or_disable_ci.md
index 194e376f4be..bc30cf7c799 100644
--- a/doc/ci/enable_or_disable_ci.md
+++ b/doc/ci/enable_or_disable_ci.md
@@ -61,7 +61,7 @@ You can set GitLab CI/CD to be disabled by default in all new projects by modify
 Existing projects that already had CI/CD enabled are unchanged. Also, this setting only changes
 the project default, so project owners can still enable CI/CD in the project settings.
 
-For installations from source: 
+For installations from source:
 
 1. Open `gitlab.yml` with your editor and set `builds` to `false`:
 
diff --git a/doc/development/api_graphql_styleguide.md b/doc/development/api_graphql_styleguide.md
index 6b82ebc6e5a..c9a1cb86f46 100644
--- a/doc/development/api_graphql_styleguide.md
+++ b/doc/development/api_graphql_styleguide.md
@@ -149,7 +149,7 @@ The `iid`, `title` and `description` are _scalar_ GraphQL types.
 `title` and `description` are regular `GraphQL::Types::String` types.
 
 Note that the old scalar types `GraphQL:ID`, `GraphQL::INT_TYPE`, `GraphQL::STRING_TYPE`,
-and `GraphQL:BOOLEAN_TYPE` are no longer allowed. Please use `GraphQL::Types::ID`, 
+and `GraphQL:BOOLEAN_TYPE` are no longer allowed. Please use `GraphQL::Types::ID`,
 `GraphQL::Types::Int`, `GraphQL::Types::String`, and `GraphQL::Types::Boolean`.
 
 When exposing a model through the GraphQL API, we do so by creating a
diff --git a/doc/development/dangerbot.md b/doc/development/dangerbot.md
index 312db908113..d9b922cb60e 100644
--- a/doc/development/dangerbot.md
+++ b/doc/development/dangerbot.md
@@ -151,7 +151,7 @@ at GitLab so far:
 
 Danger is run but its output is not added to a merge request comment if working
 on a fork. This happens because the secret variable from the canonical project
-is not shared to forks. 
+is not shared to forks.
 
 ### Configuring Danger for forks
 
@@ -159,7 +159,7 @@ Contributors can configure Danger for their forks with the following steps:
 
 1. Add an [environment variable](../ci/variables/index.md) called `DANGER_GITLAB_API_TOKEN` with a
 [personal API token](https://gitlab.com/-/profile/personal_access_tokens?name=GitLab+Dangerbot&scopes=api)
-to your fork that has the `api` scope set. 
+to your fork that has the `api` scope set.
 1. Making the variable [masked](../ci/variables/index.md#mask-a-cicd-variable) makes sure it
 doesn't show up in the job logs. The variable cannot be
 [protected](../ci/variables/index.md#protect-a-cicd-variable), as it needs
diff --git a/doc/development/database/database_migration_pipeline.md b/doc/development/database/database_migration_pipeline.md
index 690661af154..5a8ce89a362 100644
--- a/doc/development/database/database_migration_pipeline.md
+++ b/doc/development/database/database_migration_pipeline.md
@@ -15,13 +15,13 @@ It is based on an [architecture blueprint](../../architecture/blueprints/databas
 Migration testing is enabled in the [GitLab project](https://gitlab.com/gitlab-org/gitlab)
 for changes that add a new database migration. Trigger this job manually by running the
 `db:gitlabcom-database-testing` job within in `test` stage. To avoid wasting resources,
-only run this job when your MR is ready for review. 
+only run this job when your MR is ready for review.
 
 The job starts a pipeline on the [ops GitLab instance](https://ops.gitlab.net/).
 For security reasons, access to the pipeline is restricted to database maintainers.
 
 When the pipeline starts, a bot notifies you with a comment in the merge request.
-When it finishes, the comment gets updated with the test results. 
+When it finishes, the comment gets updated with the test results.
 There are three sections which are described below.
 
 ## Summary
@@ -36,7 +36,7 @@ The first section of the comment contains a summary of the test results, includi
 
 ## Migration details
 
-The next section of the comment contains detailed information for each migration, including: 
+The next section of the comment contains detailed information for each migration, including:
 
 | Result            | Description                                                                                                             |
 |-------------------|-------------------------------------------------------------------------------------------------------------------------|
diff --git a/doc/development/integrations/secure.md b/doc/development/integrations/secure.md
index 07f7ac6a2ac..42a57e7f4fb 100644
--- a/doc/development/integrations/secure.md
+++ b/doc/development/integrations/secure.md
@@ -456,7 +456,7 @@ The attributes used to generate the location fingerprint also depend on the type
 
 ### Details
 
-The `details` field is an object that supports many different content elements that are displayed when viewing vulnerability information. An example of the various data elements can be seen in the [security-reports repository](https://gitlab.com/gitlab-examples/security/security-reports/-/tree/master/samples/details-example). 
+The `details` field is an object that supports many different content elements that are displayed when viewing vulnerability information. An example of the various data elements can be seen in the [security-reports repository](https://gitlab.com/gitlab-examples/security/security-reports/-/tree/master/samples/details-example).
 
 #### Dependency Scanning
 
diff --git a/doc/development/sql.md b/doc/development/sql.md
index 1abd485249e..4f181d01505 100644
--- a/doc/development/sql.md
+++ b/doc/development/sql.md
@@ -349,7 +349,7 @@ newly added column; however, the first query does not. The `column_names` method
 values (the new column is missing), because the values are cached within the `ActiveRecord` schema
 cache. These values are usually populated when the application boots up.
 
-At this point, the only fix would be a full application restart so that the schema cache gets 
+At this point, the only fix would be a full application restart so that the schema cache gets
 updated.
 
 The problem can be avoided if we always use `SELECT users.*` or we always explicitly define the
diff --git a/doc/install/postgresql_extensions.md b/doc/install/postgresql_extensions.md
index 99c85f4f808..8d1cf9afc5c 100644
--- a/doc/install/postgresql_extensions.md
+++ b/doc/install/postgresql_extensions.md
@@ -17,7 +17,7 @@ You must load the following extensions into the main GitLab database (defaults t
 | `btree_gist` | 13.1                   |
 | `plpgsql`    | 11.7                   |
 
-If you are using [GitLab Geo](https://about.gitlab.com/solutions/geo/), you must load the following 
+If you are using [GitLab Geo](https://about.gitlab.com/solutions/geo/), you must load the following
 extensions into all secondary tracking databases (defaults to `gitlabhq_geo_production`):
 
 | Extension    | Minimum GitLab version |
diff --git a/doc/subscriptions/self_managed/index.md b/doc/subscriptions/self_managed/index.md
index 5fd11a50a8d..51913ac2650 100644
--- a/doc/subscriptions/self_managed/index.md
+++ b/doc/subscriptions/self_managed/index.md
@@ -141,7 +141,7 @@ Service data helps GitLab improve the product experience and provide proactive s
 Most data is categorized as optional and can be disabled. Data that is categorized as
 operational, like number of issues, pipelines, merge requests, and version, is not configurable.
 
-Please see our [service usage privacy page](https://about.gitlab.com/handbook/legal/privacy/services-usage-data/) 
+Please see our [service usage privacy page](https://about.gitlab.com/handbook/legal/privacy/services-usage-data/)
 for details on what information is collected.
 
 #### Quarterly subscription reconciliation
@@ -162,8 +162,8 @@ The page displays the details of the subscription.
 
 #### License sync
 
-Once a day, a job sends license data to the Customers Portal. This information automates activation, 
-provisioning, co-terms, and renewals. The data is sent securely through an encrypted HTTPS connection 
+Once a day, a job sends license data to the Customers Portal. This information automates activation,
+provisioning, co-terms, and renewals. The data is sent securely through an encrypted HTTPS connection
 to `customers.gitlab.com` on port `443`.
 
 This sync job runs daily around 3AM UTC. If the job fails, it is retried up to 12 times over approximately 17 hours.
@@ -245,7 +245,7 @@ A job is queued. When the job finishes, the subscription details are updated.
 
 #### Troubleshooting cloud licensing sync
 
-If the sync job is not working, ensure you allow network traffic from your GitLab instance 
+If the sync job is not working, ensure you allow network traffic from your GitLab instance
 to IP address `104.46.106.135:443` (`customers.gitlab.com`).
 
 ## Obtain a subscription
diff --git a/doc/user/admin_area/license.md b/doc/user/admin_area/license.md
index db2db4a0e68..15af1a09a62 100644
--- a/doc/user/admin_area/license.md
+++ b/doc/user/admin_area/license.md
@@ -30,7 +30,7 @@ To begin the activation process with your activation code:
 
 ## Activate GitLab EE with a License File **(PREMIUM SELF)**
 
-If you receive a license file from GitLab (for example a new trial), you can upload it by signing into your GitLab instance as an admin or adding it during installation. The license is a base64-encoded ASCII text file with a `.gitlab-license` extension. 
+If you receive a license file from GitLab (for example a new trial), you can upload it by signing into your GitLab instance as an admin or adding it during installation. The license is a base64-encoded ASCII text file with a `.gitlab-license` extension.
 
 ## Uploading your license
 
diff --git a/doc/user/application_security/dast/browser_based.md b/doc/user/application_security/dast/browser_based.md
index 39df1000289..e8fbc17327c 100644
--- a/doc/user/application_security/dast/browser_based.md
+++ b/doc/user/application_security/dast/browser_based.md
@@ -98,17 +98,17 @@ You can manage the trade-off between coverage and scan time with the following m
 
 Due to poor network conditions or heavy application load, the default timeouts may not be applicable to your application.
 
-Browser-based scans offer the ability to adjust various timeouts to ensure it continues smoothly as it transitions from one page to the next. These values are configured using a [Duration string](https://golang.org/pkg/time/#ParseDuration) which allow you to configure durations with a prefix: `m` for minutes, `s` for seconds, and `ms` for milliseconds. 
+Browser-based scans offer the ability to adjust various timeouts to ensure it continues smoothly as it transitions from one page to the next. These values are configured using a [Duration string](https://golang.org/pkg/time/#ParseDuration) which allow you to configure durations with a prefix: `m` for minutes, `s` for seconds, and `ms` for milliseconds.
 
-Navigations, or the act of loading a new page, usually require the most amount of time as they are 
-loading multiple new resources such as JavaScript or CSS files. Depending on the size of these resources, or the speed at which they are returned, the default `DAST_BROWSER_NAVIGATION_TIMEOUT` may not be sufficient. 
+Navigations, or the act of loading a new page, usually require the most amount of time as they are
+loading multiple new resources such as JavaScript or CSS files. Depending on the size of these resources, or the speed at which they are returned, the default `DAST_BROWSER_NAVIGATION_TIMEOUT` may not be sufficient.
 
 Stability timeouts, such as those configurable with `DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT`, `DAST_BROWSER_STABILITY_TIMEOUT`, and `DAST_BROWSER_ACTION_STABILITY_TIMEOUT` can also be configured. Stability timeouts determine when browser-based scans consider
 a page fully loaded. Browser-based scans consider a page loaded when:
 
 1. The [DOMContentLoaded](https://developer.mozilla.org/en-US/docs/Web/API/Window/DOMContentLoaded_event) event has fired.
 1. There are no open or outstanding requests that are deemed important, such as JavaScript and CSS. Media files are usually deemed unimportant.
-1. Depending on whether the browser executed a navigation, was forcibly transitioned, or action: 
+1. Depending on whether the browser executed a navigation, was forcibly transitioned, or action:
   
    - There are no new Document Object Model (DOM) modification events after the `DAST_BROWSER_NAVIGATION_STABILITY_TIMEOUT`, `DAST_BROWSER_STABILITY_TIMEOUT` or `DAST_BROWSER_ACTION_STABILITY_TIMEOUT` durations
 
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/apparmor.md b/doc/user/infrastructure/clusters/manage/management_project_applications/apparmor.md
index 021fab22274..7fbbbac866c 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/apparmor.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/apparmor.md
@@ -8,8 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 > [Introduced](https://gitlab.com/gitlab-org/project-templates/cluster-management/-/merge_requests/5) in GitLab 14.0.
 
-Assuming you already have a [Cluster management project](../../../../../user/clusters/management_project.md) created from a 
-[management project template](../../../../../user/clusters/management_project_template.md), to install AppArmor you should 
+Assuming you already have a [Cluster management project](../../../../../user/clusters/management_project.md) created from a
+[management project template](../../../../../user/clusters/management_project_template.md), to install AppArmor you should
 uncomment this line from your `helmfile.yaml`:
 
 ```yaml
@@ -27,4 +27,4 @@ profiles:
     }
 ```
 
-Refer to the [AppArmor chart](https://gitlab.com/gitlab-org/charts/apparmor) for more information on this chart.    
+Refer to the [AppArmor chart](https://gitlab.com/gitlab-org/charts/apparmor) for more information on this chart.
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md b/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md
index 0a2231cbf49..4f17dbab11b 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/ingress.md
@@ -28,4 +28,4 @@ for the available configuration options.
 Support for installing the Ingress managed application is provided by the GitLab Configure group.
 If you run into unknown issues, [open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new),
 and ping at least 2 people from the
-[Configure group](https://about.gitlab.com/handbook/product/categories/#configure-group).    
+[Configure group](https://about.gitlab.com/handbook/product/categories/#configure-group).
diff --git a/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md b/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md
index 32eb4efdf45..1fe9b57cd4b 100644
--- a/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md
+++ b/doc/user/infrastructure/clusters/manage/management_project_applications/sentry.md
@@ -73,4 +73,4 @@ Support for installing the Sentry managed application is provided by the
 GitLab Health group. If you run into unknown issues,
 [open a new issue](https://gitlab.com/gitlab-org/gitlab/-/issues/new), and ping at
 least 2 people from the
-[Health group](https://about.gitlab.com/handbook/product/categories/#health-group).    
+[Health group](https://about.gitlab.com/handbook/product/categories/#health-group).
diff --git a/doc/user/infrastructure/iac/index.md b/doc/user/infrastructure/iac/index.md
index bdcf1451420..2813b955a07 100644
--- a/doc/user/infrastructure/iac/index.md
+++ b/doc/user/infrastructure/iac/index.md
@@ -107,7 +107,7 @@ Learn how to [create a new cluster on Google Kubernetes Engine (GKE)](../cluster
 The GitLab Terraform provider can fail to detect existing `gitlab_group_share_group` resources
 due to the issue ["User with permissions cannot retrieve `share_with_groups` from the API"](https://gitlab.com/gitlab-org/gitlab/-/issues/328428).
 This results in an error when running `terraform apply` because Terraform attempts to recreate an
-existing resource. 
+existing resource.
 
 For example, consider the following group/subgroup configuration:
 
diff --git a/doc/user/markdown.md b/doc/user/markdown.md
index b7c2ea75ba6..4149307c45a 100644
--- a/doc/user/markdown.md
+++ b/doc/user/markdown.md
@@ -511,7 +511,7 @@ This example links to `<wiki_root>/miscellaneous.md`:
 
 GitLab Flavored Markdown renders GitLab-specific references. For example, you can reference
 an issue, a commit, a team member, or even an entire project team. GitLab Flavored Markdown turns
-that reference into a link so you can navigate between them. All references to projects should use the 
+that reference into a link so you can navigate between them. All references to projects should use the
 **project slug** rather than the project name.
 
 Additionally, GitLab Flavored Markdown recognizes certain cross-project references and also has a shorthand
diff --git a/doc/user/project/issue_board.md b/doc/user/project/issue_board.md
index 125cd13096d..0c624d7df01 100644
--- a/doc/user/project/issue_board.md
+++ b/doc/user/project/issue_board.md
@@ -383,7 +383,7 @@ To group issues by epic in an issue board:
 ![Epics Swimlanes](img/epics_swimlanes_v14_1.png)
 
 To edit an issue without leaving this view, select the issue card (not its title), and a sidebar
-appears on the right. There you can see and edit the issue's: 
+appears on the right. There you can see and edit the issue's:
 
 - Title
 - Assignees
diff --git a/doc/user/project/settings/project_access_tokens.md b/doc/user/project/settings/project_access_tokens.md
index db0731aa524..643042cb96a 100644
--- a/doc/user/project/settings/project_access_tokens.md
+++ b/doc/user/project/settings/project_access_tokens.md
@@ -132,6 +132,18 @@ token = bot.personal_access_tokens.create(scopes:[:api, :write_repository], name
 gtoken = token.token # get the token value
 ```
 
+Test if the generated group access token works:
+
+1. Pass the group access token in the `PRIVATE-TOKEN` header to GitLab REST APIs. For example:
+
+   - [Create an epic](../../../api/epics.md#new-epic) on the group.
+   - [Create a project pipeline](../../../api/pipelines.md#create-a-new-pipeline)
+     in one of the group's projects.
+   - [Create an issue](../../../api/issues.md#new-issue) in one of the group's projects.
+
+1. Use the group token to [clone a group's project](../../../gitlab-basics/start-using-git.md#clone-with-https)
+   using HTTPS.
+
 ### Revoke a group access token
 
 To revoke a group access token, run the following in a Rails console:
diff --git a/doc/user/search/advanced_search.md b/doc/user/search/advanced_search.md
index bb74a035121..f29ac531d2e 100644
--- a/doc/user/search/advanced_search.md
+++ b/doc/user/search/advanced_search.md
@@ -35,9 +35,9 @@ The Advanced Search can be useful in various scenarios:
   Advanced Search is based on Elasticsearch, which is a purpose-built full
   text search engine that can be horizontally scaled so that it can provide
   search results in 1-2 seconds in most cases.
-- **Code Maintenance:** 
-  Finding all the code that needs to be updated at once across an entire 
-  instance can save time spent maintaining code. 
+- **Code Maintenance:**
+  Finding all the code that needs to be updated at once across an entire
+  instance can save time spent maintaining code.
   This is especially helpful for organizations with more than 10 active projects.
   This can also help build confidence is code refactoring to identify unknown impacts.
 - **Promote innersourcing:**
diff --git a/doc/user/workspace/img/hardware_settings.png b/doc/user/workspace/img/hardware_settings.png
new file mode 100644
index 00000000000..ff460918f25
--- /dev/null
+++ b/doc/user/workspace/img/hardware_settings.png
diff --git a/doc/user/workspace/index.md b/doc/user/workspace/index.md
index f098cef6053..d9c9d19721b 100644
--- a/doc/user/workspace/index.md
+++ b/doc/user/workspace/index.md
@@ -6,17 +6,20 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 
 # Workspace
 
-Workspace will be the top-level [namespace](../group/index.md#namespaces) for you to manage
+Workspace will be the top [namespace](../group/index.md#namespaces) for you to manage
 everything GitLab, including:
 
 - Defining and applying settings to all of your groups, subgroups, and projects.
 - Aggregating data from all your groups, subgroups, and projects.
 
 Workspace will take many of the features from the
-[Admin Area](../admin_area/index.md), and there will be one workspace per:
+[Admin Area](../admin_area/index.md) and will:
 
-- Instance, for self-managed instances.
-- Namespace, for GitLab.com.
+- Enable a top namespace for GitLab.com.
+- Eventually replace the instance level for self-managed installations.
+
+Our goal is to reach feature parity between SaaS and self-managed installations, with one
+exception: **Hardware Controls** will appear **only** on self-managed installations.
 
 NOTE:
 Workspace is currently in development.
@@ -32,3 +35,5 @@ The following provide a preview to the Workspace concept.
 ![Admin Overview](img/1.3-Admin.png)
 
 ![Admin Overview](img/Admin_Settings.png)
+
+![Admin Overview](img/hardware_settings.png)