Skip to main content
GOV.UK
Developer docs
Menu
Get started
Manual
Kubernetes
Apps
Repos
Mobile
Schemas
Document types
Table of contents
Search (via Google)
Search
govuk-infrastructure
Introduction to GOV.UK infrastructure
Upgrading the cluster
Create a new environment
Kubernetes external secrets
Prerequisite secrets
setting-up-content-delivery-network
architecture
decisions
0000-TEMPLATE
1. Record architecture decisions
2. Use `aws-eks` Terraform module
3. Split Terraform state into separate AWS cluster and Kubernetes resource phases
0004-use-aws-load-balancer-controller-for-edge-traffic-services
0005-use-eks-managed-node-groups
6. Use Helm for application package management
0007-use-fluentbit-elasticsearch-and-kibana-for-application-logs
8. Use external-secrets for secrets storage
9. Use `external-dns` for DNS record management
10. Use Dex IdP for user web auth
10. Use Dex IdP for user web authentication
0011-use-graviton-for-compute-instances
0012-non-govuk-domain-policy
0013-expose-external-metrics-for-hpa
14. Replace Terraform Cloud backend with AWS S3
15. Maintain a read-only IAM role
16. Use IAM roles for external services and applications
17. Retire use of GitHub topics for configuration management
0018-use-concourse-ci
19. Restructure CI/CD
20. Use Crossplane for abstraction
21. Give Fastly CNAME records a TTL of 300
22. Use Pkl for configuration
logit
logit
Intro
Home
Repos
govuk-infrastructure
!
Warning
This document has not been updated for a while now. It may be out of date.
Last updated:
16 Jun 2025
govuk-infrastructure: 0000-TEMPLATE
Date:
Status
Pending
Context
Decision
Consequences