PaaS Team Manual
Incident and support model
Support Runbook
Response
How-to
- How to do common support tasks
- How to do user and organisation management
- How to use GPG
- How to enable Github OAuth for your dev environment
- How to sign into your CF admin account
- How to connect to Concourse, Credhub, and BOSH
- How to set up VPC Peering
- How to upgrade CF, bosh and stemcells
- How to update Logstash filters in Logit
- How to view our data in splunk
- How to find route owners
- How to find apps with noisy logging
- How to find activity
- How to restore Elasticsearch backups
- Shipping Elasticsearch metrics to our tenants
- How to apply tenant ElastiCache (redis) service updates
- How to restore the CF databases
- How to restore the bosh director
- How to release bosh blobs
- How to run
paas-cftests locally - How to rotate credentials
- How to test Alertmanager
- How to look up users by Google IDs
- How to disable a single AZ on GOV.UK PaaS
- How to contact cyber
- How to reduce Logit volume
Other information
- Our orgs on the paas
- Enhancing Kibana
- Investigating Rsyslog issues
- Cloud Foundry debugging tips
- Tenant application penetration testing
- Spruce (for merging YAML)
- Effective remote pairing
- Platform alerting
Tenant Account Management
- Account lifecycle
- Closing GOV.UK PaaS trial accounts
- Getting data about trial accounts
- Tenant personal data
Tenant Billing
Team Accounts and Software
- Zendesk
- Statuspage
- Pagerduty
- Documentation for tenants (
paas-tech-docs) - Third parties cloud accounts
Policies and Procedures
Team process
Working practices
Technical Design
- Audit
- BOSH
- GOV.UK PaaS Architecture Document (team visibility)
- Prometheus
- Networking in AWS
Styleguides
This section contains some team-specific styleguides. These should be used in addition to the GDS styleguides.
Architecture decision records
This section contains Architecture Decision Records (ADR) as described in this blog post http://thinkrelevance.com/blog/2011/11/15/documenting-architecture-decisions.
- ADR-001 Manifest management
- ADR-002 Concourse pool resource
- ADR-003 AWS credentials
- ADR-004 Domain naming scheme
- ADR-005 Pingdom healthchecks
- ADR-006 Rds broker
- ADR-007 Terminating tls at elbs
- ADR-008 HAProxy for request rewriting
- ADR-009 X-Forwarded headers
- ADR-010 Postgres bind behaviour
- ADR-011 Security group structure
- ADR-012 Haproxy healthcheck
- ADR-013 Building bosh releases
- ADR-014 Hsts preload using api gateway
- ADR-015 Rds storage encryption plans
- ADR-016 End to end encryption
- ADR-017 Cell capacity assignment
- ADR-018 Rds broker restore last operation
- ADR-019 Accessing user provided services
- ADR-020 Deletion of ci environment
- ADR-021 Cell capacity assignment 2
- ADR-022 Web app language and framework selection
- ADR-023 Idle cpu alerting change
- ADR-024 Web app language and framework selection
- ADR-025 Service plan naming conventions
- ADR-026 DNS layout for UK hosting
- ADR-027 Pipeline locking
- ADR-028 Move platform logs to Logit
- ADR-029 Aiven project structure
- ADR-030 Single staging environment in London
- ADR-031 Separate PaaS services from the Platform core pipeline
- ADR-032 SSL only for applications and cf endpoints
- ADR-033 Redirect http for applications
- ADR-034 Continuously deploy platform CF applications
- ADR-035 Do not use HAProxy, use AWS ALB
- ADR-036 Add new RDS broker plans
- ADR-037 Automated certificate rotation
- ADR-038 Audit logs in Splunk
- ADR-039 Provide Aiven metrics to users
- ADR-040 BOSH access without SOCKS
- ADR-041 BOSH access with mTLS
- ADR-042 Isolation segments
- ADR-043 New product pages language and framework selection
- ADR-044 Remove IPSec
- ADR-045 AWS WAF and WAF Log access by AWS DDoS Response Team
- ADR-046 Postgres Service Plans
- ADR-047 Postgres allowed-extensions approach