Documentation Index
Fetch the complete documentation index at: https://docs.slipway.sh/llms.txt
Use this file to discover all available pages before exploring further.
| Thing | Value |
|---|---|
| Manifest version | 1 |
| Service name regex | ^[a-z][a-z0-9-]{0,30}$ |
| Public-port prefix regex | ^[a-z][a-z0-9-]{0,30}$ |
| Secret / variable name regex | ^[A-Z][A-Z0-9_]*$ |
| Public ports per service | 1 |
| Pod replicas per service | 1 |
| Ephemeral deploy TTL — default | 5 minutes |
| Ephemeral TTL clock starts | when status reaches healthy |
| PR-preview subdomain | pr-<n> (stable across commits) |
| Manual / ephemeral subdomain | <short-id>-<rand> (unique per deploy) |
| Tenant namespace | sl-<dep-id> |
| Invite expiry | 7 days |
| Log retention | 30 days (ClickHouse TTL) |
| Live-log replay ring | 256 KB per in-flight deployment |
| Logs search page size | 500 lines |
| Deployments list default page size | 15 |
| Repos list default page size | 24 |
| Max page size on any list | 100 |
Per-deployment resources
Each tenant namespace has aResourceQuota and LimitRange applied at creation. The exact numbers depend on your org’s plan. CPU and memory you request in services.*.resources must fit inside the quota — if they don’t, the deploy fails at the deploying phase.
Tenant isolation
| Layer | Enforcement |
|---|---|
| Namespace | One namespace per deployment (sl-<dep-id>). |
| Network | Default-deny NetworkPolicy; only the platform Ingress and registry can reach tenant pods. |
| CPU / memory | ResourceQuota per namespace. |
| Filesystem | gVisor sandboxing on application code. |
| Pod-Security Admission | pod-security.kubernetes.io/enforce: baseline. |
baseline rather than restricted so images that use named users (USER node) work — kubelet can’t verify a named user under runAsNonRoot: true.