Cloud Platform user guide

This user guide is for service teams with applications deployed, or intending to deploy, to the Ministry of Justice Cloud Platform.

Cloud Platform’s offering

The Cloud Platform manages the infrastructure that your application runs on and provides tooling for teams to deploy and manage their applications on that infrastructure.

• About the Cloud Platform
• What can be hosted on the Cloud Platform
• OFFICIAL SENSITIVE - can my service be hosted on the Cloud Platform?

Quickstart

• Technical overview of the Cloud Platform
• The Cloud Platform CLI
• Deploy your first Hello World application
• Create a GOV.UK Prototype Kit site
• Set up continuous deployment using GitHub Actions

How-to guides

• How to use kubectl to connect to the cluster
• Creating a Cloud Platform Environment
• Creating an ECR repository for your docker images
• Setting up GitHub Actions CD with Helm
• Creating a Route 53 Hosted Zone for your DNS records
• Adding AWS resources to your environment
• How do I run Rails database migrations?
• Removing an unneeded namespace

Concepts

• Kubernetes
• Deploying to the Cloud Platform
• Security Controls on the Cloud Platform

Tutorials

• Deploying a Hello World application
• Deploying a multi-container application to the Cloud Platform

Deploying with Helm and CircleCI

• Prerequisite for Live-1 deployment
• Continuous Deployment of an application using CircleCI and Helm
• Deploying an application to the Cloud Platform with Helm

Monitoring applications

• Using the Cloud Platform Prometheus, AlertManager and Grafana
• Getting application metrics into Prometheus
• Creating your own custom alerts
• Creating Pingdom checks
• Using the CloudWatch data source in Grafana

Application logging

• Application Log Collection and Storage
• Accessing Application Log Data

Other topics

• Adding a secret to an application
• Cloud Platform Support
• Zero Downtime Deployments
• Using a custom domain
• Creating alerts for RDS
• Accessing your RDS database
• Viewing RDS Database Metrics
• RDS Snapshots
• Setup Postgres container
• Time Zone Cronjobs
• How to decommission unused template deploy services
• Git-Crypt
• Kubernetes Cronjobs
• Kubernetes jobs
• IP Filtering
• Applying a Maintenance Page
• Kubectl quick reference
• StatefulSets (Pods with Persistent Volumes)
• Storage Classes
• Troubleshooting guide
• Long-running environments operations
• Upgrading an RDS instance
• Migrating an RDS instance
• SSL connections with RDS
• Secrets overview
• ModSecurity - Web Application Firewall
• Network Policies
• Persistent-Volume encryption and snapshot
• Migrating an S3 bucket
• Access cross AWS resources IRSA EKS cluster
• Access cross AWS resources IAM KOPS cluster
• Kibana Circleci Monitoring Dashboards
• Namespace/Container Resource Limits
• Checking the GitHub groups in your ID token
• Cloud Platform Disaster Recovery
• Apply Pipeline
• Security testing and ITHC

Reference

• Cloud Platform Operational Processes
• Kubernetes resources

Getting help

• Ask Cloud Platform

Adding to the guide

If there’s something missing, please either let us know and we’ll add a new article, or if you’re comfortable writing one yourself, PRs will be gratefully received. Details on how to get in touch are in the “Getting Help” section above, and the “GithHub” link at the top right of this page will take you to the repository for this guide.

This page was last reviewed on 23 June 2021. It needs to be reviewed again on 23 September 2021 .

This page was set to be reviewed before 23 September 2021. This might mean the content is out of date.