Discuss: Switching Container Registry to opt-in by default with new database requirement

Summary

Currently in Omnibus the Container Registry is enabled when SSL with Let's Encrypt is enabled:

If you installed GitLab by using the Linux package, the container registry may or may not be available by default.

The container registry is automatically enabled and available on your GitLab domain, port 5050 if you're using the built-in Let's Encrypt integration.

Problem

With the introduction of the Container Registry Metadata Database, this automatic enablement behavior becomes problematic.

The requirement of a database specifically creates a new challenge as it's not possible that the database is automatically created in all environment setups and manual preparation is required.

Proposal

To ensure clarity and intentionality, we should explore adjusting the default behavior so that the Container Registry is disabled by default, allowing customers to cleanly opt in with all requirements properly configured as guided by documentation.

This would be a breaking change but one that is justifiable for several reasons:

1. Infrastructure requirements: The database dependency fundamentally changes the resource and configuration requirements
2. Deployment complexity: Different environments (single-node, HA, Geo) have different database setup needs
3. Customer control: Users should explicitly choose to enable features that require additional infrastructure
4. Operational clarity: Explicit enablement ensures users understand they're adopting a database-backed service with associated maintenance responsibilities

Ideally this would apply for new installs only although this isn't immediately simple to do.

Issue to discuss.