DSS Preflight Container

Summary

Pulls Knowledge Modules artifacts from cloud storage buckets, to saturate OpenCDS per-instance in-memory database prior to accepting incoming requests for optimal performance and stability.

Attributes

Parameter

Value

Type

Init

Name

dss-preflight

Image

dss-preflight

Image Pull Policy

Always

Command

Arguments

Port

Security Context

Allow Privilege Escalation: false

Endpoints

External-to-Cluster

This container does not have any external-to-cluster exposed endpoints.

Internal

This container does not have any internal endpoints.

Environment Variables

All environment variables, unless otherwise indicated, are considered required.

POD_UID Downward API

Accepted Value

Please refer to this Terraform Kubernetes Pod Resource stub for the desired Downward API field to set for this environment variable:

env {
    name = "POD_UID"
    value_from {
        field_ref {
            field_path = "metadata.uid"
        }
    }er
}

WORKLOAD_VARIANT

Accepted Values

production removes all TEST artifacts from the volume mount.
- This value should be set in all production reportability environments.
staging removes all TEST artifacts from the volume mount.
- While the end result is the same as production, this value is reserved for potential future use cases, and should only be set in non-production reportability environments.
authoring includes all TEST and PRODUCTION artifacts from the volume mount.
- This value should be set in all authoring environments.

Knowledge Module Storage Bucket Connectivity

CLOUD_PLATFORM

Indicates which nested bash script to invoke.

Accepted Values

aws
gcp

CLOUD_PLATFORM_STORAGE_BUCKET_FOR_DSS_ARTIFACTS

Define the name of the storage bucket resource used for Knowledge Module storage.

Omit any platform-specific prefixes, e.g. s3:// or gs://.

Accepted Values

Any valid bucket name.

MOUNTED_VOLUME_PATH

Define the container-relative path for Knowledge Module artifacts to be populated into.

Accepted Values

AWS-specific Configuration

AWS_DEFAULT_REGION

Required by the AWS CLI. Sets the default region for CLI invocations.

Accepted Values

Any valid AWS region slug, e.g. us-east-1; should correspond with the region of the Knowledge Module storage bucket on AWS.

AWS_ACCESS_KEY_ID

IAM access key ID, used to programmatically authenticate against AWS resources.

Accepted Values

Any active access key associated with an IAM role or principal.

AWS_SECRET_ACCESS_KEY Secret

IAM access key secret, used to programmatically authenticate against AWS resources.

Accepted Values

Any active access key associated with an IAM role or principal.

GCP-specific Configuration

GKE_WORKLOAD_IDENTITY_ENABLED

Feature flag for GCP-specific sync script. With GKE Workload Identity enabled, we do not need to define additional environment variables related to authenticating against the Knowledge Module storage bucket.

Accepted Values

true to disable deprecated way of authenticating with Cloud Storage buckets.
An empty string or otherwise undefined value will require defining GCP_PROJECT_ID, GCP_SA_KEYFILE, and GCP_SA_NAME variables, which is no longer the preferred approach given the many benefits of using Workload Identity.

Intra-mesh Connectivity

OUS_REGISTRATION_ENDPOINT

Define the Kubernetes Service endpoint for OUS interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path set to /dss-init. For example, http://ous.prd.svc.cluster.local:80/dss-init would be considered an acceptable value for a service resource named ous, in the prd namespace, with a service port of 80 and the proper path value of /dss-init.

Probes

Liveness

This container does not utilize liveness probes.

Readiness

This container does not utilize readiness probes.

Startup

This container does not utilize startup probes.

Resources

CPU (in millicores)

RAM (in MiB)

Storage (in GiB)

250

512

N/A

Technology Stack

A simple container containing 2 bash scripts that invoke cloud-platform specific CLIs to perform read operations on cloud storage buckets.

Volume Mounts

Name

Read-Only

Mount Point

Subpath

dss-pf

/data/dss-preflight-sync

Workload Identity

Container does not require access to external-to-cluster resources.

Code Owners

PreviousDSS NextDSS Container

Last updated 3 years ago

Environment Variables

All environment variables, unless otherwise indicated, are considered required.

POD_UID Downward API

To uniquely identify DSS pods in the Document database, which is leveraged for maintaining synchronization of authored Knowledge Modules between the authoring and reportability environments, we use the to consistently provide a unique identifier to multiple containers.

Accepted Value

Please refer to this Terraform Kubernetes Pod Resource stub for the desired Downward API field to set for this environment variable:

env {
    name = "POD_UID"
    value_from {
        field_ref {
            field_path = "metadata.uid"
        }
    }er
}

WORKLOAD_VARIANT

Not all Knowledge Modules are required in all environments. This variable influences which Knowledge Modules are pulled from the attached cloud storage bucket, and are ultimately populated in the primary .

Accepted Values

production removes all TEST artifacts from the volume mount.
- This value should be set in all production reportability environments.
staging removes all TEST artifacts from the volume mount.
- While the end result is the same as production, this value is reserved for potential future use cases, and should only be set in non-production reportability environments.
authoring includes all TEST and PRODUCTION artifacts from the volume mount.
- This value should be set in all authoring environments.

Knowledge Module Storage Bucket Connectivity

CLOUD_PLATFORM

Indicates which nested bash script to invoke.

Accepted Values

aws
gcp

CLOUD_PLATFORM_STORAGE_BUCKET_FOR_DSS_ARTIFACTS

Define the name of the storage bucket resource used for Knowledge Module storage.

Omit any platform-specific prefixes, e.g. s3:// or gs://.

Accepted Values

Any valid bucket name.

MOUNTED_VOLUME_PATH

Define the container-relative path for Knowledge Module artifacts to be populated into.

Accepted Values

Should exactly match the for this container.

AWS-specific Configuration

AWS_DEFAULT_REGION

Required by the AWS CLI. Sets the default region for CLI invocations.

Refer to for more information.

Accepted Values

Any valid AWS region slug, e.g. us-east-1; should correspond with the region of the Knowledge Module storage bucket on AWS.

AWS_ACCESS_KEY_ID

IAM access key ID, used to programmatically authenticate against AWS resources.

Refer to for more information.

Accepted Values

Any active access key associated with an IAM role or principal.

AWS_SECRET_ACCESS_KEY Secret

IAM access key secret, used to programmatically authenticate against AWS resources.

Refer to for more information.

Accepted Values

Any active access key associated with an IAM role or principal.

GCP-specific Configuration

GKE_WORKLOAD_IDENTITY_ENABLED

Accepted Values

true to disable deprecated way of authenticating with Cloud Storage buckets.
An empty string or otherwise undefined value will require defining GCP_PROJECT_ID, GCP_SA_KEYFILE, and GCP_SA_NAME variables, which is no longer the preferred approach given the many benefits of using Workload Identity.

Intra-mesh Connectivity

OUS_REGISTRATION_ENDPOINT

Define the Kubernetes Service endpoint for OUS interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path set to /dss-init. For example, http://ous.prd.svc.cluster.local:80/dss-init would be considered an acceptable value for a service resource named ous, in the prd namespace, with a service port of 80 and the proper path value of /dss-init.

Summary

Attributes

Endpoints

External-to-Cluster

Internal

Environment Variables

OpenCDS-related Configuration

Accepted Value

Accepted Values

Knowledge Module Storage Bucket Connectivity

Accepted Values

Accepted Values

Accepted Values

AWS-specific Configuration

Accepted Values

Accepted Values

Accepted Values

GCP-specific Configuration

Accepted Values

Intra-mesh Connectivity

Accepted Values

Probes

Liveness

Readiness

Startup

Resources

Technology Stack

Volume Mounts

Workload Identity

Code Owners

Summary

Attributes

Endpoints

External-to-Cluster

Internal

Environment Variables

OpenCDS-related Configuration

Accepted Value

Accepted Values

Knowledge Module Storage Bucket Connectivity

Accepted Values

Accepted Values

Accepted Values

AWS-specific Configuration

Accepted Values

Accepted Values

Accepted Values

GCP-specific Configuration

Accepted Values

Intra-mesh Connectivity

Accepted Values

Probes

Liveness

Readiness

Startup

Resources

Technology Stack

Volume Mounts

Workload Identity

Code Owners