This container hosts the OpenCDS application, and supporting assets necessary for performing it's principal role of determining reportability response based on authored rules.
Attributes
Parameter
Value
Type
Primary
Name
decision-support-service
Image
decision-support-service
Image Pull Policy
Always
Command
Arguments
Port
8080
Security Context
Allow Privilege Escalation: false
Endpoints
External-to-Cluster
This container does not have any external-to-cluster exposed endpoints.
Internal
Evaluate OpenCDSInput payload
POST /opencds-decision-support-service/api/resources/evaluateAtSpecifiedTime
This is the primary entrypoint for DSS, as it expects a valid OpenCDSInput payload to be provided by the RCKMS Shared Service (SS). Evaluates against Knowledge Modules classified as PRODUCTION.
Headers
Name
Type
Description
Content-Type*
String
Should always be set to application/json.
Request Body
Name
Type
Description
*
JSON
An OpenCDSInput payload.
Liveness Probe
GET /opencds-decision-support-service/_k8s-health-check
Refer to the Kubernetes Documentation for more information on probes.
{
// Response
}
{
// Response
}
Readiness Probe
GET /opencds-decision-support-service/_k8s-health-check
Refer to the Kubernetes Documentation for more information on probes.
{
// Response
}
{
// Response
}
Environment Variables
All environment variables, unless otherwise indicated, are considered required.
General Variables
JAVA_OPTS
Feature flags and default configuration overrides for the container's embedded JVM.
-Xms4g: sets the initial heap size allocation to 4GB (4096 MiB)
-Xmx6g: sets the maximum heap size allocation to 6GB (6144 MiB)
-XX:+UseG1GC: enables the usage of the G1 garbage collector.
-XX:+PrintGCDetails -XX:+PrintGCDateStamps controls verbosity of garbage collection logging output.
-Xloggc:/hln/diagnostics/garbageCollection.log path for the garbage collection logging output file.
-XX:+UseGCLogFileRotation -XX:NumberOfGCLogFiles=1 -XX:GCLogFileSize=10m enables the rotation of log files once the maximum file size of 10MB has been reached.
-DpreEvaluateTimeout=20000 sets the response timeout for communicating with the OpenCDS Update Service (OUS) to 20 seconds (20000ms).
-DpreEvaluateConnectTimeout=20000 sets the connection timeout for communicating with the OpenCDS Update Service (OUS) to 20 seconds (20000ms).
-DupdateServiceClient.baseUrl sets the fully-qualified base URL for communicating with the OpenCDS Update Service (OUS) as part of the modified DSS/OUS polling workflow.
-DcdmUpdateManager.enableAutoUpdates enables the modified DSS/OUS polling workflow for periodically fetching updated Concept Determination Modules (CDMs).
-DkmPackageUpdateManager.enableAutoUpdates enables the modified DSS/OUS polling workflow for periodically fetching updated Knowledge Modules (KMs).
-DpreEvaluateEnabled disables the pre-evaluate hook workflow for maintaining a synchronized CDM and KM state for each DSS pod.
-DcdmUpdateManager.pollingFrequency sets the polling frequency for asking OUS for updated CDM artifacts. For example, PT30M sets the interval to 30 minutes.
-DkmPackageUpdateManager.pollingFrequency sets the polling frequency for asking OUS for updated KM artifacts. For example, PT5M sets the interval to 5 minutes.
Intra-mesh Connectivity
PRE_EVALUATE_HOOK_TYPE
Used to identify which hook type to use prior to evaluating an invocation.
Accepted Values
ENTITY_IDENTIFIER is the only accepted value, and must be set explicitly.
PRE_EVALUATE_HOOK_URI
Prior to evaluating an invocation of OpenCDS, we want to validate that the in-memory Knowledge Module(s) required for processing are the latest authored version.
Accepted Values
Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path set to /updatecheck.
For example, http://ous.prd.svc.cluster.local:80/updatecheck would be considered an acceptable value for a service resource named ous, in the prd namespace, with a service port of 80 and the proper path value of /updatecheck.
OpenCDS-related Configuration
KM_THREADS
Indicates the number of CPU threads that OpenCDS can utilize for processing invocations.
Accepted Values
1default
MOUNTED_VOLUME_PATH
Define the container-relative path for Knowledge Module artifacts to be populated into.
Accepted Values
POD_UID Downward API
Accepted Value
Please refer to this Terraform Kubernetes Pod Resource stub for the desired Downward API field to set for this environment variable:
DSS will by default, deploy two OpenCDS instances; one for TEST payloads, and the other for PRODUCTION payloads. This decreases available resources for each individual instance, and should be set accordingly based on the target environment.
Accepted Values
authoringdefault Deploys both TEST and PRODUCTION instances of OpenCDS.
This value should be used for all non-production environments.
production Deploys only a PRODUCTION instance of OpenCDS.
This value should be used for all production environments.
Logging Level Configuration
DEBUG Optional
This container does not have logging level control beyond this environment variable, which toggles the output of debug log events.
The primary DSS workload container includes an optional startup probe script which passes a diagnostic payload to the embedded OpenCDS application, to verify the nominal startup of said application, and to perform a functional self-test prior to accepting real-world eCR payloads.
Parameter
Value
Mode
EXEC
Arguments
Command: .ops/probes/startup.sh
Timings
Initial Delay of 90s
Period of 10s
Timeout of 15s
Thresholds
1 Successes
10 Failures
Resources
CPU (in millicores)
RAM (in MiB)
Storage (in GiB)
1000
6144
N/A
CPU (in millicores)
RAM (in MiB)
Storage (in GiB)
2000
8192
N/A
Technology Stack
Container is built upon a Tomcat 9 base image, with the Java Runtime Engine version 8 embedded.
Volume Mounts
Name
Read-Only
Mount Point
Subpath
dss-pf
/data/dss-preflight-sync
java-diag
/hln/diagnostics
Workload Identity
Container does not require access to external-to-cluster resources.
Any natural number greater than 0. Should correlate to the , divided by one-thousand (e.g. CPU Limit of 4000m should result in a value of 4.
Should exactly match the for this container that is also bound by the DSS Preflight init container.
To uniquely identify DSS pods in the Document database, which is leveraged for maintaining synchronization of authored Knowledge Modules between the authoring and reportability environments, we use the to consistently provide a unique identifier to multiple containers.
