Add latest changes from gitlab-org/gitlab@master

5 files changed, 121 insertions, 120 deletions

diff --git a/doc/administration/object_storage.md b/doc/administration/object_storage.md
index d133e8c3721..0bff8c461b8 100644
--- a/doc/administration/object_storage.md
+++ b/doc/administration/object_storage.md
@@ -5,7 +5,7 @@ info: To determine the technical writer assigned to the Stage/Group associated w
 type: reference
 ---
 
-# Object Storage
+# Object storage **(FREE SELF)**
 
 GitLab supports using an object storage service for holding numerous types of data.
 It's recommended over NFS and
@@ -29,7 +29,7 @@ GitLab has been tested on a number of object storage providers:
 
 - Dell EMC ECS: Prior to GitLab 13.3, there is a [known bug in GitLab Workhorse that prevents
   HTTP Range Requests from working with CI job artifacts](https://gitlab.com/gitlab-org/gitlab/-/issues/223806).
-  Be sure to upgrade to GitLab v13.3.0 or above if you use S3 storage with this hardware.
+  Be sure to upgrade to GitLab 13.3.0 or above if you use S3 storage with this hardware.
 
 - Ceph S3 prior to [Kraken 11.0.2](https://ceph.com/releases/kraken-11-0-2-released/) does not support the [Upload Copy Part API](https://gitlab.com/gitlab-org/gitlab/-/issues/300604). You may need to [disable multi-threaded copying](#multi-threaded-copying).
 
@@ -47,7 +47,7 @@ For more information on the differences and to transition from one form to anoth
 
 ### Consolidated object storage configuration
 
-> Introduced in [GitLab 13.2](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4368).
+> [Introduced](https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4368) in GitLab 13.2.
 
 Using the consolidated object storage configuration has a number of advantages:
 
@@ -209,13 +209,13 @@ gitlab_rails['object_store']['connection'] = {
 }
 ```
 
-| Setting | Description |
-|---------|-------------|
-| `enabled` | Enable/disable object storage |
-| `proxy_download` | Set to `true` to [enable proxying all files served](#proxy-download). Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data |
-| `connection` | Various [connection options](#connection-settings) described below |
-| `storage_options` | Options to use when saving new objects, such as [server side encryption](#server-side-encryption-headers). Introduced in GitLab 13.3 |
-| `objects` | [Object-specific configuration](#object-specific-configuration)
+| Setting           | Description                       |
+|-------------------|-----------------------------------|
+| `enabled`         | Enable or disable object storage. |
+| `proxy_download`  | Set to `true` to [enable proxying all files served](#proxy-download). Option allows to reduce egress traffic as this allows clients to download directly from remote storage instead of proxying all data. |
+| `connection`      | Various [connection options](#connection-settings) described below. |
+| `storage_options` | Options to use when saving new objects, such as [server side encryption](#server-side-encryption-headers). Introduced in GitLab 13.3. |
+| `objects`         | [Object-specific configuration](#object-specific-configuration). |
 
 ### Connection settings
 
@@ -226,27 +226,27 @@ in the `connection` setting.
 
 The connection settings match those provided by [fog-aws](https://github.com/fog/fog-aws):
 
-| Setting | Description | Default |
-|---------|-------------|---------|
-| `provider` | Always `AWS` for compatible hosts | `AWS` |
-| `aws_access_key_id` | AWS credentials, or compatible | |
-| `aws_secret_access_key` | AWS credentials, or compatible | |
-| `aws_signature_version` | AWS signature version to use. `2` or `4` are valid options. Digital Ocean Spaces and other providers may need `2`. | `4` |
-| `enable_signature_v4_streaming` | Set to `true` to enable HTTP chunked transfers with [AWS v4 signatures](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html). Oracle Cloud S3 needs this to be `false`. | `true` |
-| `region` | AWS region. | |
-| `host` | S3 compatible host for when not using AWS, e.g. `localhost` or `storage.example.com`. HTTPS and port 443 is assumed. | `s3.amazonaws.com` |
-| `endpoint` | Can be used when configuring an S3 compatible service such as [MinIO](https://min.io), by entering a URL such as `http://127.0.0.1:9000`. This takes precedence over `host`. | (optional) |
-| `path_style` | Set to `true` to use `host/bucket_name/object` style paths instead of `bucket_name.host/object`. Leave as `false` for AWS S3. | `false` |
-| `use_iam_profile` | Set to `true` to use IAM profile instead of access keys | `false`
+| Setting                         | Description                        | Default |
+|---------------------------------|------------------------------------|---------|
+| `provider`                      | Always `AWS` for compatible hosts. | `AWS` |
+| `aws_access_key_id`             | AWS credentials, or compatible.    | |
+| `aws_secret_access_key`         | AWS credentials, or compatible.    | |
+| `aws_signature_version`         | AWS signature version to use. `2` or `4` are valid options. Digital Ocean Spaces and other providers may need `2`. | `4` |
+| `enable_signature_v4_streaming` | Set to `true` to enable HTTP chunked transfers with [AWS v4 signatures](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-streaming.html). Oracle Cloud S3 needs this to be `false`.       | `true` |
+| `region`                        | AWS region.                        | |
+| `host`                          | S3 compatible host for when not using AWS. For example, `localhost` or `storage.example.com`. HTTPS and port 443 is assumed. | `s3.amazonaws.com` |
+| `endpoint`                      | Can be used when configuring an S3 compatible service such as [MinIO](https://min.io), by entering a URL such as `http://127.0.0.1:9000`. This takes precedence over `host`. | (optional) |
+| `path_style`                    | Set to `true` to use `host/bucket_name/object` style paths instead of `bucket_name.host/object`. Leave as `false` for AWS S3. | `false`. |
+| `use_iam_profile`               | Set to `true` to use IAM profile instead of access keys. | `false` |
 
 #### Oracle Cloud S3 connection settings
 
 Note that Oracle Cloud S3 must be sure to use the following settings:
 
-| Setting | Value |
-|---------|-------|
+| Setting                         | Value   |
+|---------------------------------|---------|
 | `enable_signature_v4_streaming` | `false` |
-| `path_style` | `true` |
+| `path_style`                    | `true`  |
 
 If `enable_signature_v4_streaming` is set to `true`, you may see the
 following error in `production.log`:
@@ -259,13 +259,13 @@ STREAMING-AWS4-HMAC-SHA256-PAYLOAD is not supported
 
 Here are the valid connection parameters for GCS:
 
-| Setting | Description | example |
-|---------|-------------|---------|
-| `provider` | The provider name | `Google` |
-| `google_project` | GCP project name | `gcp-project-12345` |
-| `google_client_email` | The email address of the service account | `foo@gcp-project-12345.iam.gserviceaccount.com` |
-| `google_json_key_location` | The JSON key path | `/path/to/gcp-project-12345-abcde.json` |
-| `google_application_default` | Set to `true` to use [Google Cloud Application Default Credentials](https://cloud.google.com/docs/authentication/production#automatically) to locate service account credentials. |
+| Setting                      | Description       | Example |
+|------------------------------|-------------------|---------|
+| `provider`                   | Provider name.    | `Google` |
+| `google_project`             | GCP project name. | `gcp-project-12345` |
+| `google_client_email`        | Email address of the service account. | `foo@gcp-project-12345.iam.gserviceaccount.com` |
+| `google_json_key_location`   | JSON key path.    | `/path/to/gcp-project-12345-abcde.json` |
+| `google_application_default` | Set to `true` to use [Google Cloud Application Default Credentials](https://cloud.google.com/docs/authentication/production#automatically) to locate service account credentials. | |
 
 The service account must have permission to access the bucket. Learn more
 in Google's
@@ -328,12 +328,12 @@ The following are the valid connection parameters for Azure. Read the
 [Azure Blob storage documentation](https://docs.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction)
 to learn more.
 
-| Setting | Description | Example |
-|---------|-------------|---------|
-| `provider` | Provider name | `AzureRM` |
-| `azure_storage_account_name` | Name of the Azure Blob Storage account used to access the storage | `azuretest` |
-| `azure_storage_access_key` | Storage account access key used to access the container. This is typically a secret, 512-bit encryption key encoded in base64. | `czV2OHkvQj9FKEgrTWJRZVRoV21ZcTN0Nnc5eiRDJkYpSkBOY1JmVWpYbjJy\nNHU3eCFBJUQqRy1LYVBkU2dWaw==\n` |
-| `azure_storage_domain` | Domain name used to contact the Azure Blob Storage API (optional). Defaults to `blob.core.windows.net`. Set this if you are using Azure China, Azure Germany, Azure US Government, or some other custom Azure domain. | `blob.core.windows.net` |
+| Setting                      | Description    | Example   |
+|------------------------------|----------------|-----------|
+| `provider`                   | Provider name. | `AzureRM` |
+| `azure_storage_account_name` | Name of the Azure Blob Storage account used to access the storage. | `azuretest` |
+| `azure_storage_access_key`   | Storage account access key used to access the container. This is typically a secret, 512-bit encryption key encoded in base64. | `czV2OHkvQj9FKEgrTWJRZVRoV21ZcTN0Nnc5eiRDJkYpSkBOY1JmVWpYbjJy\nNHU3eCFBJUQqRy1LYVBkU2dWaw==\n` |
+| `azure_storage_domain`       | Domain name used to contact the Azure Blob Storage API (optional). Defaults to `blob.core.windows.net`. Set this if you are using Azure China, Azure Germany, Azure US Government, or some other custom Azure domain. | `blob.core.windows.net` |
 
 ##### Azure example (consolidated form)
 
@@ -382,15 +382,15 @@ consolidated form, see the [S3 settings](#s3-compatible-connection-settings).
 Here are the valid connection settings for the Swift API, provided by
 [fog-openstack](https://github.com/fog/fog-openstack):
 
-| Setting | Description | Default |
-|---------|-------------|---------|
-| `provider` | Always `OpenStack` for compatible hosts | `OpenStack` |
-| `openstack_username` | OpenStack username | |
-| `openstack_api_key` | OpenStack API key  | |
+| Setting                  | Description          | Default |
+|--------------------------|----------------------|---------|
+| `provider`               | Always `OpenStack` for compatible hosts. | `OpenStack` |
+| `openstack_username`     | OpenStack username.  | |
+| `openstack_api_key`      | OpenStack API key.   | |
 | `openstack_temp_url_key` | OpenStack key for generating temporary URLs | |
-| `openstack_auth_url` | OpenStack authentication endpoint | |
-| `openstack_region` | OpenStack region | |
-| `openstack_tenant` | OpenStack tenant ID |
+| `openstack_auth_url`     | OpenStack authentication endpoint | |
+| `openstack_region`       | OpenStack region.    | |
+| `openstack_tenant`       | OpenStack tenant ID. | |
 
 #### Rackspace Cloud Files
 
@@ -400,13 +400,13 @@ Rackspace Cloud, provided by [fog-rackspace](https://github.com/fog/fog-rackspac
 This isn't compatible with the consolidated object storage form.
 Rackspace Cloud is supported only with the storage-specific form.
 
-| Setting | Description | example |
-|---------|-------------|---------|
-| `provider` | The provider name | `Rackspace` |
-| `rackspace_username` | The username of the Rackspace account with access to the container | `joe.smith` |
-| `rackspace_api_key` | The API key of the Rackspace account with access to the container | `ABC123DEF456ABC123DEF456ABC123DE` |
-| `rackspace_region` | The Rackspace storage region to use, a three letter code from the [list of service access endpoints](https://docs.rackspace.com/docs/cloud-files/v1/general-api-info/service-access/) | `iad` |
-| `rackspace_temp_url_key` | The private key you have set in the Rackspace API for [temporary URLs](https://docs.rackspace.com/docs/cloud-files/v1/use-cases/public-access-to-your-cloud-files-account/#tempurl). | `ABC123DEF456ABC123DEF456ABC123DE` |
+| Setting                  | Description    | Example     |
+|--------------------------|----------------|-------------|
+| `provider`               | Provider name. | `Rackspace` |
+| `rackspace_username`     | Username of the Rackspace account with access to the container. | `joe.smith` |
+| `rackspace_api_key`      | API key of the Rackspace account with access to the container. | `ABC123DEF456ABC123DEF456ABC123DE` |
+| `rackspace_region`       | Rackspace storage region to use, a three letter code from the [list of service access endpoints](https://docs.rackspace.com/docs/cloud-files/v1/general-api-info/service-access/). | `iad` |
+| `rackspace_temp_url_key` | Private key you set in the Rackspace API for [temporary URLs](https://docs.rackspace.com/docs/cloud-files/v1/use-cases/public-access-to-your-cloud-files-account/#tempurl). | `ABC123DEF456ABC123DEF456ABC123DE` |
 
 Regardless of whether the container has public access enabled or disabled, Fog
 uses the TempURL method to grant access to LFS objects. If you see error
@@ -465,24 +465,24 @@ gitlab_rails['object_store']['objects']['pages']['bucket'] = 'pages'
 
 This is the list of valid `objects` that can be used:
 
-|  Type              | Description |
-|--------------------|---------------|
-| `artifacts`        | [CI artifacts](job_artifacts.md) |
-| `external_diffs`   | [Merge request diffs](merge_request_diffs.md) |
-| `uploads`          | [User uploads](uploads.md) |
-| `lfs`              | [Git Large File Storage objects](lfs/index.md) |
-| `packages`         | [Project packages (e.g. PyPI, Maven, NuGet, etc.)](packages/index.md) |
-| `dependency_proxy` | [GitLab Dependency Proxy](packages/dependency_proxy.md) |
-| `terraform_state`  | [Terraform state files](terraform_state.md) |
-| `pages`            | [GitLab Pages](pages/index.md) |
+|  Type              | Description                                                                |
+|--------------------|----------------------------------------------------------------------------|
+| `artifacts`        | [CI artifacts](job_artifacts.md)                                           |
+| `external_diffs`   | [Merge request diffs](merge_request_diffs.md)                              |
+| `uploads`          | [User uploads](uploads.md)                                                 |
+| `lfs`              | [Git Large File Storage objects](lfs/index.md)                             |
+| `packages`         | [Project packages (for example, PyPI, Maven, or NuGet)](packages/index.md) |
+| `dependency_proxy` | [GitLab Dependency Proxy](packages/dependency_proxy.md)                    |
+| `terraform_state`  | [Terraform state files](terraform_state.md)                                |
+| `pages`            | [GitLab Pages](pages/index.md)                                             |
 
 Within each object type, three parameters can be defined:
 
-| Setting          | Required? | Description |
-|------------------|-----------|-------------|
-| `bucket`         | Yes       | The bucket name for the object storage. |
-| `enabled`        | No        | Overrides the common parameter |
-| `proxy_download` | No        | Overrides the common parameter |
+| Setting          | Required?              | Description                         |
+|------------------|------------------------|-------------------------------------|
+| `bucket`         | **{check-circle}** Yes | Bucket name for the object storage. |
+| `enabled`        | **{dotted-circle}** No | Overrides the common parameter.     |
+| `proxy_download` | **{dotted-circle}** No | Overrides the common parameter.     |
 
 #### Selectively disabling object storage
 
@@ -542,21 +542,21 @@ original configuration (for example, `artifacts_object_store_enabled`, or
 For configuring object storage in GitLab 13.1 and earlier, or for storage types not
 supported by consolidated configuration form, refer to the following guides:
 
-|Object storage type|Supported by consolidated configuration?|
-|-------------------|----------------------------------------|
-| [Backups](../raketasks/backup_restore.md#uploading-backups-to-a-remote-cloud-storage) | No |
-| [Job artifacts](job_artifacts.md#using-object-storage) including archived job logs | Yes |
-| [LFS objects](lfs/index.md#storing-lfs-objects-in-remote-object-storage) | Yes |
-| [Uploads](uploads.md#using-object-storage) | Yes |
-| [Container Registry](packages/container_registry.md#use-object-storage) (optional feature) | No |
-| [Merge request diffs](merge_request_diffs.md#using-object-storage) | Yes |
-| [Mattermost](https://docs.mattermost.com/administration/config-settings.html#file-storage)| No |
-| [Packages](packages/index.md#using-object-storage) (optional feature) | Yes |
-| [Dependency Proxy](packages/dependency_proxy.md#using-object-storage) (optional feature) **(PREMIUM SELF)** | Yes |
-| [Pseudonymizer](pseudonymizer.md#configuration) (optional feature) **(ULTIMATE SELF)** | No |
-| [Autoscale runner caching](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching) (optional for improved performance) | No |
-| [Terraform state files](terraform_state.md#using-object-storage) | Yes |
-| [GitLab Pages content](pages/index.md#using-object-storage) | Yes |
+| Object storage type | Supported by consolidated configuration? |
+|---------------------|------------------------------------------|
+| [Backups](../raketasks/backup_restore.md#uploading-backups-to-a-remote-cloud-storage) | **{dotted-circle}** No |
+| [Job artifacts](job_artifacts.md#using-object-storage) including archived job logs | **{check-circle}** Yes |
+| [LFS objects](lfs/index.md#storing-lfs-objects-in-remote-object-storage) | **{check-circle}** Yes |
+| [Uploads](uploads.md#using-object-storage) | **{check-circle}** Yes |
+| [Container Registry](packages/container_registry.md#use-object-storage) (optional feature) | **{dotted-circle}** No |
+| [Merge request diffs](merge_request_diffs.md#using-object-storage) | **{check-circle}** Yes |
+| [Mattermost](https://docs.mattermost.com/administration/config-settings.html#file-storage)| **{dotted-circle}** No |
+| [Packages](packages/index.md#using-object-storage) (optional feature) | **{check-circle}** Yes |
+| [Dependency Proxy](packages/dependency_proxy.md#using-object-storage) (optional feature) **(PREMIUM SELF)** | **{check-circle}** Yes |
+| [Pseudonymizer](pseudonymizer.md#configuration) (optional feature) **(ULTIMATE SELF)** | **{dotted-circle}** No |
+| [Autoscale runner caching](https://docs.gitlab.com/runner/configuration/autoscale.html#distributed-runners-caching) (optional for improved performance) | **{dotted-circle}** No |
+| [Terraform state files](terraform_state.md#using-object-storage) | **{check-circle}** Yes |
+| [GitLab Pages content](pages/index.md#using-object-storage) | **{check-circle}** Yes |
 
 ### Other alternatives to file system storage
 
@@ -709,10 +709,10 @@ only encrypted objects are uploaded](https://aws.amazon.com/premiumsupport/knowl
 To do this, you must configure GitLab to send the proper encryption headers
 in the `storage_options` configuration section:
 
-|            Setting                  | Description |
-|-------------------------------------|-------------|
-| `server_side_encryption`            | Encryption mode (`AES256` or `aws:kms`) |
-| `server_side_encryption_kms_key_id` | Amazon Resource Name. Only needed when `aws:kms` is used in `server_side_encryption`. See the [Amazon documentation on using KMS encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) |
+| Setting                             | Description                              |
+|-------------------------------------|------------------------------------------|
+| `server_side_encryption`            | Encryption mode (`AES256` or `aws:kms`). |
+| `server_side_encryption_kms_key_id` | Amazon Resource Name. Only needed when `aws:kms` is used in `server_side_encryption`. See the [Amazon documentation on using KMS encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html). |
 
 As with the case for default encryption, these options only work when
 the Workhorse S3 client is enabled. One of the following two conditions
diff --git a/doc/administration/postgresql/replication_and_failover.md b/doc/administration/postgresql/replication_and_failover.md
index 878d2b536cb..f7e8ae776b8 100644
--- a/doc/administration/postgresql/replication_and_failover.md
+++ b/doc/administration/postgresql/replication_and_failover.md
@@ -118,11 +118,10 @@ When using default setup, minimum configuration requires:
 Few notes on the service itself:
 
 - The service runs under a system account, by default `gitlab-consul`.
-  - If you are using a different username, you will have to specify it. We
-    will refer to it with `CONSUL_USERNAME`,
-- There will be a database user created with read-only access to the repmgr
-  database
-- Passwords will be stored in the following locations:
+  - If you are using a different username, you have to specify it through the
+    `CONSUL_USERNAME` variable.
+- A database user is created with read-only access to the `repmgr` database.
+- Passwords are stored in the following locations:
   - `/etc/gitlab/gitlab.rb`: hashed
   - `/var/opt/gitlab/pgbouncer/pg_auth`: hashed
   - `/var/opt/gitlab/consul/.pgpass`: plaintext
@@ -178,7 +177,7 @@ Few notes on the service itself:
 - If you use a non-default user account for PgBouncer service (by default `pgbouncer`), you will have to specify this username. We will refer to this requirement with `PGBOUNCER_USERNAME`.
 - The service will have a regular database user account generated for it
   - This defaults to `repmgr`
-- Passwords will be stored in the following locations:
+- Passwords are stored in the following locations:
   - `/etc/gitlab/gitlab.rb`: hashed, and in plain text
   - `/var/opt/gitlab/pgbouncer/pg_auth`: hashed
 
@@ -198,8 +197,8 @@ When installing the GitLab package, do not supply `EXTERNAL_URL` value.
 
 #### Configuring Patroni cluster
 
-You must enable Patroni explicitly to be able to use it (with `patroni['enable'] = true`). When Patroni is enabled
-repmgr will be disabled automatically.
+You must enable Patroni explicitly to be able to use it (with `patroni['enable'] = true`). When Patroni is enabled,
+`repmgr` is automatically disabled.
 
 Any PostgreSQL configuration item that controls replication, for example `wal_level`, `max_wal_senders`, etc, are strictly
 controlled by Patroni and will override the original settings that you make with the `postgresql[...]` configuration key.
@@ -210,7 +209,7 @@ configuration key.
 
 NOTE:
 The configuration of a Patroni node is very similar to a repmgr but shorter. When Patroni is enabled, first you can ignore
-any replication setting of PostgreSQL (it will be overwritten anyway). Then you can remove any `repmgr[...]` or
+any replication setting of PostgreSQL (it is overwritten anyway). Then you can remove any `repmgr[...]` or
 repmgr-specific configuration as well. Especially, make sure that you remove `postgresql['shared_preload_libraries'] = 'repmgr_funcs'`.
 
 Here is an example similar to [the one that was done with repmgr](#configuring-repmgr-nodes):
@@ -348,7 +347,7 @@ If you enable Monitoring, it must be enabled on **all** database servers.
 1. Ensure each node is talking to the current master:
 
    ```shell
-   gitlab-ctl pgb-console # You will be prompted for PGBOUNCER_PASSWORD
+   gitlab-ctl pgb-console # Supply PGBOUNCER_PASSWORD when prompted
    ```
 
    If there is an error `psql: ERROR:  Auth failed` after typing in the
@@ -415,7 +414,7 @@ Refer to your preferred Load Balancer's documentation for further guidance.
 
 ### Configuring the Application nodes
 
-These will be the nodes running the `gitlab-rails` service. You may have other
+Application nodes run the `gitlab-rails` service. You may have other
 attributes set, but the following need to be set.
 
 1. Edit `/etc/gitlab/gitlab.rb`:
@@ -448,7 +447,7 @@ in the Troubleshooting section before proceeding.
 
 ### Backups
 
-Do not backup or restore GitLab through a PgBouncer connection: this will cause a GitLab outage.
+Do not backup or restore GitLab through a PgBouncer connection: this causes a GitLab outage.
 
 [Read more about this and how to reconfigure backups](../../raketasks/backup_restore.md#backup-and-restore-for-installations-using-pgbouncer).
 
@@ -720,8 +719,8 @@ Using Patroni instead of Repmgr is supported for PostgreSQL 11 and required for
 
 Patroni is an opinionated solution for PostgreSQL high-availability. It takes the control of PostgreSQL, overrides its
 configuration and manages its lifecycle (start, stop, restart). This is a more active approach when compared to repmgr.
-Both repmgr and Patroni are both supported and available. But Patroni will be the default (and perhaps the only) option
-for PostgreSQL 12 clustering and cascading replication for Geo deployments.
+Both `repmgr` and Patroni are supported and available. Patroni is the only option for PostgreSQL 12 clustering and
+for cascading replication for Geo deployments.
 
 The [architecture](#example-recommended-setup-manual-steps) (that was mentioned above) does not change for Patroni.
 You do not need any special consideration for Patroni while provisioning your database nodes. Patroni heavily relies on
@@ -891,8 +890,8 @@ You can switch an exiting database cluster to use Patroni instead of repmgr with
 
 1. On the primary node, [configure Patroni](#configuring-patroni-cluster). Remove `repmgr` and any other
    repmgr-specific configuration. Also remove any configuration that is related to PostgreSQL replication.
-1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) on the primary node. It will become
-   the leader. You can check this with:
+1. [Reconfigure Omnibus GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) on the primary node.
+   It makes it the leader. You can check this with:
 
    ```shell
    sudo gitlab-ctl tail patroni
@@ -920,13 +919,13 @@ upgrading PostgreSQL.
 Here are a few key facts that you must consider before upgrading PostgreSQL:
 
 - The main point is that you will have to **shut down the Patroni cluster**. This means that your
-  GitLab deployment will be down for the duration of database upgrade or, at least, as long as your leader
+  GitLab deployment is down for the duration of database upgrade or, at least, as long as your leader
   node is upgraded. This can be **a significant downtime depending on the size of your database**.
 
 - Upgrading PostgreSQL creates a new data directory with a new control data. From Patroni's perspective
   this is a new cluster that needs to be bootstrapped again. Therefore, as part of the upgrade procedure,
-  the cluster state, which is stored in Consul, will be wiped out. Once the upgrade is completed, Patroni
-  will be instructed to bootstrap a new cluster. **Note that this will change your _cluster ID_**.
+  the cluster state (stored in Consul) is wiped out. Once the upgrade is completed, Patroni
+  bootstraps a new cluster. **Note that this changes your _cluster ID_**.
 
 - The procedures for upgrading leader and replicas are not the same. That is why it is important to use the
   right procedure on each node.
@@ -1284,7 +1283,7 @@ after it has been restored to service.
   When the server is brought back online, and before
   you switch it to a standby node, repmgr will report that there are two masters.
   If there are any clients that are still attempting to write to the old master,
-  this will cause a split, and the old master will need to be resynced from
+  there can be a split. The old master has to be resynced from
   scratch by performing a `gitlab-ctl repmgr standby setup NEW_MASTER`.
 
 #### Add a failed master back into the cluster as a standby node
@@ -1313,12 +1312,12 @@ after it has been restored to service.
 
 #### Database authorization
 
-By default, we give any host on the database network the permission to perform
+By default, any host on the database network has permission to perform
 repmgr operations using PostgreSQL's `trust` method. If you do not want this
-level of trust, there are alternatives.
+level of trust, there are alternatives:
 
-You can trust only the specific nodes that will be database clusters, or you
-can require md5 authentication.
+- Trust only specific database cluster nodes.
+- Require md5 authentication.
 
 #### Trust specific addresses
 
@@ -1400,7 +1399,7 @@ steps to fix the problem:
 1. On the master database node, connect to the database prompt - `gitlab-psql -d template1`
 1. Delete the `gitlab-consul` user - `DROP USER "gitlab-consul";`
 1. Exit the database prompt - `\q`
-1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) and the user will be re-added with the proper permissions.
+1. [Reconfigure GitLab](../restart_gitlab.md#omnibus-gitlab-reconfigure) to re-add the user with the proper permissions.
 1. Change to the `gitlab-consul` user - `su - gitlab-consul`
 1. Try the check command again - `gitlab-ctl repmgr-check-master`.
 
diff --git a/doc/development/usage_ping/dictionary.md b/doc/development/usage_ping/dictionary.md
index 219bd08f063..e3a343f0f75 100644
--- a/doc/development/usage_ping/dictionary.md
+++ b/doc/development/usage_ping/dictionary.md
@@ -4120,9 +4120,9 @@ Count the total number of log views
 
 [YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/metrics/counts_all/20210216175021_pod_logs_usages_total.yml)
 
-Group: `group::apm`
+Group: `group::monitor`
 
-Status: `data_available`
+Status: `deprecated`
 
 Tiers: `free`
 
@@ -5500,9 +5500,9 @@ Projects with Prometheus alerting enabled
 
 [YAML definition](https://gitlab.com/gitlab-org/gitlab/-/blob/master/config/metrics/counts_all/20210216175019_projects_with_prometheus_alerts.yml)
 
-Group: `group::apm`
+Group: `group::monitor`
 
-Status: `data_available`
+Status: `deprecated`
 
 Tiers: `free`
 
@@ -15896,7 +15896,7 @@ Projects with Prometheus alerting enabled
 
 Group: `group::configure`
 
-Status: `data_available`
+Status: `deprecated`
 
 Tiers: `free`, `premium`, `ultimate`
 
@@ -17758,7 +17758,7 @@ Projects with Prometheus alerting enabled
 
 Group: `group::monitor`
 
-Status: `data_available`
+Status: `deprecated`
 
 Tiers: `free`, `premium`, `ultimate`
 
diff --git a/doc/development/usage_ping/metrics_dictionary.md b/doc/development/usage_ping/metrics_dictionary.md
index c888a9858a6..56cda8ada21 100644
--- a/doc/development/usage_ping/metrics_dictionary.md
+++ b/doc/development/usage_ping/metrics_dictionary.md
@@ -34,7 +34,7 @@ Each metric is defined in a separate YAML file consisting of a number of fields:
 | `product_group`     | yes      | The [group](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/data/stages.yml) that owns the metric. |
 | `product_category`  | no       | The [product category](https://gitlab.com/gitlab-com/www-gitlab-com/blob/master/data/categories.yml) for the metric. |
 | `value_type`        | yes      | `string`; one of [`string`, `number`, `boolean`, `object`](https://json-schema.org/understanding-json-schema/reference/type.html).                                                     |
-| `status`            | yes      | `string`; [status](#metric-statuses) of the metric, may be set to `data_available`, `implemented`, `not_used`, `deprecated`, `removed`. |
+| `status`            | yes      | `string`; [status](#metric-statuses) of the metric, may be set to `data_available`, `implemented`, `not_used`, `deprecated`, `removed`, `broken`. |
 | `time_frame`        | yes      | `string`; may be set to a value like `7d`, `28d`, `all`, `none`. |
 | `data_source`       | yes      | `string`; may be set to a value like `database`, `redis`, `redis_hll`, `prometheus`, `system`. |
 | `instrumentation_class` | no   | `string`; [the class that implements the metric](metrics_instrumentation.md).  |
@@ -43,6 +43,7 @@ Each metric is defined in a separate YAML file consisting of a number of fields:
 | `milestone`         | no       | The milestone when the metric is introduced. |
 | `milestone_removed` | no       | The milestone when the metric is removed. |
 | `introduced_by_url` | no       | The URL to the Merge Request that introduced the metric. |
+| `repair_issue_url`  | no       | The URL of the issue that was created to repair a metric with a `broken` status. |
 | `options`           | no       | `object`: options information needed to calculate the metric value. |
 | `skip_validation`   | no       | This should **not** be set. [Used for imported metrics until we review, update and make them valid](https://gitlab.com/groups/gitlab-org/-/epics/5425). |
 
@@ -53,6 +54,7 @@ Metric definitions can have one of the following statuses:
 - `data_available`: Metric data is available and used in a Sisense dashboard.
 - `implemented`: Metric is implemented but data is not yet available. This is a temporary
   status for newly added metrics awaiting inclusion in a new release.
+- `broken`: Metric reports broken data (for example, -1 fallback), or does not report data at all. A metric marked as `broken` must also have the `repair_issue_url` attribute.
 - `not_used`: Metric is not used in any dashboard.
 - `deprecated`: Metric is deprecated and possibly planned to be removed.
 - `removed`: Metric was removed, but it may appear in Usage Ping payloads sent from instances running on older versions of GitLab.
diff --git a/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md b/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md
index 86e34842aaf..5d126ff9653 100644
--- a/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md
+++ b/doc/user/project/pages/custom_domains_ssl_tls_certification/lets_encrypt_integration.md
@@ -67,7 +67,7 @@ associated Pages domain. GitLab also renews it automatically.
 
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/30146) in GitLab 13.0.
 
-If you get an error **Something went wrong while obtaining the Let's Encrypt certificate**, you can try obtaining the certificate again by following these steps:
+If you get an error **Something went wrong while obtaining the Let's Encrypt certificate**, first, make sure that your pages site is set to "Everyone" in your project's **Settings > General > Visbility**. This allows the Let's Encrypt Servers reach your pages site. Once this is confirmed, you can try obtaining the certificate again by following these steps:
 
 1. Go to your project's **Settings > Pages**.
 1. Click **Edit** on your domain.