Skip to content

Container registry expiration policy: enabled by default for new projects

Problem to solve

In GitLab 12.8, we released the MVC of the Docker tag expiration policies for all new projects. However, currently, the feature is disabled by default. We should be following the Gitlab principle of 'default on', thereby helping users manage the size of the container registry.

Intended users

Further details

Path to supporting ALL projects with the expiration policies

We discussed how to best roll this feature out to all projects and have identified that we must:

Enabling the feature for projects created prior to 12.8 for GitLab.com

For GitLab.com we can turn on the feature for all existing projects once the performance update is implemented on the container registry side of things in #208220 (closed). With that improvement, it will be safe for any instance running the GitLab's Container Registry to enable existing projects without having to worry about overloading the background cleanup jobs.

Self-managed instances using an external container registry

For self-managed instances not running the GitLab container registry, they can enable at their own risk, using the application setting. Then once throttling is added, the setting can be removed entirely and all projects can have policies regardless of when they were created without worry.

Proposal

For both self-managed instances AND GitLab.com, enable by default, the Docker tag expiration policies for all new projects, 12.8 forward.

Permissions and Security

  • There are no permissions changes required for this issue.

Documentation

  • There are no documentation changes required for this change.
Edited by Tim Rizzi