GitLab Maintenance Mode only blocks writes from HTTP and SSH requests at the application level in a few key places within the rails application.
Search the codebase for
the read-only database method, which toggles special behavior when we are not allowed to write to the database. Search the codebase for
- the read-only middleware, where HTTP requests that cause database writes are blocked, unless explicitly allowed.
Git push access via SSH is denied by returning 401 when
/internal/allowedto check if access is allowed.
- Container registry authentication service, where updates to the container registry are blocked.
The database itself is not in read-only mode (except in a Geo secondary site) and can be written by sources other than the ones blocked.