PaaS Team Manual
Incident and support model
Support Runbook
Response
How-to
- How to close billable accounts
- How to do common support tasks
- How to do user and organisation management
- How to use GPG
- How to respond to CVEs and upgrade stemcells and cflinuxfs
- How to enable Github OAuth for your dev environment
- How to sign into your CF admin account
- How to connect to Concourse, Credhub, and BOSH
- How to set up VPC Peering
- How to upgrade BOSH
- How to upgrade Concourse
- How to upgrade cf-deployment
- How to upgrade buildpacks
- How to update Logstash filters in Logit
- How to find route owners
- How to find apps with noisy logging
- How to find activity
- How to restore Opensearch backups
- Shipping Elasticsearch metrics to our tenants
- How to apply tenant ElastiCache (redis) service updates
- How to restore the CF databases
- How to restore the bosh director
- How to release bosh blobs
- How to run
paas-cf
tests locally - How to rotate credentials
- How to test Alertmanager
- How to look up users by Google IDs
- How to disable a single AZ on GOV.UK PaaS
- How to contact cyber
- How to reduce Logit volume
- How to resolve Kibana indexing errors
- How to get the Google Search Console back
- How to manage frontend dependencies
- How to use the fast-startup-and-shutdown pipelines
- How to enable private access to backing services
- How to update Docker images
Other information
- Our orgs on the paas
- Enhancing Kibana
- Investigating Rsyslog issues
- Cloud Foundry debugging tips
- Tenant application penetration testing
- Spruce (for merging YAML)
- Effective remote pairing
- Platform alerting
Tenant Account Management
- Account lifecycle
- Closing GOV.UK PaaS trial accounts
- Getting data about trial accounts
- Tenant personal data
Tenant Billing
Team Accounts and Software
- So you’re the person on support for GOV.UK PaaS
- Zendesk
- Statuspage
- Pagerduty
- Documentation for tenants (
paas-tech-docs
) - Third parties cloud accounts
Policies and Procedures
Team process
Working practices
Technical Design
- Audit
- BOSH
- GOV.UK PaaS Architecture Document (team visibility)
- Prometheus
- Networking in AWS
Styleguides
This section contains some team-specific styleguides. These should be used in addition to the GDS styleguides.
Upcoming Plans
Architecture decision records
This section contains Architecture Decision Records (ADR) as described in this blog post http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions.
- ADR-001 Manifest management
- ADR-002 Concourse pool resource
- ADR-003 AWS credentials
- ADR-004 Domain naming scheme
- ADR-005 Pingdom healthchecks
- ADR-006 Rds broker
- ADR-007 Terminating tls at elbs
- ADR-008 HAProxy for request rewriting
- ADR-009 X-Forwarded headers
- ADR-010 Postgres bind behaviour
- ADR-011 Security group structure
- ADR-012 Haproxy healthcheck
- ADR-013 Building bosh releases
- ADR-014 Hsts preload using api gateway
- ADR-015 Rds storage encryption plans
- ADR-016 End to end encryption
- ADR-017 Cell capacity assignment
- ADR-018 Rds broker restore last operation
- ADR-019 Accessing user provided services
- ADR-020 Deletion of ci environment
- ADR-021 Cell capacity assignment 2
- ADR-022 Web app language and framework selection
- ADR-023 Idle cpu alerting change
- ADR-024 Web app language and framework selection
- ADR-025 Service plan naming conventions
- ADR-026 DNS layout for UK hosting
- ADR-027 Pipeline locking
- ADR-028 Move platform logs to Logit
- ADR-029 Aiven project structure
- ADR-030 Single staging environment in London
- ADR-031 Separate PaaS services from the Platform core pipeline
- ADR-032 SSL only for applications and cf endpoints
- ADR-033 Redirect http for applications
- ADR-034 Continuously deploy platform CF applications
- ADR-035 Do not use HAProxy, use AWS ALB
- ADR-036 Add new RDS broker plans
- ADR-037 Automated certificate rotation
- ADR-038 Audit logs in Splunk
- ADR-039 Provide Aiven metrics to users
- ADR-040 BOSH access without SOCKS
- ADR-041 BOSH access with mTLS
- ADR-042 Isolation segments
- ADR-043 New product pages language and framework selection
- ADR-044 Remove IPSec
- ADR-045 AWS WAF and WAF Log access by AWS DDoS Response Team
- ADR-046 Postgres Service Plans
- ADR-047 Postgres allowed-extensions approach
- ADR-048 Billing: Include record for services/resources provisioned for tenants
- ADR-049 Billing: Decouple what we’re calculating bills for from how the bills are calculated
- ADR-050 Plans for the cloudapps.digital domain post platform retirement
- ADR-051 How we plan to migrate from cflinuxfs3 to cflinuxfs4
- ADR-053 Plan for maintaining product pages post Ireland retirement