Cloud Platform user guide
From August 2022, we’ll be rewriting and updating this documentation to make using the Cloud Platform simpler. If documentation is missing or isn’t clear, please let us know.
This user guide is for teams with applications or services deployed on, or intending to deploy to, the Ministry of Justice’s Cloud Platform.
Overview
Getting started
- Using the Cloud Platform CLI
- Creating a Cloud Platform environment
- Connecting to the Cloud Platform’s Kubernetes cluster
- Accessing the AWS console (read-only)
- Deploy your first Hello World application
- Publish prototypes on the web
- Removing an unneeded namespace
Containers
- Requirements for deploying a container to the Cloud Platform
- Creating an ECR repository for your Docker images
- Deploying a multi-container application to the Cloud Platform
Databases
- Adding AWS resources to your environment
- How do I run Rails database migrations?
- Upgrading your RDS database
- Migrating an RDS instance
- SSL connections with RDS
- Creating alerts for RDS
- Accessing your RDS database
- Viewing RDS Database Metrics
- RDS Snapshots
- Setup Postgres container
Storage
- Migrating an S3 bucket
- StatefulSets (Pods with Persistent Volumes)
- Storage Classes
- Persistent-Volume encryption and snapshot
Custom domains
- Using a custom domain
- Creating a Route 53 Hosted Zone for your DNS records
Security
- Security Controls on the Cloud Platform
- IP Filtering
- ModSecurity - Web Application Firewall
- Network Policies
- Adding a secret to an application
- Secrets overview
- Git-Crypt
- Security testing and ITHC
- Setup Ingress to redirect security.txt
Continuous deployment
- Setting up GitHub Actions CD with Helm
- Set up continuous deployment using GitHub Actions
- Continuous Deployment of an application using CircleCI and Helm
- Zero Downtime Deployments
Observability
Monitoring
- Using the Cloud Platform Prometheus, AlertManager and Grafana
- Getting application metrics into Prometheus
- Creating your own custom alerts
- Creating Pingdom checks
- Using the CloudWatch data source in Grafana
- Publish a Grafana Dashboard Snapshot
- Using PrometheusRule Linter in Github Action pipeline
Logging
Deprecations
- Migrating from live-1 to live domain name
- Removing Deprecated Ingress APIs for Cloud Platform - Kubernetes v1.22
- Removing Deprecated CronJob APIs for Cloud Platform
- Removing Deprecated PodDisruptionBudget APIs for Cloud Platform
Other topics
- Adding AWS resources to your environment
- Deploying an application to the Cloud Platform with Helm manually
- Applying a Maintenance Page
- Long-running environments operations
- Access cross AWS resources IRSA EKS cluster
- DNS Domain Name Length considerations
- CircleCI Security Incident - Secrets Rotation Guidance
Reference
Cloud Platform
- Technical overview of the Cloud Platform
- Cloud Platform Operational Processes
- Deploying to the Cloud Platform
- Apply Pipeline
- Cloud Platform Disaster Recovery
Kubernetes
- Kubernetes resources
- Kubernetes
- Namespace/Container Resource Limits
- Kubectl quick reference
- Troubleshooting guide
- PodDisruptionBudgets and Cluster maintenance
- Kubernetes Cronjobs
- Kubernetes jobs
- Kubernetes: namespace definition files
Getting help
Adding to the guide
If there’s something missing, please either let us know and we’ll add a new article, or if you’re comfortable writing one yourself, PRs will be gratefully received. Details on how to get in touch are in the “Getting Help” section above, and the “GitHub” link at the top right of this page will take you to the repository for this guide.
This page was last reviewed on 19 December 2022.
It needs to be reviewed again on 19 March 2023
.
This page was set to be reviewed before 19 March 2023.
This might mean the content is out of date.