diff options
Diffstat (limited to 'doc/administration/instance_limits.md')
-rw-r--r-- | doc/administration/instance_limits.md | 178 |
1 files changed, 128 insertions, 50 deletions
diff --git a/doc/administration/instance_limits.md b/doc/administration/instance_limits.md index 820006eeadf..9ea76ff6151 100644 --- a/doc/administration/instance_limits.md +++ b/doc/administration/instance_limits.md @@ -15,7 +15,7 @@ performance, data, or could even exhaust the allocated resources for the applica Rate limits can be used to improve the security and durability of GitLab. -For example, a simple script can make thousands of web requests per second. Whether malicious, apathetic, or just a bug, your application and infrastructure may not be able to cope with the load. Rate limits can help mitigate these types of attacks. +For example, one script can make thousands of web requests per second. Whether malicious, apathetic, or just a bug, your application and infrastructure may not be able to cope with the load. Rate limits can help to mitigate these types of attacks. Read more about [configuring rate limits](../security/rate_limits.md) in the Security documentation. @@ -25,17 +25,17 @@ Read more about [configuring rate limits](../security/rate_limits.md) in the Sec This setting limits the request rate to the issue creation endpoint. -Read more on [issue creation rate limits](../user/admin_area/settings/rate_limit_on_issues_creation.md). +Read more about [issue creation rate limits](../user/admin_area/settings/rate_limit_on_issues_creation.md). -- **Default rate limit** - Disabled by default +- **Default rate limit**: Disabled by default. ### By User or IP This setting limits the request rate per user or IP. -Read more on [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md). +Read more about [User and IP rate limits](../user/admin_area/settings/user_and_ip_rate_limits.md). -- **Default rate limit** - Disabled by default +- **Default rate limit**: Disabled by default. ### By raw endpoint @@ -43,9 +43,9 @@ Read more on [User and IP rate limits](../user/admin_area/settings/user_and_ip_r This setting limits the request rate per endpoint. -Read more on [raw endpoint rate limits](../user/admin_area/settings/rate_limits_on_raw_endpoints.md). +Read more about [raw endpoint rate limits](../user/admin_area/settings/rate_limits_on_raw_endpoints.md). -- **Default rate limit** - 300 requests per project, per commit and per file path +- **Default rate limit**: 300 requests per project, per commit and per file path. ### By protected path @@ -65,9 +65,18 @@ GitLab rate limits the following paths by default: '/admin/session' ``` -Read more on [protected path rate limits](../user/admin_area/settings/protected_paths.md). +Read more about [protected path rate limits](../user/admin_area/settings/protected_paths.md). -- **Default rate limit** - After 10 requests, the client must wait 60 seconds before trying again +- **Default rate limit**: After 10 requests, the client must wait 60 seconds before trying again. + +### Package Registry + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/57029) in GitLab 13.12. + +This setting limits the request rate on the Packages API per user or IP. For more information, see +[Package Registry Rate Limits](../user/admin_area/settings/package_registry_rate_limits.md). + +- **Default rate limit**: Disabled by default. ### Import/Export @@ -75,16 +84,16 @@ Read more on [protected path rate limits](../user/admin_area/settings/protected_ This setting limits the import/export actions for groups and projects. -| Limit | Default (per minute per user) | -| ----- | ----------------------------- | -| Project Import | 6 | -| Project Export | 6 | +| Limit | Default (per minute per user) | +|-------------------------|-------------------------------| +| Project Import | 6 | +| Project Export | 6 | | Project Export Download | 1 | -| Group Import | 6 | -| Group Export | 6 | -| Group Export | Download | 1 | +| Group Import | 6 | +| Group Export | 6 | +| Group Export Download | 1 | -Read more on [import/export rate limits](../user/admin_area/settings/import_export_rate_limits.md). +Read more about [import/export rate limits](../user/admin_area/settings/import_export_rate_limits.md). ### Rack attack @@ -92,9 +101,9 @@ This method of rate limiting is cumbersome, but has some advantages. It allows throttling of specific paths, and is also integrated into Git and container registry requests. -Read more on the [Rack Attack initializer](../security/rack_attack.md) method of setting rate limits. +Read more about the [Rack Attack initializer](../security/rack_attack.md) method of setting rate limits. -- **Default rate limit** - Disabled +- **Default rate limit**: Disabled. ### Member Invitations @@ -103,15 +112,58 @@ Limit the maximum daily member invitations allowed per group hierarchy. - GitLab.com: Free members may invite 20 members per day. - Self-managed: Invites are not limited. +### Webhook calls + +> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/61151) in GitLab 13.12. +> - [Deployed behind a feature flag](../user/feature_flags.md), disabled by default. +> - Disabled on GitLab.com. +> - Not recommended for production use. +> - To use in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-rate-limiting-for-webhooks). **(FREE SELF)** + +Limit the number of times any given webhook can be called per minute. +This only applies to project and group webhooks. + +Calls over the rate limit are logged into `auth.log`. + +```ruby +# If limits don't exist for the default plan, you can create one with: +# Plan.default.create_limits! + +Plan.default.actual_limits.update!(web_hook_calls: 10) +``` + +Set the limit to `0` to disable it. + +- **Default rate limit**: Disabled. + +#### Enable or disable rate limiting for webhooks **(FREE SELF)** + +Rate limiting for webhooks is under development and not ready for production use. It is +deployed behind a feature flag that is **disabled by default**. +[GitLab administrators with access to the GitLab Rails console](../administration/feature_flags.md) +can enable it. + +To enable it: + +```ruby +Feature.enable(:web_hooks_rate_limit) +``` + +To disable it: + +```ruby +Feature.disable(:web_hooks_rate_limit) +``` + ## Gitaly concurrency limit Clone traffic can put a large strain on your Gitaly service. To prevent such workloads from overwhelming your Gitaly server, you can set concurrency limits in Gitaly's configuration file. -Read more on [Gitaly concurrency limits](gitaly/configure_gitaly.md#limit-rpc-concurrency). +Read more about [Gitaly concurrency limits](gitaly/configure_gitaly.md#limit-rpc-concurrency). -- **Default rate limit** - Disabled +- **Default rate limit**: Disabled. -## Number of comments per issue, merge request or commit +## Number of comments per issue, merge request, or commit > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/22388) in GitLab 12.4. @@ -120,7 +172,7 @@ merge request, or commit. When the limit is reached, system notes can still be added so that the history of events is not lost, but user-submitted comments will fail. -- **Max limit:** 5.000 comments +- **Max limit**: 5,000 comments. ## Size of comments and descriptions of issues, merge requests, and epics @@ -132,7 +184,7 @@ item will not be created. It's possible that this limit will be changed to a lower number in the future. -- **Max size:** ~1 million characters / ~1 MB +- **Max size**: ~1 million characters / ~1 MB. ## Size of commit titles and descriptions @@ -152,7 +204,7 @@ The maximum number of issues loaded on the milestone overview page is 500. When the number exceeds the limit the page displays an alert and links to a paginated [issue list](../user/project/issues/managing_issues.md) of all issues in the milestone. -- **Limit:** 500 issues +- **Limit**: 500 issues. ## Number of pipelines per Git push @@ -174,13 +226,13 @@ Activity history for projects and individuals' profiles was limited to one year There is a limit when embedding metrics in GFM for performance reasons. -- **Max limit:** 100 embeds +- **Max limit**: 100 embeds. ## Number of webhooks On GitLab.com, the [maximum number of webhooks and their size](../user/gitlab_com/index.md#webhooks) per project, and per group, is limited. -To set this limit on a self-managed installation, where the default is `100` project webhooks and `50` group webhooks, run the following in the +To set this limit for a self-managed installation, where the default is `100` project webhooks and `50` group webhooks, run the following in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): ```ruby @@ -203,7 +255,7 @@ Set the limit to `0` to disable it. The [minimum time between pull refreshes](../user/project/repository/repository_mirroring.md) defaults to 300 seconds (5 minutes). -To change this limit on a self-managed installation, run the following in the +To change this limit for a self-managed installation, run the following in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): ```ruby @@ -220,14 +272,14 @@ Plan.default.actual_limits.update!(pull_mirror_interval_seconds: 200) GitLab ignores all incoming emails sent from auto-responders by looking for the `X-Autoreply` header. Such emails don't create comments on issues or merge requests. -## Amount of data sent from Sentry via Error Tracking +## Amount of data sent from Sentry through Error Tracking > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/14926) in GitLab 12.6. Sentry payloads sent to GitLab have a 1 MB maximum limit, both for security reasons and to limit memory consumption. -## Max offset allowed via REST API for offset-based pagination +## Max offset allowed by the REST API for offset-based pagination > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/34565) in GitLab 13.0. @@ -236,7 +288,7 @@ requested offset into the set of results. This limit is only applied to endpoint support keyset-based pagination. More information about pagination options can be found in the [API docs section on pagination](../api/README.md#pagination). -To set this limit on a self-managed installation, run the following in the +To set this limit for a self-managed installation, run the following in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): ```ruby @@ -246,7 +298,7 @@ To set this limit on a self-managed installation, run the following in the Plan.default.actual_limits.update!(offset_pagination_limit: 10000) ``` -- **Default offset pagination limit:** 50000 +- **Default offset pagination limit**: `50000`. Set the limit to `0` to disable it. @@ -272,7 +324,7 @@ will fail with a `job_activity_limit_exceeded` error. higher installations, this limit is defined under a `default` plan that affects all projects. This limit is disabled (`0`) by default. -To set this limit on a self-managed installation, run the following in the +To set this limit for a self-managed installation, run the following in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): ```ruby @@ -295,7 +347,7 @@ too many deployments fail with a `deployments_limit_exceeded` error. The default limit is 500 for all [GitLab self-managed and SaaS plans](https://about.gitlab.com/pricing/). -To change the limit on a self-managed installation, change the `default` plan's limit with the following +To change the limit for a self-managed installation, change the `default` plan's limit with the following [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session) command: ```ruby @@ -323,7 +375,7 @@ limit, the subscription will be considered invalid. or higher installations, this limit is defined under a `default` plan that affects all projects. By default, there is a limit of `2` subscriptions. -To set this limit on a self-managed installation, run the following in the +To set this limit for a self-managed installation, run the following in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): ```ruby @@ -348,7 +400,7 @@ On [GitLab Premium](https://about.gitlab.com/pricing/) self-managed or higher installations, this limit is defined under a `default` plan that affects all projects. By default, there is a limit of `10` pipeline schedules. -To set this limit on a self-managed installation, run the following in the +To set this limit for a self-managed installation, run the following in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): ```ruby @@ -426,6 +478,32 @@ installation, run the following in the [GitLab Rails console](operations/rails_c Plan.default.actual_limits.update!(ci_max_artifact_size_junit: 10) ``` +### Number of registered runners per scope + +> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/321368) in GitLab 13.12. + +The total number of registered runners is limited at the group and project +levels. Each time a new runner is registered, GitLab checks these limits. A +runner's registration fails if it exceeds the limit for the scope determined by +the runner registration token. + +- GitLab SaaS subscribers have different limits defined per plan, affecting all projects using that plan. +- Self-managed GitLab Premium and Ultimate limits are defined by a default plan that affects all projects: + + | Runner scope | Default value | + |---------------------------------------------|---------------| + | `ci_registered_group_runners` | 1000 | + | `ci_registered_project_runners` | 1000 | + + To update these limits, run the following in the + [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): + + ```ruby + # Use ci_registered_group_runners or ci_registered_project_runners + # depending on desired scope + Plan.default.actual_limits.update!(ci_registered_project_runners: 100) + ``` + ## Instance monitoring and metrics ### Incident Management inbound alert limits @@ -496,11 +574,11 @@ See [Environment Dashboard](../ci/environments/environments_dashboard.md#adding- Pods and Deployments. However, data over 10 MB for a certain environment read from Kubernetes won't be shown. -## Merge Request reports +## Merge request reports Reports that go over the 20 MB limit won't be loaded. Affected reports: -- [Merge Request security reports](../user/project/merge_requests/testing_and_reports_in_merge_requests.md#security-reports) +- [Merge request security reports](../user/project/merge_requests/testing_and_reports_in_merge_requests.md#security-reports) - [CI/CD parameter `artifacts:expose_as`](../ci/yaml/README.md#artifactsexpose_as) - [Unit test reports](../ci/unit_test_reports.md) @@ -514,8 +592,8 @@ You can set a limit on the content of repository files that are indexed in Elasticsearch. Any files larger than this limit will not be indexed, and thus will not be searchable. -Setting a limit helps reduce the memory usage of the indexing processes as well -as the overall index size. This value defaults to `1024 KiB` (1 MiB) as any +Setting a limit helps reduce the memory usage of the indexing processes and +the overall index size. This value defaults to `1024 KiB` (1 MiB) as any text files larger than this likely aren't meant to be read by humans. You must set a limit, as unlimited file sizes aren't supported. Setting this @@ -535,8 +613,8 @@ This is applicable to all indexed data except repository files that get indexed, which have a separate limit (see [Maximum file size indexed](#maximum-file-size-indexed)). -- On GitLab.com this is limited to 20000 characters -- For self-managed installations it is unlimited by default +- On GitLab.com, this is limited to 20,000 characters +- For self-managed installations, this is unlimited by default This limit can be configured for self-managed installations when [enabling Elasticsearch](../integration/elasticsearch.md#enabling-advanced-search). @@ -550,7 +628,7 @@ Set the limit to `0` to disable it. ## Snippets limits -See the [documentation on Snippets settings](snippets/index.md). +See the [documentation about Snippets settings](snippets/index.md). ## Design Management limits @@ -587,14 +665,14 @@ More information can be found in the [Push event activities limit and bulk push On GitLab.com, the maximum file size for a package that's uploaded to the [GitLab Package Registry](../user/packages/package_registry/index.md) varies by format: -- Conan: 5GB -- Generic: 5GB -- Maven: 5GB -- npm: 5GB -- NuGet: 5GB -- PyPI: 5GB +- Conan: 5 GB +- Generic: 5 GB +- Maven: 5 GB +- npm: 5 GB +- NuGet: 5 GB +- PyPI: 5 GB -To set this limit on a self-managed installation, run the following in the +To set this limit for a self-managed installation, run the following in the [GitLab Rails console](operations/rails_console.md#starting-a-rails-console-session): ```ruby |