OUS Container

Summary

The OUS container deploys an embedded web service to fulfill requests from DSS pods.

Attributes

Parameter

Value

Type

Primary

Name

opencds-update-service

Image

opencds-update-service

Image Pull Policy

Always

Command

Arguments

Port

8080

Security Context

Allow Privilege Escalation: false

Endpoints

External-to-Cluster

This container does not have any external-to-cluster exposed endpoints.

Internal

DSS Pod Registration

PUT /dss-init

Headers

Name

Type

Description

Content-Type*

String

Must be set to application/json.

Request Body

Name

Type

Description

environment*

String

TEST or PRODUCTION DSS instance.

instanceId*

String

Pod unique identifier.

Artifact References updated successfully for CDS Instance: ${instanceId}

{
    "error": "Error encountered during reference flagging for DSS init",
    "msg": errorMessage
}

Pre-Evaluate Hook

PUT /updatecheck

Provided the Pod unique instance ID and CDM/KM entities to check updates for.

Headers

Name

Type

Description

Content-Type*

String

Must be application/json.

{
    // Response
}

{
    // Response
}

Liveness Probe

GET /__probes/liveness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Readiness Probe

GET /__probes/readiness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Environment Variables

All environment variables, unless otherwise indicated, are considered required.

General Variables

NODE_ENV

When set to production, optimizes runtime performance.

Accepted Values

default
production

PORT

Controls which port the embedded web server is bound to.

Accepted Values

8080 default

Document Database Connectivity

DOCUMENT_STORE_PLATFORM

Toggles a few Mongo client options for optimal performance based on target platform.

Accepted Values

mongodb default
aws-documentdb

DOCUMENT_STORE_CONNECTION_URI Secret

Defines the URI by which to connect to the Document Store database.

As this includes the username and password, it should be mapped appropriately.

Accepted Values

localhost:27017/rckms default
Any valid MongoDB connection URI string, without protocol prefix (e.g. do not include mongodb:// in the value)

DOCUMENT_STORE_TLS_ALLOW_INVALID_CERTIFICATES

Override native Mongo client security policy related to self-signed certificates.

Accepted Values

false default
true Underlying Mongo client will allow self-signed certificates.

DOCUMENT_STORE_TLS_ALLOW_INVALID_HOSTNAME

Override native Mongo client security policy related to certificate hostname matching.

Accepted Values

false default
true Underlying Mongo client will allow certificate hostname mismatches.

Knowledge Module Storage Bucket Connectivity

STORAGE_PROVIDER

Toggles the underlying Cloud Platform SDK libraries used for connectivity and CRUD operations on the defined cloud storage bucket.

Accepted Values

aws default
gcp

CLOUD_STORAGE_BUCKET_NAME

Defines the bucket name/connection URI for the target Knowledge Module storage bucket resource.

Accepted Values

A valid platform connection URI or bucket name per SDK guidance. For Google Cloud Storage buckets, omit the gs:// prefix, and leverage GKE Workload Identity for permitting read and write operations. For AWS S3 buckets, ensure that an AWS_PROFILE or Pod service account workload identity is configured properly for read and write operations.

READ_URI_TTL

Defines the time-to-live for the single use, read-only, signed storage bucket URL that is returned to DSS as part of the new DSS/OUS polling workflow (replaces the prior preEvaluateHook workflow for maintaining CDM/KM synchronization across DSS pods).

Accepted Values

30000 default
Any value in milliseconds.

Logging Level Configuration

LOGGING_LEVEL Optional

Accepted Values

debug Verbose logging. Useful for triaging.
info default Standard logging output.
warn Outputs log events classified as warnings or higher.
error Outputs log events classified as errors or higher.
fatal Only fatal, typically uncaught exceptions will be logged.
silent Disables all logging output.
trace Extremely verbose logging.

Sentry Configuration

SENTRY_DSN Optional

Enables Sentry error reporting and application performance monitoring.

If no value is provided, disables Sentry functionality.

Accepted Values

default
A valid Sentry DSN URL

SENTRY_ENVIRONMENT Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the name of the environment this workload is operating.

SENTRY_RELEASE Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the commit short SHA1 or container tag/version.

Probes

Liveness

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/liveness
Port: 8080 (must match container port)

Timings

Initial Delay of 15s
Period of 90s
Timeout of 5s

Thresholds

1 Successes
2 Failures

Readiness

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/readiness
Port: 8080 (must match container port)

Timings

Initial Delay of 15s
Period of 15s
Timeout of 5s

Thresholds

1 Successes
2 Failures

Startup

This container does not utilize startup probes.

Resources

CPU (in millicores)

RAM (in MiB)

Storage (in GiB)

250

1536

N/A

Technology Stack

Container uses Alpine Linux base image from the official Node repository, targeting the Node 14 LTS variant. Deploys an ExpressJS web server for routing requests.

Volume Mounts

This container does not mount any volumes.

Workload Identity

This container requires a Pod Service Account with the following role(s):

Google Cloud Storage / AWS S3 Bucket Maintainer
Google Cloud Storage / AWS S3 Bucket Object Creator
Google Cloud Storage / AWS S3 Bucket Object Editor
MongoDB Client / AWS DocumentDB Client

Code Owners

PreviousOUS NextRGS

Last updated 2 years ago

OUS Container

Summary

The OUS container deploys an embedded web service to fulfill requests from DSS pods.

Attributes

Parameter

Value

Type

Primary

Name

opencds-update-service

Image

opencds-update-service

Image Pull Policy

Always

Command

Arguments

Port

8080

Security Context

Allow Privilege Escalation: false

Endpoints

External-to-Cluster

This container does not have any external-to-cluster exposed endpoints.

Internal

DSS Pod Registration

PUT /dss-init

Headers

Name

Type

Description

Content-Type*

String

Must be set to application/json.

Request Body

Name

Type

Description

environment*

String

TEST or PRODUCTION DSS instance.

instanceId*

String

Pod unique identifier.

Artifact References updated successfully for CDS Instance: ${instanceId}

{
    "error": "Error encountered during reference flagging for DSS init",
    "msg": errorMessage
}

Pre-Evaluate Hook

PUT /updatecheck

Provided the Pod unique instance ID and CDM/KM entities to check updates for.

Headers

Name

Type

Description

Content-Type*

String

Must be application/json.

{
    // Response
}

{
    // Response
}

Liveness Probe

GET /__probes/liveness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Readiness Probe

GET /__probes/readiness

Refer to the Kubernetes Documentation for more information on probes.

{
    // Response
}

{
    // Response
}

Environment Variables

All environment variables, unless otherwise indicated, are considered required.

General Variables

NODE_ENV

When set to production, optimizes runtime performance.

Accepted Values

default
production

PORT

Controls which port the embedded web server is bound to.

Accepted Values

8080 default
Any numerical value. Should match the value of Port parameter in .

Document Database Connectivity

DOCUMENT_STORE_PLATFORM

Toggles a few Mongo client options for optimal performance based on target platform.

Accepted Values

mongodb default
aws-documentdb

DOCUMENT_STORE_CONNECTION_URI Secret

Defines the URI by which to connect to the Document Store database.

As this includes the username and password, it should be mapped appropriately.

Accepted Values

localhost:27017/rckms default
Any valid MongoDB connection URI string, without protocol prefix (e.g. do not include mongodb:// in the value)

DOCUMENT_STORE_TLS_ALLOW_INVALID_CERTIFICATES

Override native Mongo client security policy related to self-signed certificates.

Accepted Values

false default
true Underlying Mongo client will allow self-signed certificates.

DOCUMENT_STORE_TLS_ALLOW_INVALID_HOSTNAME

Override native Mongo client security policy related to certificate hostname matching.

Accepted Values

false default
true Underlying Mongo client will allow certificate hostname mismatches.

Knowledge Module Storage Bucket Connectivity

STORAGE_PROVIDER

Toggles the underlying Cloud Platform SDK libraries used for connectivity and CRUD operations on the defined cloud storage bucket.

Accepted Values

aws default
gcp

CLOUD_STORAGE_BUCKET_NAME

Defines the bucket name/connection URI for the target Knowledge Module storage bucket resource.

Accepted Values

A valid platform connection URI or bucket name per SDK guidance. For Google Cloud Storage buckets, omit the gs:// prefix, and leverage GKE Workload Identity for permitting read and write operations. For AWS S3 buckets, ensure that an AWS_PROFILE or Pod service account workload identity is configured properly for read and write operations.

READ_URI_TTL

Accepted Values

30000 default
Any value in milliseconds.

Logging Level Configuration

LOGGING_LEVEL Optional

This container is configured with , which gives engineers and operators more granular control over logging output in Node applications.

Accepted Values

debug Verbose logging. Useful for triaging.
info default Standard logging output.
warn Outputs log events classified as warnings or higher.
error Outputs log events classified as errors or higher.
fatal Only fatal, typically uncaught exceptions will be logged.
silent Disables all logging output.
trace Extremely verbose logging.

Sentry Configuration

SENTRY_DSN Optional

Enables Sentry error reporting and application performance monitoring.

If no value is provided, disables Sentry functionality.

Accepted Values

default
A valid Sentry DSN URL

SENTRY_ENVIRONMENT Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the name of the environment this workload is operating.

SENTRY_RELEASE Optional

Additional metadata to enrich errors and metrics captured by Sentry.

Accepted Values

Any string value, preferably the commit short SHA1 or container tag/version.

Probes

Liveness

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/liveness
Port: 8080 (must match container port)

Timings

Initial Delay of 15s
Period of 90s
Timeout of 5s

Thresholds

1 Successes
2 Failures

Readiness

Parameter

Value

Mode

HTTP (GET)

Arguments

Path: /__/probes/readiness
Port: 8080 (must match container port)

Timings

Initial Delay of 15s
Period of 15s
Timeout of 5s

Thresholds

1 Successes
2 Failures

Startup

This container does not utilize startup probes.

Resources

CPU (in millicores)

RAM (in MiB)

Storage (in GiB)

250

1536

N/A

Technology Stack

Container uses Alpine Linux base image from the official Node repository, targeting the Node 14 LTS variant. Deploys an ExpressJS web server for routing requests.

Volume Mounts

This container does not mount any volumes.

Workload Identity

This container requires a Pod Service Account with the following role(s):

Google Cloud Storage / AWS S3 Bucket Maintainer
Google Cloud Storage / AWS S3 Bucket Object Creator
Google Cloud Storage / AWS S3 Bucket Object Editor
MongoDB Client / AWS DocumentDB Client

Code Owners

Name

Organization

HLN Consulting, LLC

charlie@hln.com

PreviousOUS NextRGS

Last updated 2 years ago