1) Overview

Liferay PaaS is the managed cloud deployment option where Liferay manages infrastructure, security, and scalability on the customer's behalf. It builds on Cloud Native Experience and Cloud Provider Ready (GCP Ready), adding Liferay-managed infrastructure, managed services, and consumption-based resources. Customers deploy and manage their Liferay DXP application through a GitOps workflow. Liferay PaaS is currently available on Google Cloud Platform (GCP) only.

Each customer receives a dedicated GCP project and a dedicated regional Kubernetes cluster, ensuring full isolation of compute, networking, storage, and managed services. Customers do not have access to the GCP Console or underlying cloud infrastructure.

About Quotas and Limitations

This document describes two types of constraints:

• Quotas are resource allocations with default values included in your subscription. Most quotas are adjustable; additional capacity can be purchased as consumption add-ons. To request a quota increase, contact Liferay Support.

• Limitations are platform configurations that define what is and is not supported. Limitations reflect architectural decisions designed to ensure platform stability, security, and supportability.

Key Terms

For Cloud Native base terminology (Pod, Production Pod, Non-Production Pod, Cluster, Namespace, Environment, Activation Key), see the Cloud Native Quotas and Limitations. The following additional terms are specific to Liferay PaaS:

Term	Definition
Production Environment	A Liferay-managed environment provisioned with production-grade infrastructure resources (database, search, storage, observability, backup, TLS). Production Environments are intended for live production traffic and are configured with a clustering-capable license.xml.
Standard Environment	A general-purpose infrastructure tier with baseline resource quotas.
High-Performance Environment	A performance-tuned infrastructure tier with premium resource quotas, including a different compute node family, enhanced database offering, and larger default sizings.
Consumption Metric	A usage-based measurement (RAM, vCPU, storage, traffic, logs) tracked against per-environment included allocations and reconciled quarterly.
Client Extension	A custom application or microservice deployed alongside Liferay DXP within the PaaS infrastructure, consuming dedicated RAM and vCPU allocations.

Scope

This document describes quotas and limitations for Liferay PaaS subscriptions. It does not cover Liferay Cloud Native (customer-managed) or Liferay SaaS, which are separate deployment options with their own quotas. For Liferay Cloud Native quotas, see the Cloud Native Quotas and Limitations.

2) Product Limitations (Pod-Level)

Liferay PaaS inherits all Cloud Native pod-level limitations identically. In summary:

• Production Pods: Each namespace supports up to 1, 3, 5, 7, or 9 concurrently running Production Pods, determined by your subscription tier. CPU, memory, and concurrent users are unlimited.

• Non-Production Pods: Unlimited pods per namespace, supporting up to 5 concurrent users per namespace.

• Enforcement: Namespace-based. Liferay license validation prevents exceeding pod entitlements within a namespace.

For the complete pod limitation model, concurrency examples, counting rules, and enforcement details, see the Cloud Native Quotas and Limitations.

 

---

3) Consumption Quotas

Each PaaS environment includes consumption allocations as part of the subscription. Usage beyond included allocations can be pre-committed or billed as supplemental consumption.

3.1 Included Consumption Allocations

Metric	Definition	Included (Standard)	Included (HP)	Additional Capacity Unit	Adjustable	Billing
Client Extensions RAM	RAM (in GiB) allocated to run Client Extensions within the Liferay Cloud Infrastructure.	2 GiB	4 GiB	Per GiB	Yes	Quarterly
Client Extensions vCPU	vCPUs allocated to run Client Extensions within the Liferay Cloud Infrastructure. A vCPU is a virtual processor to which a physical CPU is assigned, in whole or in part.	3 vCPU	6 vCPU	Per vCPU	Yes	Quarterly
Storage	Data (in GBs) stored in the Backup service and Document Library service provided through Liferay Cloud Infrastructure.	1 TiB	1 TiB	Min. 100 GB	Yes	Quarterly
Database Storage	Data (in GiBs) used by the SQL database instance provisioned as part of Liferay Cloud Infrastructure, including database data and any replicas deployed for high-availability configurations.	100 GiB	100 GiB	Min. 100 GB	Yes	Quarterly
Traffic / Networking	Data transferred in and out of the customer application's environment, by load balancer response to end users, external integrations, and services in different zones of the same region.	1 TiB/month	2 TiB/month	Min. 100 GB	Yes	Quarterly
Logs	Volume of log data (in GiB) ingested by Liferay's Cloud Infrastructure.	300 GiB	1 TiB	Min. 30 GB	Yes	Quarterly

3.2 Consumption Visibility

Visibility Channel	Available
By Customer (Customer Portal)	Yes (goal: visibility on Project Usage in Customer Portal)

3.3 Billing Model

• Pre-committed: All consumption metrics are pre-committed. Customers commit to a baseline allocation as part of their subscription.

• Supplemental: Usage beyond committed allocations is billed as supplemental consumption. Additional capacity can also be pre-committed to cover anticipated growth.

• Billing frequency: Quarterly.

• Requesting increases: To adjust consumption allocations, contact Liferay Support or your account representative.

4) Application Plane Limitations

Liferay PaaS separates the platform into two layers: the infrastructure plane (managed by Liferay) and the application plane (accessible to customers). Customers deploy and manage Liferay DXP applications into Kubernetes through GitOps, with the following limitations on what can be configured at the application level.

4.1 Kubernetes Application Limitations

The following Kubernetes-native capabilities are not available to customers. These are locked out to prevent misconfiguration that could impact cost, availability, or supportability.

Capability	Status	Rationale
PodDisruptionBudget	Not supported	Managed by Liferay to ensure safe node operations.
TopologySpreadConstraints	Not supported	Managed by Liferay for optimal pod distribution across zones.
PodAffinity / AntiAffinity	Not supported	Misconfiguration can force creation of underused worker nodes, increasing cost.
Taints / Tolerations	Not supported	Misconfiguration may cause pods to be unschedulable.
HPA (Horizontal Pod Autoscaler)	Not supported	Scaling is configured through Liferay-defined mechanisms.
VPA (Vertical Pod Autoscaler)	Not supported	Resource sizing is configured through environment configuration.
Custom metrics	Not supported	Only Liferay-defined metrics are available.
Custom Helm charts	Not supported	Customers consume Liferay-published Helm charts via OCI registry.

4.2 Platform-Exposed Capabilities

Certain platform capabilities are exposed to customers through managed custom resource definitions (CRDs). These provide controlled access to specific features without requiring direct Kubernetes access:

• Application registration through Git configuration

• Custom domain management through Gateway and HTTPRoute resources

• Environment creation and deletion through Git-based environment configuration

4.3 Management Plane Limitations

Liferay PaaS provides customers with access to Argo CD, Grafana, and Git. Customers do not have access to the underlying cloud infrastructure, Kubernetes CLI (kubectl), or GCP Console.

Argo CD

Aspect	Detail
Access level	Read-only + Sync. Changes are made through Git, not through the Argo CD UI.
Customization	Not supported. Argo CD configuration, settings, plugins, and application definitions are managed by Liferay.

Grafana

Aspect	Detail
Access level	Read-only. Customers cannot create or modify dashboards, data sources, or alerting configurations.
Logs visibility	Container logs from Liferay pods are available. Kubernetes platform-level logs are not exposed.
Metrics visibility	Liferay-defined metrics are exposed. Customer-customized metrics are not supported.

Authentication

Argo CD and Grafana authenticate through Liferay's identity provider (Okta) with MFA enforcement.

4.4 Platform Access Limitations

Capability	Status
Shell access (kubectl exec)	Not supported
Kubernetes CLI (kubectl)	Not supported
GCP Console access	Not supported
CDN	Not available
Site-to-Site VPN / mTLS	Not available
Private Service Connect / Interconnect	Not available

5) Environment Quotas

5.1 Environment Types

Liferay PaaS provisions Liferay-managed environments. Each environment is a dedicated Kubernetes namespace with its own infrastructure resources within the customer's dedicated GCP project.

Environment Type	Description	Intended Use
Production	Production-grade infrastructure with full managed services, HA configuration, and automated backups.	Live production traffic.
UAT	Pre-production environment for acceptance testing and staging.	Staging, user acceptance testing.
Non-Production	Development and testing environment with reduced infrastructure footprint.	Development, QA, CI/CD validation.
Disaster Recovery	Separate dedicated GCP project and cluster, completely independent from the primary.	Business continuity, failover.

5.2 What's Included Per Environment

Each PaaS environment includes the following Liferay-managed resources:

Resource	Description
Managed Database	PostgreSQL database instance provisioned and operated by Liferay.
Managed Search	Managed Elasticsearch service operated by Liferay.
Object Storage	Cloud-backed document library storage for backups and documents.
Observability	Grafana dashboards with metrics and log streaming for monitoring and troubleshooting.
Backup	Automated database snapshots and document library backups with configurable retention.
TLS	Automated TLS certificate provisioning and renewal.
Ingress	HTTPS routing, SSL termination, and load balancing. IPv4 and IPv6 (dual-stack) supported at the load balancer.

6) Managed Services

Each PaaS environment includes fully managed infrastructure services provisioned and operated by Liferay. The following sections describe what is included and the scope of each service.

6.1 Database

Aspect	Detail
Included	Fully managed database instance within the dedicated GCP project.
Supported engines	PostgreSQL.
High Availability	Regional instances with automatic failover.
Backups	Automated snapshots managed by Liferay.
Included storage	100 GiB per environment (Standard and HP). Additional capacity available as a consumption add-on.

6.2 Search

Aspect	Detail
Included	Managed Elasticsearch service provisioned and operated by Liferay.
Scope	Search is a fully managed service. Customer customization of plugins, security settings, or cluster topology is not supported.
Liferay Enterprise Search	Available as an add-on subscription.

6.3 Storage (Document Library)

Aspect	Detail
Included	Cloud-backed object storage for document library and backup artifacts.
Included allocation	1 TiB per environment (Standard and HP). Additional capacity available as a consumption add-on.
Hot deploy	Artifacts can be uploaded directly to the extensions bucket; Liferay auto-detects and deploys without pod restart.

6.4 Backup

Aspect	Detail
Database backups	Automated database snapshots managed by Liferay.
Document library backups	Automated copies of document library to cloud storage.
Retention	30-day default retention.
Restore	Point-in-time recovery available. Restore status visible in Grafana.

6.5 Observability

Aspect	Detail
Metrics	Pre-built Grafana dashboards for Liferay DXP, pod resources, JVM, request performance, and database health.
Logs	Container logs from Liferay pods available in Grafana. Kubernetes platform-level logs are not exposed.
Retention	Up to 13 months for metrics. Log retention configurable separately.
Included log allocation	300 GiB (Standard), 1 TiB (HP). Additional capacity available as a consumption add-on.

 

7) Platform Services (Included)

Liferay PaaS includes the following platform services as part of the managed offering.

Capability	Included in PaaS	Notes
Build pipeline	Yes	Liferay provides a managed build pipeline. Customers may also use their own CI/CD pipeline to produce builds.
Build storage	Yes	Builds can be stored on GCR (container images) or GCS (workspace builds).
Migration tooling	Yes	Tooling for uploading database and document library content to the PaaS environment.
Backup and restore tooling	Yes	Blue/green restore operation tooling for managed backup and recovery workflows.
Helm charts	Yes	Liferay application Helm charts are available via OCI registry. Customers can pull the latest version of Liferay charts to apply to their application environments.

Customers are responsible for providing and operating their own Git repository for environment configuration and promotion workflows.

8) Compatibility Matrix

Liferay PaaS inherits the Cloud Native compatibility matrix with the following PaaS-specific adjustments for the initial GCP Ready release:

• Database engine: PostgreSQL.

• Customization Boundary: Modifications outside of supported configuration values will make your Liferay PaaS deployment out of support.

For the full compatibility matrix (DXP version, application server, image strategy, JDK, golden path scope, and support boundaries), see the Cloud Native Quotas and Limitations.

9) License Activation

Liferay provisions the license for each customer upon environment provisioning. The license.xml is deployed automatically as part of the initial setup.

For details on Virtual Cluster Key types and licensing model, see the Cloud Native Quotas and Limitations.

10) Responsibility Boundary

Liferay PaaS separates responsibilities between the customer and Liferay.

10.1 Customer Responsibilities

• Deploy and promote releases through Git and Argo CD

• Monitor application health through Argo CD, Grafana

• Manage environment configuration through Git

• Develop and deploy Client Extensions within allocated quotas

• Monitor consumption metrics against included allocations via the Customer Portal

10.2 Liferay Responsibilities

• Provision and manage the dedicated GCP project and regional Kubernetes cluster

• Provision license upon environment setup

• Operate and maintain managed database, search, storage, backup, and observability

• Provide and maintain build pipeline and build storage

• Provide and update Cloud Native tooling and GCP Ready packages

• Manage infrastructure-level security, OS patching, and Kubernetes version upgrades

• Support the platform and managed services at the applicable support tier