From 867864990de4efebc5754f506614b85dbc6f2c15 Mon Sep 17 00:00:00 2001 From: kr8n3r Date: Sun, 14 Mar 2021 16:46:06 +0000 Subject: [PATCH] Add row headers to tables As per https://github.com/alphagov/tdt-documentation/pull/146 example --- source/accounts/billing_info.html.md | 6 +- .../accounts/closing_trial_accounts.html.md | 12 +- .../ADR004-domain-naming-scheme.html.md | 32 ++--- .../ADR021-cell-capacity-assignment-2.html.md | 8 +- .../ADR026-DNS-layout-for-UK-hosting.html.md | 8 +- .../ADR036-add-new-rds-broker-plans.html.md | 110 +++++++++--------- ...nt_Application_Penetration_Testing.html.md | 78 ++++++------- source/guides/enhancing_kibana.html.md | 22 ++-- source/guides/test_alertmanager.html.md | 8 +- .../support_manual.html.md | 8 +- source/support/zendesk.html.md | 58 ++++----- source/team/orientation.html.md | 10 +- source/technical_design/prometheus.html.md | 12 +- 13 files changed, 186 insertions(+), 186 deletions(-) diff --git a/source/accounts/billing_info.html.md b/source/accounts/billing_info.html.md index afe6f948..867b851c 100644 --- a/source/accounts/billing_info.html.md +++ b/source/accounts/billing_info.html.md @@ -63,9 +63,9 @@ Billing frequency is dictated by the level of usage. The table below gives a gui | Approx. billable amount per month | Billing frequency | | --- | --- | -| <£1000 | Yearly | -| £1000-£5000 | 6 monthly | -| > £5000 | Quarterly | +|# <£1000 | Yearly | +|# £1000-£5000 | 6 monthly | +|# > £5000 | Quarterly | ## Next steps diff --git a/source/accounts/closing_trial_accounts.html.md b/source/accounts/closing_trial_accounts.html.md index 6481f0d6..fe2b8ee2 100644 --- a/source/accounts/closing_trial_accounts.html.md +++ b/source/accounts/closing_trial_accounts.html.md @@ -16,12 +16,12 @@ A closed account: | Sequence | Title | Description | Max time | |:---|:---|:---|:---| -|1|New tenant|A new tenant that does not have a PaaS account yet|Indefinitely| -|2|Trial|A tenant with a 90 day trial account with the ability to deploy apps and provision small backing services|90 days| -|3|Billable|A full tenant with a billing arrangement that is being recharged for the resource consumed|Indefinitely| -|4|Suspended|The org is suspended and the tenant will not be able to perform any operations on apps or services.

Users will be able to use the apps. Tenants will be able to log in to Cloud Foundry.|30 days| -|5|Halted|The apps are stopped and users will receive '404' error messages from the platform.

The data is preserved and the account will still run up bills for the databases|30 days| -|6|Removed|The application instances and services are deleted by an operator.

Users will see no difference compared to a halted/stopped app, but the tenant will have to re-push the app and re-create any backing services to restore their apps.

At this point the account cannot incur any billable events and the bill goes to zero.

All app, services and data are unavailable.|Indefinitely| +|# 1|New tenant|A new tenant that does not have a PaaS account yet|Indefinitely| +|# 2|Trial|A tenant with a 90 day trial account with the ability to deploy apps and provision small backing services|90 days| +|# 3 Billable|A full tenant with a billing arrangement that is being recharged for the resource consumed|Indefinitely| +|# 4|Suspended|The org is suspended and the tenant will not be able to perform any operations on apps or services.

Users will be able to use the apps. Tenants will be able to log in to Cloud Foundry.|30 days| +|# 5|Halted|The apps are stopped and users will receive '404' error messages from the platform.

The data is preserved and the account will still run up bills for the databases|30 days| +|# 6|Removed|The application instances and services are deleted by an operator.

Users will see no difference compared to a halted/stopped app, but the tenant will have to re-push the app and re-create any backing services to restore their apps.

At this point the account cannot incur any billable events and the bill goes to zero.

All app, services and data are unavailable.|Indefinitely| ![BAU trial account expiry process](/diagrams/BAU-trial-account-expiry-process-map.svg) diff --git a/source/architecture_decision_records/ADR004-domain-naming-scheme.html.md b/source/architecture_decision_records/ADR004-domain-naming-scheme.html.md index 7df19bc5..311bd10c 100644 --- a/source/architecture_decision_records/ADR004-domain-naming-scheme.html.md +++ b/source/architecture_decision_records/ADR004-domain-naming-scheme.html.md @@ -38,34 +38,34 @@ It is important to note that live services will 'Bring Your Own' domain, apps av ### Development Domains Purpose | URL | ------------ | ------------- -Deployer Concourse | deployer.foo.dev.cloudpipeline.digital -Cloud Foundry API | api.foo.dev.cloudpipeline.digital -Cloud Foundry User Account and Authentication | uaa.foo.dev.cloudpipeline.digital -Applications | bar.foo.dev.cloudpipelineapps.digital +# Deployer Concourse | deployer.foo.dev.cloudpipeline.digital +# Cloud Foundry API | api.foo.dev.cloudpipeline.digital +# Cloud Foundry User Account and Authentication | uaa.foo.dev.cloudpipeline.digital +# Applications | bar.foo.dev.cloudpipelineapps.digital ### Continuous Integration (CI) Domains Purpose | URL | ------------ | ------------- -Deployer Concourse | deployer.master.ci.cloudpipeline.digital -Cloud Foundry API | api.master.ci.cloudpipeline.digital -Cloud Foundry User Account and Authentication | uaa.master.ci.cloudpipeline.digital -Applications | bar.master.ci.cloudpipelineapps.digital +# Deployer Concourse | deployer.master.ci.cloudpipeline.digital +# Cloud Foundry API | api.master.ci.cloudpipeline.digital +# Cloud Foundry User Account and Authentication | uaa.master.ci.cloudpipeline.digital +# Applications | bar.master.ci.cloudpipelineapps.digital ### Staging Domains Purpose | URL | ------------ | ------------- -Deployer Concourse | deployer.london.staging.cloudpipeline.digital -Cloud Foundry API | api.london.staging.cloudpipeline.digital -Cloud Foundry User Account and Authentication | uaa.london.staging.cloudpipeline.digital -Applications | bar.london.staging.cloudpipelineapps.digital +# Deployer Concourse | deployer.london.staging.cloudpipeline.digital +# Cloud Foundry API | api.london.staging.cloudpipeline.digital +# Cloud Foundry User Account and Authentication | uaa.london.staging.cloudpipeline.digital +# Applications | bar.london.staging.cloudpipelineapps.digital ### Production Domains Purpose | URL | ------------ | ------------- -Deployer Concourse | deployer.cloud.service.gov.uk -Cloud Foundry API | api.cloud.service.gov.uk -Cloud Foundry User Account and Authentication | uaa.cloud.service.gov.uk -Applications | bar.cloudapps.digital +# Deployer Concourse | deployer.cloud.service.gov.uk +# Cloud Foundry API | api.cloud.service.gov.uk +# Cloud Foundry User Account and Authentication | uaa.cloud.service.gov.uk +# Applications | bar.cloudapps.digital ## Status diff --git a/source/architecture_decision_records/ADR021-cell-capacity-assignment-2.html.md b/source/architecture_decision_records/ADR021-cell-capacity-assignment-2.html.md index 8adc0029..773f0ac3 100644 --- a/source/architecture_decision_records/ADR021-cell-capacity-assignment-2.html.md +++ b/source/architecture_decision_records/ADR021-cell-capacity-assignment-2.html.md @@ -36,10 +36,10 @@ Our objectives are: State | Expected behaviour ------|------------------- -All cells operational | Enough capacity to allow some but not all tenants to scale up to their full quota. The amount of excess capacity required should be enough to accommodate the fluctuations we can expect over a 3 day period (weekend + reaction time) -While CF being deployed | As above: enough capacity to allow some tenants to scale up to their full quota -One availability zone failed/degraded | Enough capacity to maintain steady state app usage. Not guaranteed to be able to scale apps up. -More than one AZ failed | The system is not expected to have sufficient capacity to host all running apps. +# All cells operational | Enough capacity to allow some but not all tenants to scale up to their full quota. The amount of excess capacity required should be enough to accommodate the fluctuations we can expect over a 3 day period (weekend + reaction time) +# While CF being deployed | As above: enough capacity to allow some tenants to scale up to their full quota +# One availability zone failed/degraded | Enough capacity to maintain steady state app usage. Not guaranteed to be able to scale apps up. +# More than one AZ failed | The system is not expected to have sufficient capacity to host all running apps. To achieve this we need to start basing our capacity planning on current memory occupied by processes on cells, rather than the sum of all quotas given to diff --git a/source/architecture_decision_records/ADR026-DNS-layout-for-UK-hosting.html.md b/source/architecture_decision_records/ADR026-DNS-layout-for-UK-hosting.html.md index 6c106b80..3be43e7d 100644 --- a/source/architecture_decision_records/ADR026-DNS-layout-for-UK-hosting.html.md +++ b/source/architecture_decision_records/ADR026-DNS-layout-for-UK-hosting.html.md @@ -31,15 +31,15 @@ The domain structure for the dev and CI environments won't change. For the dev e |Ireland|London| |----|------| -|_api.cloud.service.gov.uk_|_api.london.cloud.service.gov.uk_| -|_sample-app.cloudapps.digital_|_sample-app.london.cloudapps.digital_| +|# _api.cloud.service.gov.uk_|_api.london.cloud.service.gov.uk_| +|# _sample-app.cloudapps.digital_|_sample-app.london.cloudapps.digital_| #### Staging |Ireland|London| |----|------| -|_api.staging.cloudpipeline.digital_|_api.london.staging.cloudpipeline.digital_| -|_sample-app.staging.cloudpipelineapps.digital_|_sample-app.london.staging.cloudpipelineapps.digital_| +|# _api.staging.cloudpipeline.digital_|_api.london.staging.cloudpipeline.digital_| +|# _sample-app.staging.cloudpipelineapps.digital_|_sample-app.london.staging.cloudpipelineapps.digital_| ## Status diff --git a/source/architecture_decision_records/ADR036-add-new-rds-broker-plans.html.md b/source/architecture_decision_records/ADR036-add-new-rds-broker-plans.html.md index 39580969..672f9bf5 100644 --- a/source/architecture_decision_records/ADR036-add-new-rds-broker-plans.html.md +++ b/source/architecture_decision_records/ADR036-add-new-rds-broker-plans.html.md @@ -15,38 +15,38 @@ plans to everyone: | service plan | description | free or paid | |------------------------|--------------------------------------------------------------------------------------------------------------------------------|--------------| -| tiny-unencrypted-5.7 | 5GB Storage, NOT BACKED UP, Dedicated Instance. MySQL Version 5.7. DB Instance Class: db.t2.micro. | free | -| medium-ha-5.7 | 100GB Storage, Dedicated Instance, Highly Available, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.large. | paid | -| large-ha-5.7 | 512GB Storage, Dedicated Instance, Highly Available, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.2xlarge. | paid | -| xlarge-ha-5.7 | 2TB Storage, Dedicated Instance, Highly Available, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.4xlarge. | paid | -| small-ha-5.7 | 20GB Storage, Dedicated Instance, Highly Available. Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.t2.small. | paid | -| small-5.7 | 20GB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.t2.small. | paid | -| medium-5.7 | 100GB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.large. | paid | -| large-5.7 | 512GB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.2xlarge. | paid | -| xlarge-5.7 | 2TB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.4xlarge. | paid | +|# tiny-unencrypted-5.7 | 5GB Storage, NOT BACKED UP, Dedicated Instance. MySQL Version 5.7. DB Instance Class: db.t2.micro. | free | +|# medium-ha-5.7 | 100GB Storage, Dedicated Instance, Highly Available, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.large. | paid | +|# large-ha-5.7 | 512GB Storage, Dedicated Instance, Highly Available, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.2xlarge. | paid | +|# xlarge-ha-5.7 | 2TB Storage, Dedicated Instance, Highly Available, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.4xlarge. | paid | +|# small-ha-5.7 | 20GB Storage, Dedicated Instance, Highly Available. Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.t2.small. | paid | +|# small-5.7 | 20GB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.t2.small. | paid | +|# medium-5.7 | 100GB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.large. | paid | +|# large-5.7 | 512GB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.2xlarge. | paid | +|# xlarge-5.7 | 2TB Storage, Dedicated Instance, Storage Encrypted. MySQL Version 5.7. DB Instance Class: db.m4.4xlarge. | paid | #### Postgres | service plan | description | free or paid | |------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------| -| tiny-unencrypted-9.5 | 5GB Storage, NOT BACKED UP, Dedicated Instance, Max 50 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.t2.micro. | free | -| medium-ha-9.5 | 100GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.large. | paid | -| large-ha-9.5 | 512GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.2xlarge. | paid | -| xlarge-ha-9.5 | 2TB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.4xlarge. | paid | -| small-ha-9.5 | 20GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.t2.small. | paid | -| small-9.5 | 20GB Storage, Dedicated Instance, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.t2.small. | paid | -| medium-9.5 | 100GB Storage, Dedicated Instance, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.large. | paid | -| large-9.5 | 512GB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.2xlarge. | paid | -| xlarge-9.5 | 2TB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.4xlarge. | paid | -| tiny-unencrypted-10 | 5GB Storage, NOT BACKED UP, Dedicated Instance, Max 50 Concurrent Connections. Postgres Version 10. DB Instance Class: db.t2.micro. | free | -| small-10 | 20GB Storage, Dedicated Instance, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 10. DB Instance Class: db.t2.small. | paid | -| small-ha-10 | 20GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 10. DB Instance Class: db.t2.small. | paid | -| medium-10 | 100GB Storage, Dedicated Instance, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.large. | paid | -| medium-ha-10 | 100GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.large. | paid | -| large-10 | 512GB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.2xlarge. | paid | -| large-ha-10 | 512GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.2xlarge. | paid | -| xlarge-10 | 2TB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.4xlarge. | paid | -| xlarge-ha-10 | 2TB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.4xlarge. | paid | +|# tiny-unencrypted-9.5 | 5GB Storage, NOT BACKED UP, Dedicated Instance, Max 50 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.t2.micro. | free | +|# medium-ha-9.5 | 100GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.large. | paid | +|# large-ha-9.5 | 512GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.2xlarge. | paid | +|# xlarge-ha-9.5 | 2TB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.4xlarge. | paid | +|# small-ha-9.5 | 20GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.t2.small. | paid | +|# small-9.5 | 20GB Storage, Dedicated Instance, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.t2.small. | paid | +|# medium-9.5 | 100GB Storage, Dedicated Instance, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.large. | paid | +|# large-9.5 | 512GB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.2xlarge. | paid | +|# xlarge-9.5 | 2TB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 9.5. DB Instance Class: db.m4.4xlarge. | paid | +|# tiny-unencrypted-10 | 5GB Storage, NOT BACKED UP, Dedicated Instance, Max 50 Concurrent Connections. Postgres Version 10. DB Instance Class: db.t2.micro. | free | +|# small-10 | 20GB Storage, Dedicated Instance, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 10. DB Instance Class: db.t2.small. | paid | +|# small-ha-10 | 20GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 200 Concurrent Connections. Postgres Version 10. DB Instance Class: db.t2.small. | paid | +|# medium-10 | 100GB Storage, Dedicated Instance, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.large. | paid | +|# medium-ha-10 | 100GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 500 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.large. | paid | +|# large-10 | 512GB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.2xlarge. | paid | +|# large-ha-10 | 512GB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.2xlarge. | paid | +|# xlarge-10 | 2TB Storage, Dedicated Instance, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.4xlarge. | paid | +|# xlarge-ha-10 | 2TB Storage, Dedicated Instance, Highly Available, Storage Encrypted, Max 5000 Concurrent Connections. Postgres Version 10. DB Instance Class: db.m4.4xlarge. | paid | ### Current analysis @@ -64,22 +64,22 @@ At the moment, prices for postgres 10.5 Tiny, Small and Medium instances are: | plan | price / month | |-----------|---------------| -| tiny | £12.03 | -| small | £24.50 | -| small-ha | £48.98 | -| medium | £125.94 | -| medium-ha | £251.79 | +|# tiny | £12.03 | +|# small | £24.50 | +|# small-ha | £48.98 | +|# medium | £125.94 | +|# medium-ha | £251.79 | If we were to increase the disk size on small instances from the current 2G to 100G, this would cause the small plans to increase roughly as follows (based on Ireland prices): | plan | price / month | |-----------|---------------------| -| tiny | £12.03 | -| small | £34.40 (was £24.50) | -| small-ha | £67.88 (was £48.98) | -| medium | £125.94 | -| medium-ha | £251.79 | +|# tiny | £12.03 | +|# small | £34.40 (was £24.50) | +|# small-ha | £67.88 (was £48.98) | +|# medium | £125.94 | +|# medium-ha | £251.79 | We have about 100 "small" databases, of which 28 are HA and 70 are not. This means if we changed the disk on the existing plans our tenants would have to pay an extra £1,200/month (but on the flip @@ -102,15 +102,15 @@ We should play [a story to add the following new plans](https://www.pivotaltrack | service plan | summary | |-----------------------|-------------------------------------------------------------| -| tiny-unencrypted-11 | 5GB Storage, NOT BACKED UP. DB Instance Class: db.t3.micro. | -| small-11 | 100GB Storage. DB Instance Class: db.t3.small. | -| small-ha-11 | 100GB Storage. DB Instance Class: db.t3.small. | -| medium-11 | 100GB Storage. DB Instance Class: db.m5.large. | -| medium-ha-11 | 100GB Storage. DB Instance Class: db.m5.large. | -| large-11 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | -| large-ha-11 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | -| xlarge-11 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | -| xlarge-ha-11 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | +|# tiny-unencrypted-11 | 5GB Storage, NOT BACKED UP. DB Instance Class: db.t3.micro. | +|# small-11 | 100GB Storage. DB Instance Class: db.t3.small. | +|# small-ha-11 | 100GB Storage. DB Instance Class: db.t3.small. | +|# medium-11 | 100GB Storage. DB Instance Class: db.m5.large. | +|# medium-ha-11 | 100GB Storage. DB Instance Class: db.m5.large. | +|# large-11 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | +|# large-ha-11 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | +|# xlarge-11 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | +|# xlarge-ha-11 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | (note: t3 / m5 instances, small plans have 100G storage instead of 20G) @@ -120,15 +120,15 @@ We should play [a story to add the following new plans](https://www.pivotaltrack | service plan | summary | |--------------------|--------------------------------------------------| -| tiny-unencrypted-8 | 5GB Storage. DB Instance Class: db.t3.micro. | -| small-8 | 100GB Storage. DB Instance Class: db.t3.small. | -| small-ha-8 | 100GB Storage. DB Instance Class: db.t3.small. | -| medium-8 | 100GB Storage. DB Instance Class: db.m5.large. | -| medium-ha-8 | 100GB Storage. DB Instance Class: db.m5.large. | -| large-8 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | -| large-ha-8 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | -| xlarge-8 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | -| xlarge-ha-8 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | +|# tiny-unencrypted-8 | 5GB Storage. DB Instance Class: db.t3.micro. | +|# small-8 | 100GB Storage. DB Instance Class: db.t3.small. | +|# small-ha-8 | 100GB Storage. DB Instance Class: db.t3.small. | +|# medium-8 | 100GB Storage. DB Instance Class: db.m5.large. | +|# medium-ha-8 | 100GB Storage. DB Instance Class: db.m5.large. | +|# large-8 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | +|# large-ha-8 | 512GB Storage. DB Instance Class: db.m5.2xlarge. | +|# xlarge-8 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | +|# xlarge-ha-8 | 2TB Storage. DB Instance Class: db.m5.4xlarge. | (note: t3 / m5 instances, small plans have 100G storage instead of 20G) diff --git a/source/guides/Tenant_Application_Penetration_Testing.html.md b/source/guides/Tenant_Application_Penetration_Testing.html.md index 9b8055e7..3cd5b620 100644 --- a/source/guides/Tenant_Application_Penetration_Testing.html.md +++ b/source/guides/Tenant_Application_Penetration_Testing.html.md @@ -7,14 +7,14 @@ We no longer have to notify AWS of penetration testing, however it is useful for | Name | Value | |------|-------| -| source_IP | Provided by penetration tester. The IPs that the test will originate from. | -| phone_for_testing_team | Provided by penetration tester. Phone number of the testers. | -| peak_bandwidth | Provided by penetration tester. The peak amount of bandwidth the tests will consume (Gbps). | -| peak_rps | Provided by penetration tester. The peak number of requests-per-second the tests will perform. | -| StartDate | Provided by penetration tester. When will the test start? (eg. `2017-09-26T09:00:00Z` ) | -| EndDate | Provided by penetration tester. When will the test end? (eg. `2017-09-26T18:00:00Z` ) | -| can_you_stop | Provided by penetration tester. Once started, is it possible to stop the test immediately if there is an issue? | -| emergency_contact | Provided by penetration tester. Email and phone number in case issues arise. | +|# source_IP | Provided by penetration tester. The IPs that the test will originate from. | +|# phone_for_testing_team | Provided by penetration tester. Phone number of the testers. | +|# peak_bandwidth | Provided by penetration tester. The peak amount of bandwidth the tests will consume (Gbps). | +|# peak_rps | Provided by penetration tester. The peak number of requests-per-second the tests will perform. | +|# StartDate | Provided by penetration tester. When will the test start? (eg. `2017-09-26T09:00:00Z` ) | +|# EndDate | Provided by penetration tester. When will the test end? (eg. `2017-09-26T18:00:00Z` ) | +|# can_you_stop | Provided by penetration tester. Once started, is it possible to stop the test immediately if there is an issue? | +|# emergency_contact | Provided by penetration tester. Email and phone number in case issues arise. | ## Load Testing @@ -26,37 +26,37 @@ There are two methods to notify AWS: [a form which requires root account access] | Name | Value | |------|-------| -| AWS AccountId | Production account ID | -| SubmitterName | Your name | -| CompanyName | `Government Digital Service` | -| EmailAddress | Team email address | -| AdditionalEmail1 | Optional | -| AdditionalEmail2 | Optional | -| AdditionalEmail3 | Optional | -| Customer_NDA | `yes` | -| ec2_resources | [EC2 resource IDs to be tested](#find-penetration-testable-ec2-instance-ids). | -| cloudfront_ID | [CloudFront distribution IDs to be tested](#find-cloudfront-distributions). | -| api_gateway | N/A | -| rds_resources | N/A | -| elb_resources | [ELB hostnames to be tested](#find-elbs). | -| external_IPs | N/A | -| nameserver_info | N/A | -| dns_owner_notified | N/A | -| TLD_scanned | N/A | -| source_IP | Provided by tester. The IPs that the test will originate from. | -| on_prem | Provided by tester. Will the requests originate from the office of the testers? | -| third_party | Provided by tenant. Are the testers a third-party company? | -| phone_for_testing_team | Provided by tester. Phone number of the testers. | -| testing_company_NDA | Provided by tester. Has an NDA with AWS been signed by the penetration testers? | -| peak_bandwidth | Provided by tester. The peak amount of bandwidth the tests will consume (Gbps). | -| peak_rps | Provided by tester. The peak number of requests-per-second the tests will perform. | -| dns_walking_qps | N/A | -| StartDate | Provided by tester. When will the test start? (eg. `2017-09-26T09:00:00Z` ) | -| EndDate | Provided by tester. When will the test end? (eg. `2017-09-26T18:00:00Z` ) | -| testing_details | Provided by tenant. Why is the test being carried out? What is the test covering? | -| metrics_of_test | Provided by tester. What metrics are being measured in order to decide the success or failure of the test? | -| can_you_stop | Provided by tester. Once started, is it possible to stop the test immediately if there is an issue? | -| emergency_contact | Provided by tester. Email and phone number in case issues arise. | +|# AWS AccountId | Production account ID | +|# SubmitterName | Your name | +|# CompanyName | `Government Digital Service` | +|# EmailAddress | Team email address | +|# AdditionalEmail1 | Optional | +|# AdditionalEmail2 | Optional | +|# AdditionalEmail3 | Optional | +|# Customer_NDA | `yes` | +|# ec2_resources | [EC2 resource IDs to be tested](#find-penetration-testable-ec2-instance-ids). | +|# cloudfront_ID | [CloudFront distribution IDs to be tested](#find-cloudfront-distributions). | +|# api_gateway | N/A | +|# rds_resources | N/A | +|# elb_resources | [ELB hostnames to be tested](#find-elbs). | +|# external_IPs | N/A | +|# nameserver_info | N/A | +|# dns_owner_notified | N/A | +|# TLD_scanned | N/A | +|# source_IP | Provided by tester. The IPs that the test will originate from. | +|# on_prem | Provided by tester. Will the requests originate from the office of the testers? | +|# third_party | Provided by tenant. Are the testers a third-party company? | +|# phone_for_testing_team | Provided by tester. Phone number of the testers. | +|# testing_company_NDA | Provided by tester. Has an NDA with AWS been signed by the penetration testers? | +|# peak_bandwidth | Provided by tester. The peak amount of bandwidth the tests will consume (Gbps). | +|# peak_rps | Provided by tester. The peak number of requests-per-second the tests will perform. | +|# dns_walking_qps | N/A | +|# StartDate | Provided by tester. When will the test start? (eg. `2017-09-26T09:00:00Z` ) | +|# EndDate | Provided by tester. When will the test end? (eg. `2017-09-26T18:00:00Z` ) | +|# testing_details | Provided by tenant. Why is the test being carried out? What is the test covering? | +|# metrics_of_test | Provided by tester. What metrics are being measured in order to decide the success or failure of the test? | +|# can_you_stop | Provided by tester. Once started, is it possible to stop the test immediately if there is an issue? | +|# emergency_contact | Provided by tester. Email and phone number in case issues arise. | ## Find penetration testable EC2 instance IDs diff --git a/source/guides/enhancing_kibana.html.md b/source/guides/enhancing_kibana.html.md index a0d1e043..60b2a527 100644 --- a/source/guides/enhancing_kibana.html.md +++ b/source/guides/enhancing_kibana.html.md @@ -68,14 +68,14 @@ After a restart and successful entry in Kibana, it will look like that: | Key | Value | |---|---| -| nginx.agent | "ELB-HealthChecker/1.0" | -| nginx.bytes | 566 | -| nginx.clientip | 10.0.16.6 | -| nginx.httpversion | 1.1 | -| nginx.request | /info | -| nginx.response | 200 | -| nginx.response_time | 0.029 | -| nginx.timestamp | 11/May/2017:14:59:04 +0000 | -| nginx.vcap_request_id | 9ed66476-764d-486e-b52c-05280929f726 | -| nginx.verb | GET | -| nginx.x_forwarded_for | 10.0.0.116 | +|# nginx.agent | "ELB-HealthChecker/1.0" | +|# nginx.bytes | 566 | +|# nginx.clientip | 10.0.16.6 | +|# nginx.httpversion | 1.1 | +|# nginx.request | /info | +|# nginx.response | 200 | +|# nginx.response_time | 0.029 | +|# nginx.timestamp | 11/May/2017:14:59:04 +0000 | +|# nginx.vcap_request_id | 9ed66476-764d-486e-b52c-05280929f726 | +|# nginx.verb | GET | +|# nginx.x_forwarded_for | 10.0.0.116 | diff --git a/source/guides/test_alertmanager.html.md b/source/guides/test_alertmanager.html.md index 0eb2e2b9..4f7ffcf6 100644 --- a/source/guides/test_alertmanager.html.md +++ b/source/guides/test_alertmanager.html.md @@ -23,10 +23,10 @@ For example: | Env | URL | | --- | --- | -| Dev | `https://alertmanager-1.tlwr.cloudpipeline.digital` | -| Staging | `https://alertmanager-1.london.staging.cloudpipeline.digital` | -| London | `https://alertmanager-1.london.cloud.service.gov.uk` | -| Ireland | `https://alertmanager-1.cloud.service.gov.uk` | +|# Dev | `https://alertmanager-1.tlwr.cloudpipeline.digital` | +|# Staging | `https://alertmanager-1.london.staging.cloudpipeline.digital` | +|# London | `https://alertmanager-1.london.cloud.service.gov.uk` | +|# Ireland | `https://alertmanager-1.cloud.service.gov.uk` | **3.** Check you can talk to Alertmanager diff --git a/source/incident_management/support_manual.html.md b/source/incident_management/support_manual.html.md index 7e33231e..5ea78c87 100644 --- a/source/incident_management/support_manual.html.md +++ b/source/incident_management/support_manual.html.md @@ -58,10 +58,10 @@ The exceptions to this are for some categories of security breach or vulnerabili | Classification | AKA | Example | In hours| Out of hours | | --- | --- | --- | --- | --- | -| P1 | Critical Incident | | Start work & respond: 20 min

Update time: 1 hr | 40 mins | -| P2 | Major Incident || Start work & respond: 30 min

Update time: 2 hr | n/a | -| P3 | Significant | Users (tenants or end users) experiencing intermittent or degraded service due to platform issue.| Start work & respond: 2 hr

Update time: 4 hr n/a | -| P4 | Minor | Component failure that is not immediately service impacting | Start work & respond: 1 business day

Update time: 2 business days | n/a | +|# P1 | Critical Incident | | Start work & respond: 20 min

Update time: 1 hr | 40 mins | +|# P2 | Major Incident || Start work & respond: 30 min

Update time: 2 hr | n/a | +|# P3 | Significant | Users (tenants or end users) experiencing intermittent or degraded service due to platform issue.| Start work & respond: 2 hr

Update time: 4 hr n/a | +|# P4 | Minor | Component failure that is not immediately service impacting | Start work & respond: 1 business day

Update time: 2 business days | n/a | ## Support tickets diff --git a/source/support/zendesk.html.md b/source/support/zendesk.html.md index 8ea43de8..c80f5da1 100644 --- a/source/support/zendesk.html.md +++ b/source/support/zendesk.html.md @@ -32,34 +32,34 @@ We use the following tags to categorise support tickets: |Name| Tag| Description | |:---|:---|:---| -|Activity update|paas_activity_update|The tenant is providing the GOV.UK PaaS team with information about their activity, this could be load testing, penetration testing, moving the service to live| -|Backing service|paas_backing_service|The tenant has a question about backing services: mysql, postgres, redis, elasticsearch, influxdb, cdn, autoscaling| -|Bug|paas_bug|The tenant has encountered a bug, error or fault in GOV.UK PaaS that we need to fix.| -|Buildpacks|paas_buildpacks|The tenant has a question about buildpacks| -|CC|paas_cc|Non actionable items, information from upstream and others| -|Consultancy|paas_consultancy|The tenant needs advice and expertise from a member of the GOV.UK PaaS team in the form of a meeting or phone call to determine suitability, billing, pricing, roadmap| -|Deployment|paas_deployment|The tenant is having issues deploying an application to the platform| -|Feature request|paas_feature_request|The tenant needs or wants a new feature that GOV.UK PaaS does not offer| -|Incident|paas_incident_report|The tenant is reporting an incident| -|Logging/Monitoring/Alerting|paas_logging_monitoring_alerting|The tenant has a query, request or problem related to monitoring, metrics, logs | -|Misc|paas_misc|The ticket does not fit into any of the existing tags| -|Missing information|paas_missing_information |The tenant is unable to find the information they're looking for | -|Platform monitoring|paas_monitoring|Informational items that come from our platform monitoring systems (Pingdom, Cronitor, PagerDuty)| -|Org billable|paas_org_billable|The tenant has a query about billing or wants to go move to a billable plan| -|Org demise|paas_org_demise|An organisation is to be demised| -|Org quota|paas_org_quota|The tenant is requesting to increase their usage quota| -|Org trial|paas_org_trial|A prospective tenant is requesting a trial account to evaluate the use of the platform| -|Out of hours|paas_outofhours|Out of hours support| -|Action|paas_paas_action|The tenant needs the GOV.UK PaaS team to perform an action for them| -|Platform tests|paas_platform_tests|Automated messages from smoketest pipeline| -|Question|paas_question|The tenant needs more information about GOV.UK PaaS| -|Routing|paas_routing|The tenant is having issues with routing| -|Security|paas_security|The tenant has a question or problem related to security or information assurance| -|Spam|paas_spam|Unsolicited off topic tickets| -|Tenant action|paas_tenant_action|The tenant needs to perform an action for the GOV.UK PaaS team| -|Test|paas_test|test tickets generated by user testing that should be ignored| -|Troubleshooting|paas_troubleshooting|The tenant needs help to identify and resolve an issue they are experiencing| -|Upstream|paas_upstream|Actionable items that come from our upstream providers (AWS, Aiven, Cloud Foundry Foundation) leaked keys, ec2 abuse, phishing websites, deprecation notices, cve notifications from the Cloud Foundry Foundation| -|User account|paas_user_account|The tenant needs help to do something with their account. For example, resetting a password, adding or removing a user| +|# Activity update|paas_activity_update|The tenant is providing the GOV.UK PaaS team with information about their activity, this could be load testing, penetration testing, moving the service to live| +|# Backing service|paas_backing_service|The tenant has a question about backing services: mysql, postgres, redis, elasticsearch, influxdb, cdn, autoscaling| +|# Bug|paas_bug|The tenant has encountered a bug, error or fault in GOV.UK PaaS that we need to fix.| +|# Buildpacks|paas_buildpacks|The tenant has a question about buildpacks| +|# CC|paas_cc|Non actionable items, information from upstream and others| +|# Consultancy|paas_consultancy|The tenant needs advice and expertise from a member of the GOV.UK PaaS team in the form of a meeting or phone call to determine suitability, billing, pricing, roadmap| +|# Deployment|paas_deployment|The tenant is having issues deploying an application to the platform| +|# Feature request|paas_feature_request|The tenant needs or wants a new feature that GOV.UK PaaS does not offer| +|# Incident|paas_incident_report|The tenant is reporting an incident| +|# Logging/Monitoring/Alerting|paas_logging_monitoring_alerting|The tenant has a query, request or problem related to monitoring, metrics, logs | +|# Misc|paas_misc|The ticket does not fit into any of the existing tags| +|# Missing information|paas_missing_information |The tenant is unable to find the information they're looking for | +|# Platform monitoring|paas_monitoring|Informational items that come from our platform monitoring systems (Pingdom, Cronitor, PagerDuty)| +|# Org billable|paas_org_billable|The tenant has a query about billing or wants to go move to a billable plan| +|# Org demise|paas_org_demise|An organisation is to be demised| +|# Org quota|paas_org_quota|The tenant is requesting to increase their usage quota| +|# Org trial|paas_org_trial|A prospective tenant is requesting a trial account to evaluate the use of the platform| +|# Out of hours|paas_outofhours|Out of hours support| +|# Action|paas_paas_action|The tenant needs the GOV.UK PaaS team to perform an action for them| +|# Platform tests|paas_platform_tests|Automated messages from smoketest pipeline| +|# Question|paas_question|The tenant needs more information about GOV.UK PaaS| +|# Routing|paas_routing|The tenant is having issues with routing| +|# Security|paas_security|The tenant has a question or problem related to security or information assurance| +|# Spam|paas_spam|Unsolicited off topic tickets| +|# Tenant action|paas_tenant_action|The tenant needs to perform an action for the GOV.UK PaaS team| +|# Test|paas_test|test tickets generated by user testing that should be ignored| +|# Troubleshooting|paas_troubleshooting|The tenant needs help to identify and resolve an issue they are experiencing| +|# Upstream|paas_upstream|Actionable items that come from our upstream providers (AWS, Aiven, Cloud Foundry Foundation) leaked keys, ec2 abuse, phishing websites, deprecation notices, cve notifications from the Cloud Foundry Foundation| +|# User account|paas_user_account|The tenant needs help to do something with their account. For example, resetting a password, adding or removing a user|
 
diff --git a/source/team/orientation.html.md b/source/team/orientation.html.md index fcb38d30..769d4591 100644 --- a/source/team/orientation.html.md +++ b/source/team/orientation.html.md @@ -112,11 +112,11 @@ familiar with each one. What | Get started | Learn the concepts ------|-------------|------------------------ -Cloud Foundry, as a user | [Our getting started guide](https://docs.cloud.service.gov.uk) | [Considerations for application developers](http://docs.cloudfoundry.org/devguide/deploy-apps/prepare-to-deploy.html) -[Concourse](http://concourse-ci.org/), the CI server we use for deployment | [Concourse tutorials](https://github.com/starkandwayne/concourse-tutorial) | [Concepts](http://concourse-ci.org/concepts.html) -[BOSH](http://bosh.io/). It deploys Cloud Foundry and other things. | [A guide to using BOSH](http://mariash.github.io/learn-bosh/) | [What problems does BOSH solve?](http://bosh.io/docs/problems.html) -Cloud Foundry, for those managing it | | [Cloud Foundry presentation, written by the team](https://docs.google.com/presentation/d/1LkR4Y3jLBQ8uskKeLIyKtSKDoutnAvty-vSSGfVNXZU/view), an [older presentation from before the move to Diego archecture](https://docs.google.com/presentation/d/1sZH1Nn_GiYfpBtT6br_AnZn_dynLzvYizJ9aQ4Zc1Ww/view) -Terraform | The terraform [intro](https://www.terraform.io/intro/index.html) | The intro also covers key concepts. +# Cloud Foundry, as a user | [Our getting started guide](https://docs.cloud.service.gov.uk) | [Considerations for application developers](http://docs.cloudfoundry.org/devguide/deploy-apps/prepare-to-deploy.html) +# [Concourse](http://concourse-ci.org/), the CI server we use for deployment | [Concourse tutorials](https://github.com/starkandwayne/concourse-tutorial) | [Concepts](http://concourse-ci.org/concepts.html) +# [BOSH](http://bosh.io/). It deploys Cloud Foundry and other things. | [A guide to using BOSH](http://mariash.github.io/learn-bosh/) | [What problems does BOSH solve?](http://bosh.io/docs/problems.html) +# Cloud Foundry, for those managing it | | [Cloud Foundry presentation, written by the team](https://docs.google.com/presentation/d/1LkR4Y3jLBQ8uskKeLIyKtSKDoutnAvty-vSSGfVNXZU/view), an [older presentation from before the move to Diego archecture](https://docs.google.com/presentation/d/1sZH1Nn_GiYfpBtT6br_AnZn_dynLzvYizJ9aQ4Zc1Ww/view) +# Terraform | The terraform [intro](https://www.terraform.io/intro/index.html) | The intro also covers key concepts. ## Communicating with Hand Signals diff --git a/source/technical_design/prometheus.html.md b/source/technical_design/prometheus.html.md index 16706564..54f231b0 100644 --- a/source/technical_design/prometheus.html.md +++ b/source/technical_design/prometheus.html.md @@ -24,14 +24,14 @@ You can find these mailing lists [here](/team/platform_alerting/). | Ireland | UK | | ---------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | -| [prometheus-1.cloud.service.gov.uk](https://prometheus-1.cloud.service.gov.uk) | [prometheus-1.london.cloud.service.gov.uk](https://prometheus-1.london.cloud.service.gov.uk) | -| [alertmanager-1.cloud.service.gov.uk](https://alertmanager-1.cloud.service.gov.uk) | [alertmanager-1.london.cloud.service.gov.uk](https://alertmanager-1.london.cloud.service.gov.uk) | -| [grafana-1.cloud.service.gov.uk](https://grafana-1.cloud.service.gov.uk) | [grafana-1.london.cloud.service.gov.uk](https://grafana-1.london.cloud.service.gov.uk) | +|# [prometheus-1.cloud.service.gov.uk](https://prometheus-1.cloud.service.gov.uk) | [prometheus-1.london.cloud.service.gov.uk](https://prometheus-1.london.cloud.service.gov.uk) | +|# [alertmanager-1.cloud.service.gov.uk](https://alertmanager-1.cloud.service.gov.uk) | [alertmanager-1.london.cloud.service.gov.uk](https://alertmanager-1.london.cloud.service.gov.uk) | +|# [grafana-1.cloud.service.gov.uk](https://grafana-1.cloud.service.gov.uk) | [grafana-1.london.cloud.service.gov.uk](https://grafana-1.london.cloud.service.gov.uk) | ### Secondary | Ireland | UK | | ---------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | -| [prometheus-2.cloud.service.gov.uk](https://prometheus-2.cloud.service.gov.uk) | [prometheus-2.london.cloud.service.gov.uk](https://prometheus-2.london.cloud.service.gov.uk) | -| [alertmanager-2.cloud.service.gov.uk](https://alertmanager-2.cloud.service.gov.uk) | [alertmanager-2.london.cloud.service.gov.uk](https://alertmanager-2.london.cloud.service.gov.uk) | -| [grafana-2.cloud.service.gov.uk](https://grafana-2.cloud.service.gov.uk) | [grafana-2.london.cloud.service.gov.uk](https://grafana-2.london.cloud.service.gov.uk) | +|# [prometheus-2.cloud.service.gov.uk](https://prometheus-2.cloud.service.gov.uk) | [prometheus-2.london.cloud.service.gov.uk](https://prometheus-2.london.cloud.service.gov.uk) | +|# [alertmanager-2.cloud.service.gov.uk](https://alertmanager-2.cloud.service.gov.uk) | [alertmanager-2.london.cloud.service.gov.uk](https://alertmanager-2.london.cloud.service.gov.uk) | +|# [grafana-2.cloud.service.gov.uk](https://grafana-2.cloud.service.gov.uk) | [grafana-2.london.cloud.service.gov.uk](https://grafana-2.london.cloud.service.gov.uk) |