Skip to content
GSP is a container platform and curated suite of components helping government deploy, run, observe and secure their services
Branch: master
Clone or download
philandstuff Merge pull request #284 from alphagov/allow_cloning_private_repos_ove…

Add parameters to be able to clone private repos over HTTPS
Latest commit 9c3e7a7 Jul 19, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
charts Add parameters to be able to clone private repos over HTTPS Jul 19, 2019
components Enable Istio mTLS mesh Jul 11, 2019
docs Updating the documentation to clarify how to access SSM Jul 17, 2019
hack Expose HTTPS egress safelist. Jul 16, 2019
pipelines Use destroy instead of applying an empty terraform document. Jul 17, 2019
scripts gsp-local: Use VM_DRIVER envvar for non-macOS users to set Jul 17, 2019
.editorconfig editorconfig to stop whitespace wars Jan 11, 2019
.gitignore Ignore generated files from local tests. Jul 16, 2019
Brewfile Remove aws-vault from the Brewfile because its not needed for gsp-local Jul 5, 2019
LICENSE Update ADRs to reflect current state of the world Jul 5, 2019 Update ADRs to reflect current state of the world Jul 5, 2019


GSP (GDS Supported Platform) is a Kubernetes distribution maintained by the Government Digital Service created to meet the common needs of running digital services in production.

  • Reduce onboarding/support burden by sharing a consistent base and common declarative language
  • Reduce costs to programmes by sharing infrastructure where possible
  • Minimise vendor lock-in while leveraging managed services by using non-proprietary configuration language and abstractions
  • Improve service team delivery by providing release automation and observability tooling
  • Increase service team confidence in deployments by enabling strong parity between local development and production environments
  • Avoid development bottlenecks and platform stagnation by encouraging all teams to extend and evolve the shared GSP base to meet emerging needs

GSP provides a suite of pre-configured components along with upstream Kubernetes, much like a GNU/Linux distribution provides a suite of userspace components along with the upstream Linux kernel.


  • A declarative continuous delivery workflow - merging to master triggers deployment to production
  • A container platform based on industry standard Docker and Kubernetes
  • Build and release automation powered by ConcourseCI
  • A private container registry with Docker Registry
  • Signing of docker image integrity with Docker Notary
  • Scanning of docker images for security vulnerabilities with clair
  • Monitoring and alerting with Prometheus, Alertmanager and Grafana
  • Secure git-based secrets configuration with sealed-secrets
  • Ingress management and service mesh with Istio
  • Protective monitoring provided by GDS TechOps CyberSecurity with Splunk
  • Cloud infrastructure hosted on AWS across multiple availability zones in London
  • Kubernetes control plane with AWS EKS

Non goals

GSP is not a managed service.

If you are a team looking for a fully managed platform, we recommend you evaluate GOV.UK PaaS before attempting to run and manage your own GSP instance.

The platform has been designed to complement an organisation that practices a Reliability Eningeering model that assumes there exists a small number of infrastructure and reliability focused members capable of supporting a much larger team or programme.

The figure above illustrates where we think GSP fits on a "PaaS Spectrum":

  • On the right-hand-side we have the situation where service teams all design their deployment architectures in isolation using (hopefully) cloud managed services which gives the ultimate in flexibility at the cost of poor knowledge share across the organisation and a need for dedicated infrastructure expertise.
  • On the left-hand-side we have the fully managed GOV.UK PaaS platform where a service team may not need any infrastructure expertise but at the cost of flexibility.
  • Sitting between the two is GSP which is:
    • more complex for service teams compared to PaaS, in exchange for greater flexibility over the platform itself
    • more opinionated than a bespoke architecture, in exchange for greater knowledge/code sharing between teams
    • more isolated than GOV.UK PaaS, but encourages sharing as much as possible

Getting started


Contributions encouraged!

Changes require commits signed by GDS Trusted Developers

Help and support

The platform is maintained by GDS Reliability Engineering and support for GDS service teams is provided according to the Technology & Operations Shared Responsibility Model

For help or support:

You can’t perform that action at this time.