Skip to main content
GOV.UK
Developer docs
Menu
Get started
Manual
Kubernetes
Apps
Repos
Mobile
Schemas
Document types
Table of contents
Search (via Google)
Search
govuk-infrastructure
Introduction to GOV.UK infrastructure
Upgrading the cluster
Create a new environment
Kubernetes external secrets
Prerequisite Secrets
Content Delivery Network (CDN) - Fastly
architecture
decisions
0000-TEMPLATE
1. Record architecture decisions
2. Use aws-eks terraform module
3. Split terraform state into separate AWS cluster and Kubernetes resource phases
4. Use AWS Load Balancer Controller for edge traffic services
5. Use EKS managed node groups
6. Use Helm for application package management
7. Use fluentbit, elasticsearch and kibana for application logs
8. Use external-secrets for secrets storage
9. Use external-dns for DNS record management
10. Use Dex IdP for user web auth
11. Use AWS Graviton (ARM) for Compute Instances
12. Non-GOV.UK domain policy
13. Expose external metrics for HPA via Prometheus Adapter
14. Replace Terraform Cloud backend with AWS S3
15. Maintain a read-only IAM role
16. Use IAM Roles for External Services and Applications
17. Retire Use of GitHub Topics for Config Management
18. Use Concourse CI
19. Restructure CI/CD
20. Use Crossplane for abstraction
21. Give Fastly CNAME records a TTL of 300
22. Use Pkl for configuration
logit
logit
Intro
Home
Repos
govuk-infrastructure
!
Warning
This document has not been updated for a while now. It may be out of date.
Last updated:
16 Jun 2025
govuk-infrastructure: 0000-TEMPLATE
Date:
Status
Pending
Context
Decision
Consequences