gsp

GSP

GSP (GDS Supported Platform) is a Kubernetes distribution maintained by the Government Digital Service created to meet the common needs of running digital services in production.

• Reduce onboarding/support burden by sharing a consistent base and common declarative language
• Reduce costs to programmes by sharing infrastructure where possible
• Minimise vendor lock-in while leveraging managed services by using non-proprietary configuration language and abstractions
• Improve service team delivery by providing release automation and observability tooling
• Increase service team confidence in deployments by enabling strong parity between local development and production environments
• Avoid development bottlenecks and platform stagnation by encouraging all teams to extend and evolve the shared GSP base to meet emerging needs

GSP provides a suite of pre-configured components along with upstream Kubernetes, much like a GNU/Linux distribution provides a suite of userspace components along with the upstream Linux kernel.

Features

• A declarative continuous delivery workflow - merging to master triggers deployment to production
• A container platform based on industry standard Docker and Kubernetes
• Build and release automation powered by ConcourseCI
• A private container registry with Docker Registry
• Signing of docker image integrity with Docker Notary
• Scanning of docker images for security vulnerabilities with clair
• Monitoring and alerting with Prometheus, Alertmanager and Grafana
• Secure git-based secrets configuration with sealed-secrets
• Ingress management and service mesh with Istio
• Protective monitoring provided by GDS TechOps CyberSecurity with Splunk
• Cloud infrastructure hosted on AWS across multiple availability zones in London
• Kubernetes control plane with AWS EKS

Non goals

GSP is not a managed service.

If you are a team looking for a fully managed platform, we recommend you evaluate GOV.UK PaaS before attempting to run and manage your own GSP instance.

The platform has been designed to complement an organisation that practices a Reliability Eningeering model that assumes there exists a small number of infrastructure and reliability focused members capable of supporting a much larger team or programme.

The figure above illustrates where we think GSP fits on a "PaaS Spectrum":

• On the right-hand-side we have the situation where service teams all design their deployment architectures in isolation using (hopefully) cloud managed services which gives the ultimate in flexibility at the cost of poor knowledge share across the organisation and a need for dedicated infrastructure expertise.
• On the left-hand-side we have the fully managed GOV.UK PaaS platform where a service team may not need any infrastructure expertise but at the cost of flexibility.
• Sitting between the two is GSP which is:
  • more complex for service teams compared to PaaS, in exchange for greater flexibility over the platform itself
  • more opinionated than a bespoke architecture, in exchange for greater knowledge/code sharing between teams
  • more isolated than GOV.UK PaaS, but encourages sharing as much as possible

Getting started

• Getting started with a GDS Supported Platform cluster
• Getting started with a local GDS Supported Platform development cluster

Contributing

Contributions encouraged!

Changes require commits signed by GDS Trusted Developers

Help and support

The platform is maintained by GDS Reliability Engineering and support for GDS service teams is provided according to the Technology & Operations Shared Responsibility Model

For help or support:

• read our documentation
• raise an issue
• message the team on the Reliability Engineering Slack channel #reliability-eng