DSS Preflight Container

To uniquely identify DSS pods in the Document database, which is leveraged for maintaining synchronization of authored Knowledge Modules between the authoring and reportability environments, we use the Kubernetes Downward API to consistently provide a unique identifier to multiple containers.

Accepted Value

Please refer to this Terraform Kubernetes Pod Resource stub for the desired Downward API field to set for this environment variable:

Not all Knowledge Modules are required in all environments. This variable influences which Knowledge Modules are pulled from the attached cloud storage bucket, and are ultimately populated in the primary DSS Container.

Accepted Values

• production removes all TEST artifacts from the volume mount.

  • This value should be set in all production reportability environments.

• staging removes all TEST artifacts from the volume mount.

  • While the end result is the same as production, this value is reserved for potential future use cases, and should only be set in non-production reportability environments.

• authoring includes all TEST and PRODUCTION artifacts from the volume mount.

  • This value should be set in all authoring environments.

Indicates which nested bash script to invoke.

Accepted Values

• aws

• gcp

Define the name of the storage bucket resource used for Knowledge Module storage.

Omit any platform-specific prefixes, e.g. s3:// or gs://.

Accepted Values

• Any valid bucket name.

Define the container-relative path for Knowledge Module artifacts to be populated into.

Accepted Values

• Should exactly match the Volume Mount for this container.

Required by the AWS CLI. Sets the default region for CLI invocations.

Refer to document on configuration via environment variables for more information.

Accepted Values

• Any valid AWS region slug, e.g. us-east-1; should correspond with the region of the Knowledge Module storage bucket on AWS.

IAM access key ID, used to programmatically authenticate against AWS resources.

Refer to document on configuration via environment variables for more information.

Accepted Values

• Any active access key associated with an IAM role or principal.

IAM access key secret, used to programmatically authenticate against AWS resources.

Refer to document on configuration via environment variables for more information.

Accepted Values

• Any active access key associated with an IAM role or principal.

Feature flag for GCP-specific sync script. With GKE Workload Identity enabled, we do not need to define additional environment variables related to authenticating against the Knowledge Module storage bucket.

Accepted Values

• true to disable deprecated way of authenticating with Cloud Storage buckets.

• An empty string or otherwise undefined value will require defining GCP_PROJECT_ID, GCP_SA_KEYFILE, and GCP_SA_NAME variables, which is no longer the preferred approach given the many benefits of using Workload Identity.

Define the Kubernetes Service endpoint for OUS interactions.

Accepted Values

• Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path set to /dss-init. For example, http://ous.prd.svc.cluster.local:80/dss-init would be considered an acceptable value for a service resource named ous, in the prd namespace, with a service port of 80 and the proper path value of /dss-init.