Production CATRancherDatadog

DSUS Container

Summary

Principal workload container for DSUS.

Attributes

Parameter
Value

Type

Primary

Name

data-support-update-service

Image

data-support-update-service

Image Pull Policy

Always

Command

Arguments

Port

8080

Security Context

  • Allow Privilege Escalation: false

Endpoints

External-to-Cluster

This container does not have any external-to-cluster exposed endpoints.

Internal

Liveness Probe

GET /__probes/liveness

Refer to the Kubernetes Documentation for more information on probes.

Readiness Probe

GET /__probes/readiness

Refer to the Kubernetes Documentation for more information on probes.

Environment Variables

All environment variables, unless otherwise indicated, are considered required.

General Variables

NODE_ENV

When set to production, optimizes runtime performance.

Accepted Values

  • default

  • production

NODE_OPTIONS

Applies override flags to the Node runtime.

Accepted Values

  • default

  • As this container deals with very large data objects, it is recommended to set a value of --max-old-space-size=1536, which increases the default heap size of the Node runtime to accommodate larger garbage collection activities. Ideally, the numerical value (e.g. 1536) would be set to 80% of the RAM resource limit for this container.

PORT

Controls which port the embedded web server is bound to.

Accepted Values

  • 8080 default

  • Any numerical value. Should match the value of Port parameter in Attributes.

Document Database Connectivity

DOCUMENT_STORE_PLATFORM

Toggles a few Mongo client options for optimal performance based on target platform.

Accepted Values

  • mongodb default

  • aws-documentdb

DOCUMENT_STORE_CONNECTION_URI Secret

Defines the URI by which to connect to the Document Store database.

As this includes the username and password, it should be mapped appropriately.

Accepted Values

  • localhost:27017/rckms default

  • Any valid MongoDB connection URI string, without protocol prefix (e.g. do not include mongodb:// in the value)

DOCUMENT_STORE_TLS_ALLOW_INVALID_CERTIFICATES

Override native Mongo client security policy related to self-signed certificates.

Accepted Values

  • false default

  • true Underlying Mongo client will allow self-signed certificates.

DOCUMENT_STORE_TLS_ALLOW_INVALID_HOSTNAME

Override native Mongo client security policy related to certificate hostname matching.

Accepted Values

  • false default

  • true Underlying Mongo client will allow certificate hostname mismatches.

Knowledge Module Storage Bucket Connectivity

STORAGE_PROVIDER

Toggles the underlying Cloud Platform SDK libraries used for connectivity and CRUD operations on the defined cloud storage bucket.

Accepted Values

  • aws default

  • gcp

CLOUD_STORAGE_BUCKET_NAME

Defines the bucket name/connection URI for the target Knowledge Module storage bucket resource.

Accepted Values

  • A valid platform connection URI or bucket name per SDK guidance. For Google Cloud Storage buckets, omit the gs:// prefix, and leverage GKE Workload Identity for permitting read and write operations. For AWS S3 buckets, ensure that an AWS_PROFILE or Pod service account workload identity is configured properly for read and write operations.

Intra-mesh Connectivity

SERVICE_MESH_RGS_ENDPOINT

Define the Kubernetes Service endpoint for RGS interactions.

Accepted Values

  • Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path set to /generate. For example, http://rgs.prd.svc.cluster.local:80/generate would be considered an acceptable value for a service resource named rgs, in the prd namespace, with a service port of 80 and the proper path value of /generate.

MTS_RS_CDS

Define the Kubernetes Service endpoint for MTS "CDS" classified interactions.

Accepted Values

  • Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://rgs.prd.svc.cluster.local:80/mts-rs-cds would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-cds.

MTS_RS_CORE

Define the Kubernetes Service endpoint for MTS "Core" classified interactions.

Accepted Values

  • Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://mts.prd.svc.cluster.local:80/mts-rs-core would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-core.

MTS_RS_RCKMS

Define the Kubernetes Service endpoint for MTS "RCKMS" classified interactions.

Accepted Values

  • Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://rgs.prd.svc.cluster.local:80/mts-rs-rckms would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-rckms.

MTS_USERNAME

Define RCKMS CAT user username to authenticate against MTS with.

Accepted Values

  • Any RCKMS CAT username value, but typically set to admin.

MTS_PASSWORD Secret

Define RCKMS CAT user password to authenticate against MTS with.

Accepted Values

  • The password for the user specified in MTS_USERNAME.

MTS_APP

Specify which MTS "application" to authenticate against.

Accepted Values

  • CAT is the only acceptable value.

Logging Level Configuration

LOGGING_LEVEL Optional

This container is configured with Pino logging library, which gives engineers and operators more granular control over logging output in Node applications.

Accepted Values

  • debug Verbose logging. Useful for triaging.

  • info default Standard logging output.

  • warn Outputs log events classified as warnings or higher.

  • error Outputs log events classified as errors or higher.

  • fatal Only fatal, typically uncaught exceptions will be logged.

  • silent Disables all logging output.

  • trace Extremely verbose logging.

ENABLE_DB_LOGGING Optional

Controls the storage of performance metrics in the attached Document database.

Accepted Values

  • false default

  • true

Sentry Configuration

SENTRY_DSN Optional

Enables Sentry error reporting and application performance monitoring.

If no value is provided, disables Sentry functionality.

Accepted Values

  • default

  • A valid Sentry DSN URL

SENTRY_ENVIRONMENT Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

  • Any string value, preferably the name of the environment this workload is operating.

SENTRY_RELEASE Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

  • Any string value, preferably the commit short SHA1 or container tag/version.

Probes

Liveness

Describe the probe.

Parameter
Value

Mode

HTTP (GET)

Arguments

  • Path: /__/probes/liveness

  • Port: 8080 (must match container port)

Timings

  • Initial Delay of 30s

  • Period of 20s

  • Timeout of 30s

Thresholds

  • 1 Successes

  • 3 Failures

Readiness

Describe the probe.

Parameter
Value

Mode

HTTP (GET)

Arguments

  • Path: /__/probes/readiness

  • Port: 8080 (must match container port)

Timings

  • Initial Delay of 15s

  • Period of 15s

  • Timeout of 30s

Thresholds

  • 1 Successes

  • 3 Failures

Startup

Container does not utilize a startup probe.

Resources

CPU (in millicores)
RAM (in MiB)
Storage (in GiB)

500

1536

N/A

Technology Stack

A Node 14 container that hosts an Express web server for resolving HTTP routes.

Volume Mounts

This container does not mount any volumes.

Workload Identity

This container requires a Pod Service Account with the following role(s):

  • Google Cloud Storage / AWS S3 Bucket Maintainer

  • Google Cloud Storage / AWS S3 Bucket Object Creator

  • Google Cloud Storage / AWS S3 Bucket Object Editor

  • MongoDB Client / AWS DocumentDB Client

Code Owners

Name
Organization
Email
Charlie Maxwell

HLN Consulting, LLC

[email protected]

PreviousDSUSNextMTS

Last updated