Internal workings of GitLab Maintenance Mode

Where is Maintenance Mode enforced?

GitLab Maintenance Mode only blocks writes from HTTP and SSH requests at the application level in a few key places within the rails application. Search the codebase for maintenance_mode?.

The database itself is not in read-only mode (except in a Geo secondary site) and can be written by sources other than the ones blocked.