DSUS Container

Summary

Principal workload container for DSUS.

Attributes

Parameter

Value

Type

Primary

Name

data-support-update-service

Image

data-support-update-service

Image Pull Policy

Always

Command

Arguments

Port

8080

Security Context

Allow Privilege Escalation: false

Endpoints

External-to-Cluster

This container does not have any external-to-cluster exposed endpoints.

Internal

Liveness Probe

GET /__probes/liveness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Readiness Probe

GET /__probes/readiness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Environment Variables

All environment variables, unless otherwise indicated, are considered required.

General Variables

NODE_ENV

When set to production, optimizes runtime performance.

Accepted Values

default
production

NODE_OPTIONS

Applies override flags to the Node runtime.

Accepted Values

default

PORT

Controls which port the embedded web server is bound to.

Accepted Values

8080 default

Document Database Connectivity

DOCUMENT_STORE_PLATFORM

Toggles a few Mongo client options for optimal performance based on target platform.

Accepted Values

mongodb default
aws-documentdb

DOCUMENT_STORE_CONNECTION_URI Secret

Defines the URI by which to connect to the Document Store database.

As this includes the username and password, it should be mapped appropriately.

Accepted Values

localhost:27017/rckms default
Any valid MongoDB connection URI string, without protocol prefix (e.g. do not include mongodb:// in the value)

DOCUMENT_STORE_TLS_ALLOW_INVALID_CERTIFICATES

Override native Mongo client security policy related to self-signed certificates.

Accepted Values

false default
true Underlying Mongo client will allow self-signed certificates.

DOCUMENT_STORE_TLS_ALLOW_INVALID_HOSTNAME

Override native Mongo client security policy related to certificate hostname matching.

Accepted Values

false default
true Underlying Mongo client will allow certificate hostname mismatches.

Knowledge Module Storage Bucket Connectivity

STORAGE_PROVIDER

Toggles the underlying Cloud Platform SDK libraries used for connectivity and CRUD operations on the defined cloud storage bucket.

Accepted Values

aws default
gcp

CLOUD_STORAGE_BUCKET_NAME

Defines the bucket name/connection URI for the target Knowledge Module storage bucket resource.

Accepted Values

A valid platform connection URI or bucket name per SDK guidance. For Google Cloud Storage buckets, omit the gs:// prefix, and leverage GKE Workload Identity for permitting read and write operations. For AWS S3 buckets, ensure that an AWS_PROFILE or Pod service account workload identity is configured properly for read and write operations.

Intra-mesh Connectivity

SERVICE_MESH_RGS_ENDPOINT

Define the Kubernetes Service endpoint for RGS interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path set to /generate. For example, http://rgs.prd.svc.cluster.local:80/generate would be considered an acceptable value for a service resource named rgs, in the prd namespace, with a service port of 80 and the proper path value of /generate.

MTS_RS_CDS

Define the Kubernetes Service endpoint for MTS "CDS" classified interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://rgs.prd.svc.cluster.local:80/mts-rs-cds would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-cds.

MTS_RS_CORE

Define the Kubernetes Service endpoint for MTS "Core" classified interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://mts.prd.svc.cluster.local:80/mts-rs-core would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-core.

MTS_RS_RCKMS

Define the Kubernetes Service endpoint for MTS "RCKMS" classified interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://rgs.prd.svc.cluster.local:80/mts-rs-rckms would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-rckms.

MTS_USERNAME

Define RCKMS CAT user username to authenticate against MTS with.

Accepted Values

Any RCKMS CAT username value, but typically set to admin.

MTS_PASSWORD Secret

Define RCKMS CAT user password to authenticate against MTS with.

Accepted Values

The password for the user specified in MTS_USERNAME.

MTS_APP

Specify which MTS "application" to authenticate against.

Accepted Values

CAT is the only acceptable value.

Logging Level Configuration

LOGGING_LEVEL Optional

Accepted Values

debug Verbose logging. Useful for triaging.
info default Standard logging output.
warn Outputs log events classified as warnings or higher.
error Outputs log events classified as errors or higher.
fatal Only fatal, typically uncaught exceptions will be logged.
silent Disables all logging output.
trace Extremely verbose logging.

ENABLE_DB_LOGGING Optional

Controls the storage of performance metrics in the attached Document database.

Accepted Values

false default
true

Sentry Configuration

SENTRY_DSN Optional

Enables Sentry error reporting and application performance monitoring.

If no value is provided, disables Sentry functionality.

Accepted Values

default
A valid Sentry DSN URL

SENTRY_ENVIRONMENT Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the name of the environment this workload is operating.

SENTRY_RELEASE Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the commit short SHA1 or container tag/version.

Probes

Liveness

Describe the probe.

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/liveness
Port: 8080 (must match container port)

Timings

Initial Delay of 30s
Period of 20s
Timeout of 30s

Thresholds

1 Successes
3 Failures

Readiness

Describe the probe.

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/readiness
Port: 8080 (must match container port)

Timings

Initial Delay of 15s
Period of 15s
Timeout of 30s

Thresholds

1 Successes
3 Failures

Startup

Container does not utilize a startup probe.

Resources

CPU (in millicores)

RAM (in MiB)

Storage (in GiB)

500

1536

N/A

Technology Stack

A Node 14 container that hosts an Express web server for resolving HTTP routes.

Volume Mounts

This container does not mount any volumes.

Workload Identity

This container requires a Pod Service Account with the following role(s):

Google Cloud Storage / AWS S3 Bucket Maintainer
Google Cloud Storage / AWS S3 Bucket Object Creator
Google Cloud Storage / AWS S3 Bucket Object Editor
MongoDB Client / AWS DocumentDB Client

Code Owners

PreviousDSUS NextMTS

Last updated 3 years ago

DSUS Container

Summary

Principal workload container for DSUS.

Attributes

Parameter

Value

Type

Primary

Name

data-support-update-service

Image

data-support-update-service

Image Pull Policy

Always

Command

Arguments

Port

8080

Security Context

Allow Privilege Escalation: false

Endpoints

External-to-Cluster

This container does not have any external-to-cluster exposed endpoints.

Internal

Liveness Probe

GET /__probes/liveness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Readiness Probe

GET /__probes/readiness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Environment Variables

All environment variables, unless otherwise indicated, are considered required.

General Variables

NODE_ENV

When set to production, optimizes runtime performance.

Accepted Values

default
production

NODE_OPTIONS

Applies override flags to the Node runtime.

Accepted Values

default
As this container deals with very large data objects, it is recommended to set a value of --max-old-space-size=1536, which increases the default heap size of the Node runtime to accommodate larger garbage collection activities. Ideally, the numerical value (e.g. 1536) would be set to 80% of the for this container.

PORT

Controls which port the embedded web server is bound to.

Accepted Values

8080 default
Any numerical value. Should match the value of Port parameter in .

Document Database Connectivity

DOCUMENT_STORE_PLATFORM

Toggles a few Mongo client options for optimal performance based on target platform.

Accepted Values

mongodb default
aws-documentdb

DOCUMENT_STORE_CONNECTION_URI Secret

Defines the URI by which to connect to the Document Store database.

As this includes the username and password, it should be mapped appropriately.

Accepted Values

localhost:27017/rckms default
Any valid MongoDB connection URI string, without protocol prefix (e.g. do not include mongodb:// in the value)

DOCUMENT_STORE_TLS_ALLOW_INVALID_CERTIFICATES

Override native Mongo client security policy related to self-signed certificates.

Accepted Values

false default
true Underlying Mongo client will allow self-signed certificates.

DOCUMENT_STORE_TLS_ALLOW_INVALID_HOSTNAME

Override native Mongo client security policy related to certificate hostname matching.

Accepted Values

false default
true Underlying Mongo client will allow certificate hostname mismatches.

Knowledge Module Storage Bucket Connectivity

STORAGE_PROVIDER

Toggles the underlying Cloud Platform SDK libraries used for connectivity and CRUD operations on the defined cloud storage bucket.

Accepted Values

aws default
gcp

CLOUD_STORAGE_BUCKET_NAME

Defines the bucket name/connection URI for the target Knowledge Module storage bucket resource.

Accepted Values

A valid platform connection URI or bucket name per SDK guidance. For Google Cloud Storage buckets, omit the gs:// prefix, and leverage GKE Workload Identity for permitting read and write operations. For AWS S3 buckets, ensure that an AWS_PROFILE or Pod service account workload identity is configured properly for read and write operations.

Intra-mesh Connectivity

SERVICE_MESH_RGS_ENDPOINT

Define the Kubernetes Service endpoint for RGS interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path set to /generate. For example, http://rgs.prd.svc.cluster.local:80/generate would be considered an acceptable value for a service resource named rgs, in the prd namespace, with a service port of 80 and the proper path value of /generate.

MTS_RS_CDS

Define the Kubernetes Service endpoint for MTS "CDS" classified interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://rgs.prd.svc.cluster.local:80/mts-rs-cds would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-cds.

MTS_RS_CORE

Define the Kubernetes Service endpoint for MTS "Core" classified interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://mts.prd.svc.cluster.local:80/mts-rs-core would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-core.

MTS_RS_RCKMS

Define the Kubernetes Service endpoint for MTS "RCKMS" classified interactions.

Accepted Values

Any valid URL, including protocol, hostname, port (optionally inferred by protocol), and path. For example, http://rgs.prd.svc.cluster.local:80/mts-rs-rckms would be considered an acceptable value for a service resource named mts, in the prd namespace, with a service port of 80 and a path value of mts-rs-rckms.

MTS_USERNAME

Define RCKMS CAT user username to authenticate against MTS with.

Accepted Values

Any RCKMS CAT username value, but typically set to admin.

MTS_PASSWORD Secret

Define RCKMS CAT user password to authenticate against MTS with.

Accepted Values

The password for the user specified in MTS_USERNAME.

MTS_APP

Specify which MTS "application" to authenticate against.

Accepted Values

CAT is the only acceptable value.

Logging Level Configuration

LOGGING_LEVEL Optional

This container is configured with , which gives engineers and operators more granular control over logging output in Node applications.

Accepted Values

debug Verbose logging. Useful for triaging.
info default Standard logging output.
warn Outputs log events classified as warnings or higher.
error Outputs log events classified as errors or higher.
fatal Only fatal, typically uncaught exceptions will be logged.
silent Disables all logging output.
trace Extremely verbose logging.

ENABLE_DB_LOGGING Optional

Controls the storage of performance metrics in the attached Document database.

Accepted Values

false default
true

Sentry Configuration

SENTRY_DSN Optional

Enables Sentry error reporting and application performance monitoring.

If no value is provided, disables Sentry functionality.

Accepted Values

default
A valid Sentry DSN URL

SENTRY_ENVIRONMENT Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the name of the environment this workload is operating.

SENTRY_RELEASE Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the commit short SHA1 or container tag/version.

Probes

Liveness

Describe the probe.

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/liveness
Port: 8080 (must match container port)

Timings

Initial Delay of 30s
Period of 20s
Timeout of 30s

Thresholds

1 Successes
3 Failures

Readiness

Describe the probe.

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/readiness
Port: 8080 (must match container port)

Timings

Initial Delay of 15s
Period of 15s
Timeout of 30s

Thresholds

1 Successes
3 Failures

Startup

Container does not utilize a startup probe.

Resources

CPU (in millicores)

RAM (in MiB)

Storage (in GiB)

500

1536

N/A

Technology Stack

A Node 14 container that hosts an Express web server for resolving HTTP routes.

Volume Mounts

This container does not mount any volumes.

Workload Identity

This container requires a Pod Service Account with the following role(s):

Google Cloud Storage / AWS S3 Bucket Maintainer
Google Cloud Storage / AWS S3 Bucket Object Creator
Google Cloud Storage / AWS S3 Bucket Object Editor
MongoDB Client / AWS DocumentDB Client

Code Owners

Name

Organization

HLN Consulting, LLC

charlie@hln.com

PreviousDSUS NextMTS

Last updated 3 years ago