TSTN-019: Deployment of Containerized Control System Components

  • Michael Reuter

Latest Revision: 2020-12-03

Note

This document presents the infrastructure and operation of containerized component deployment for the Vera C. Rubin Observatory.

1   Introduction

Many of the control system components, but not all, have been developed for deployment via Docker containers. Initially we leveraged docker-compose as a mechanism for prototyping container deployment to host services. With the proliferation of Kubernetes (k8s) clusters around the Vera C. Rubin Observatory and the associated sites, a new style of deployment and configuration is needed. We will leverage the experience SQuaRE has gained deploying the EFD and Nublado services and use a similar system based on Helm charts and ArgoCD configuration and deployment. The following sections will discuss the two key components and then will be expanded into including operation aspects as experience on that front is gained.

2   Helm Charts

The CSC deployment starts with a Helm chart. We are currently adopting version 1.8+ of ArgoCD which works with Helm version 3. The code for the charts are kept in the Helm chart GitHub repository. The next two sections will discuss each chart in detail. For a description of the APIs used, consult the Kubernetes documentation reference. The chart sections will not go into great detail on the content of each API delivered. Each chart section will list all of the possible configuration aspects that each chart is delivering, but full use of that configuration is left to the ArgoCD Configuration section and examples will be provided there. For the CSC deployment, we will run a single container per pod on Kubernetes. The Kafka producers will follow the same pattern. The OSPL daemon instances will use a init container on the summit to handle routing aspects for the DDS communication.

2.1   Cluster Configuration Chart

This chart (cluster-config) is responsible for setting up all of the namespaces for a Kubernetes cluster by using Namespace from the Kubernetes Cluster API. Its only configuration is a list of namespaces that the cluster will use.

Table 1 Cluster Configuration Chart YAML Configuration
YAML Key Description
namespaces This holds a list of namespaces for the cluster

2.2   OSPL Configuration Chart

This chart (ospl-config) is responsible for ensuring the network interface for OpenSplice DDS communication is set to listen to the proper one on a Kubernetes cluster. The multus CNI provides the multicast interface on the Kubernetes cluster for the pods. The rest of the options deal with configuring the shared memory configuration the control system is using. The chart uses ConfigMap from the Kubernetes Config and Storage API to provide the ospl.xml file for all of the cluster’s namespaces.

Table 2 OSPL Configuration Chart YAML Configuration
YAML Key Description
namespaces This holds a list of namespaces for the cluster
networkInterface The name of the multus CNI interface
domainId This sets the domain ID for the DDS communication
shmemSize The size in bytes of the shared memory database
maxSamplesWarnAt The maximum number of samples at which the system warns of resource issues
schedulingClass The thread scheduling class that will be used by a daemon service
schedulingPriority The scheduling priority that will be used by a daemon service
monitorStackSize The stack size in bytes for the daemon service
waterMarksWhcHigh This sets the size of the high watermark. Units must be explicitly used
waterMarksWhcHighInit This sets the the initial size of the high watermark. Units must be explicitly used
waterMarksWhcAdaptive This makes the high watermark change according to system pressure
deliveryQueueMaxSamples This controls the maximum size of the delivery queue in samples
dsGracePeriod This sets the discovery time grace period. Time units must be specified
squashParticipants This controls whether one virtual (true) or all (false) domain participants as shown at discovery time
namespacePolicyAlignee This determines how the durability service manages the data that matches the namespace
domainReportEnabled This enables reporting at the Domain level
ddsi2TracingEnabled This enables tracing for the DDSI2 service
ddsi2TracingVerbosity This sets the level of information for the DDSI2 tracing
ddsi2TracingLogfile This specifies the location and name of the DDSI2 tracing log
durabilityServiceTracingEnabled This enables tracing for the Durability service
durabilityServiceTracingVerbosity This sets the level of information for the Durability tracing
durabilityServiceTracingLogfile This specifies the location and name of the Durability tracing log
durabilityServiceInitialDiscoveryPeriod This sets the time for the initial discovery period during startup. Time in seconds
durabilityServiceAlignmentComboPeriodInitial This sets the maximum amount of time (seconds) a system waits for alignment after an alignment request while the system is not operational
durabilityServiceAlignmentComboPeriodOperational This sets the maximum amount of time (seconds) a system waits for alignment after an alignment request while the system is operational

2.3   OSPL Daemon Chart

This chart (ospl-daemon) handles deploying the OSPL daemon service for the shared memory configuration. This daemon takes over the communication startup, handling and tear down from the individual CSC applications. The chart uses a DaemonSet from the Kubernetes Workload APIs since it is designed to run on every node of a Kubernetes cluster.

Table 3 OSPL Daemon Chart YAML Configuration
YAML Key Description
image This section holds the configuration of the container image
image.repository The Docker registry name of the container image
image.tag The tag of the container image
image.pullPolicy The policy to apply when pulling an image for deployment
image.nexus3 The tag name for the Nexus3 Docker repository secrets if private images need to be pulled
namespace This is the namespace in which the CSC will be placed
env This section holds a set of key, value pairs for environmental variables
useExternalConfig This sets whether to rely on the ConfigMap for OSPL configuration or the internal OSPL configuration
osplVersion This is the version of the OpenSplice library to run. It is used to set the location of the OSPL configuration file
initContainer This section sets the option use of an init container for DDS route fixing
initContainer.repository The Docker registry name of the init container image
initContainer.tag The tag of the init container image
initContainer.pullPolicy The policy to apply when pulling an image for init container deployment
shmemDir This is the path to the Kubernetes local store where the shared memory database will be written
useHostIpc This sets the use of the host inter-process communication system. Defaults to true
useHostPid This sets the use of the host process ID system. Defaults to true
resources This allows the specifications of resources (CPU, memory) requires to run the container
nodeSelector This allows the specification of using specific nodes to run the pod
affinity This specifies the scheduling constraints of the pod
tolerations This specifies the tolerations of the pod for any system taints

2.4   Kafka Producer Chart

While not a true control component, the Kafka producers are nevertheless an important part of the control system landscape. They have the capability to convert the SAL messages into Kafka messages that are then ingested into the Engineering Facilities Database (EFD). See [Fau20] for more details.

The chart consists of a single Kubernetes Workloads API: Deployment. The Deployment API allows for restarts if a particular pod dies which assists in keeping the producers up and running all the time. For each producer specified in the configuration, a deployment will be created. We will now cover the configuration options for the chart.

Table 4 Kafka Producer Chart YAML Configuration
YAML Key Description
image This section holds the configuration of the container image
image.repository The Docker registry name of the container image to use for the producers
image.tag The tag of the container image to use for the producers
image.pullPolicy The policy to apply when pulling an image for deployment
image.nexus3 The tag name for the Nexus3 Docker repository secrets if private images need to be pulled
env This section holds environment configuration for the producer container
env.lsstDdsPartitionPrefix The LSST_DDS_PARTITION_PREFIX name applied to all producer containers
env.brokerIp The URI for the Kafka broker that received the generated Kafka messages
env.brokerPort The port associated with the Kafka broker specified in brokerIp
env.registryAddr The URL for the Kafka broker associated schema registry
env.partitions The number of partitions that the producers are supporting
env.replication The number of replications available to the producers
env.waitAck The number of Kafka brokers to wait for an ack from
env.logLevel This value determines the logging level for the producers
env.extras This section holds a set of key, value pairs for environmental variables
producers This section holds the configuration of the individual producers [1]
producers.name This key gives a name to the producer deployment and can be repeated
producers.name.cscs [2] The list of CSCs that the named producer will monitor
producers.name.image This section provides optional override of the default image section
producers.name.image.repository The Docker registry container image name to use for the named producer
producers.name.image.tag The container image tag to use for the named producer
producers.name.image.pullPolicy The policy to apply when pulling an image for named producer deployment
producers.name.env This section provides optional override of the defaults env section
producers.name.env.lsstDdsPartitionPrefix The LSST_DDS_PARTITION_PREFIX name applied the named producer container
producers.name.env.partitions The number of partitions that the named producer is supporting
producers.name.env.replication The number of replications available to the named producer
producers.name.env.waitAck The number of Kafka brokers to wait for an ack from for the named producer
producers.name.env.logLevel This value determines the logging level for the named producer
producers.name.env.extras This section holds a set of key, value pairs for environmental variables for the named producer
namespace This is the namespace in which the producers will be placed
useMulticast This sets the use of the annotation the multus address binding needed for DDS communication
useExternalConfig This sets whether to rely on the ConfigMap for OSPL configuration or the internal OSPL configuration
osplVersion This is the version of the OpenSplice library to run. It is used to set the location of the OSPL configuration file
initContainer This section sets the option use of an init container for DDS route fixing
initContainer.repository The Docker registry name of the init container image
initContainer.tag The tag of the init container image
initContainer.pullPolicy The policy to apply when pulling an image for init container deployment
shmemDir This is the path to the Kubernetes local store where the shared memory database will be written
useHostIpc This sets the use of the host inter-process communication system. Defaults to true
useHostPid This sets the use of the host process ID system. Defaults to true
resources This allows the specifications of resources (CPU, memory) requires to run the container
nodeSelector This allows the specification of using specific nodes to run the pod
affinity This specifies the scheduling constraints of the pod
tolerations This specifies the tolerations of the pod for any system taints
[1]A given producer is given a name key that is used to identify that producer (e.g. auxtel).
[2]The characters >- are used after the key so that the CSCs can be specified in a list

Note

The brokerIp, brokerPort and registryAddr of the env section are not overrideable in the producers.name.env section. The nexus3 of the image section is not overrideable in the producers.name.image section. Control of those items is on a site basis. All producers at a given site will always use the same information.

2.5   CSC Chart

Instead of having charts for every CSC, we employ an approach of having one chart that handles all of the variations. The chart supports image pull secrets, volume mounts (ones requiring a storage allocation and ones pointing to a NFS server), overriding the standard container entrypoint, secret injection and a number of configurations specific to the OpenSplice/DDS system.

The chart consists of the Job Kubernetes Workflows API, ConfigMap and PersistentVolumeClaim Kubernetes Config and Storage APIs. The Job API is used to provide correct behavior when a CSC is sent to OFFLINE mode, the pod should not restart. If the CSC dies for an unknown reason, not one caught by a FAULT state transition, a new pod will be started and the CSC will then come up in its lowest control state. The old pod will remain in a failed state, but available for interrogation about the problem. The ConfigMap API is used for specifying the override of the container entrypoint. The PersistentVolumeClaim API is used for supporting volume mounts that require a storage allocation request. Next, we will turn to the chart configuration descriptions.

Table 5 CSC Chart YAML Configuration
YAML Key Description
image This section holds the configuration of the CSC container image
image.repository The Docker registry name of the container image to use for the CSC
image.tag The tag of the container image to use for the CSC
image.pullPolicy The policy to apply when pulling an image for deployment
image.nexus3 The tag name for the Nexus3 Docker repository secrets if private images need to be pulled
namespace This is the namespace in which the CSC will be placed
useMulticast This sets the use of the annotation the multus address binding needed for DDS communication
env This section holds a set of key, value pairs for environmental variables
envSecrets This section holds specifications for secret injection
envSecrets.name The label for the secret
envSecrets.secretName The name of the vault store reference. Uses the namespace attribute to construct the full name
envSecrets.secretKey The key in the vault store containing the necessary secret
entrypoint This key allows specification of a script to override the entrypoint
pvcMountpoint This section holds the information necessary to create a volume mount for the container.
pvcMountpoint.name A label identifier for the mountpoint
pvcMountpoint.path The path inside the container to mount
pvcMountpoint.accessMode [3] This sets the required access mode for the volume mount.
pvcMountpoint.ids This section contains UID and GID overrides
pvcMountpoint.ids.uid An alternative UID for mounting
pvcMountpoint.ids.gid An alternative GID for mounting
pvcMountpoint.claimSize The requested physical disk space size for the volume mount
nfsMountpoint This section holds the information necessary to create a NFS mount for the container
nfsMountpoint.name A label identified for the mountpoint
nfsMountpoint.containerPath The path for the container mountpoint
nfsMountpoint.readOnly This sets if the NFS mount is read only or read/write
nfsMountpoint.server The hostname of the NFS server
nfsMountpoint.serverPath The path exported by the NFS server
useExternalConfig This sets whether to rely on the ConfigMap for OSPL configuration or the internal OSPL configuration
osplVersion This is the version of the OpenSplice library to run. It is used to set the location of the OSPL configuration file
initContainer This section sets the option use of an init container for DDS route fixing
initContainer.repository The Docker registry name of the init container image
initContainer.tag The tag of the init container image
initContainer.pullPolicy The policy to apply when pulling an image for init container deployment
shmemDir This is the path to the Kubernetes local store where the shared memory database will be written
useHostIpc This sets the use of the host inter-process communication system. Defaults to true
useHostPid This sets the use of the host process ID system. Defaults to true
resources This allows the specifications of resources (CPU, memory) requires to run the container
nodeSelector This allows the specification of using specific nodes to run the pod
affinity This specifies the scheduling constraints of the pod
tolerations This specifies the tolerations of the pod for any system taints
[3]Definitions can be found here.

Note

The configurations that are associated with each chart do not represent the full range of component coverage. The ArgoCD Configuration handles that.

2.6   Packaging and Deploying Charts

The GitHub repository is configured to automatically package and publish charts to the chart repository using the GitHub chart releaser action. The publish happens only on branch merges to master.

3   ArgoCD Configuration

The configuration and subsequent deployment of the control components is handled by the ArgoCD system. The code for the ArgoCD configuration is kept in the ArgoCD Github repository. The deployment methodologies will be handled in forthcoming sections. ArgoCD uses the concept of an app of apps (or chart of charts). Each app requires a specific chart or charts to use in order to deploy.

Each component has its own directory within the top-level apps directory. This includes the cluster configuration, OSPL configuration, OSPL daemon, Kafka producers and the CSCs. There are a few special apps which collect the main CSC component apps into a group (further called collector apps). Those will be discussed later. Some applications have extra support included that are not present in the application chart. That extra support will be explained within the appropriate section.

The contents found within the application directories have roughly the same content.

Chart.yaml
This file specifies the name of the application with that key in the file.
requirements.yaml
This file specifies the Helm chart to use including the version.
values.yaml
This file contains base information that will apply to all site specific configuration. May not be present in all applications.

Warning

Any changes to the values.yaml will be seen by all sites at once, so give careful thought to adjustments there.

values-<site tag>.yaml
This file contains site specific information for the configuration. It may override configuration provided in the values.yaml file. The supported sites listed in the following table and not all applications will have all sites supported.
Table 6 Supported Sites
Site Tag Site Location
base-teststand La Serena Base Data Center
ncsa-teststand NCSA Test Stand
summit Cerro Pachon Control System Infrastructure
tucson-teststand Tucson Test Stand
templates
This directory may not appear in all configurations. It will contain other Kubernetes or ArgoCD APIs to support deployment.

All values*.yaml files start with the chart name the application uses as the top-level key. Further keys are specified in the same manner as the Helm chart configuration. Examples will be provided below.

3.1   Cluster Configuration

This application (cluster-config) contains a VaultSecret Vault API in the templates directory (vault-secret.yaml) that handles setting up the access credential secrets for image pulling into each defined namespace. There is another Vault API in the templates directory (namespace-secrets.yaml) that can setup extra secrets for applications to use. These templates require configuration parameters that are outside the chart level configuration.

Table 7 Cluster Configuration Extra YAML Configuration
YAML Key Description
deployEnv The site tag to use when setting up the namespace secrets
extraSecrets This section can specify a list of secrets to setup for different namespaces
extraSecrets[].name The key name in the vault store. The full name is constructed using the namespace configuration parameter as well
extraSecrets[].namespaces The list of namespaces to add the secret specification into

3.2   Collector Apps

Within the ArgoCD Github repository, there are currently four collector applications: auxtel, eas maintel and obssys. The layout for these apps is different and explained here.

Chart.yaml
This file contains the specification of a new chart that will deploy a group of CSCs.
values.yaml
This file contains configuration parameters to fill out the application deployment. The keys will be discussed below.
templates/<collector app name>.yaml
This file contains the ArgoCD Application API used to deploy the associated CSCs specified by the collector app configuration. One application is generated for each CSC listed in the configuration.

The following specifies all of the parameters that are available across the different collector apps. However, not all collector apps support all of these parameters. Consult the collector app specific templates/<collector app name>.yaml file.

Table 8 Collector Application YAML Configuration
YAML Key Description
spec This section defines elements for cluster setup and ArgoCD location
spec.destination This section defines information for the deployment destination
spec.destination.server The name of the Kubernetes resource to deploy on
spec.source This section defines the ArgoCD setup to use
spec.source.repoURL The repository housing the ArgoCD configuration
spec.source.targetRevision The branch on the ArgoCD repository to use for the configuration
env This key sets the site tag for the deployment. Must be in quotes.
cscs This key holds a list of CSCs that are associated with the app
noSim This key holds a list of CSCs that do not have a simulator capability
runAsSim This key holds a list of CSCs that are run in simulator mode at the summit
indexed This key holds a set of key-value pairs for indexed components that specify the length of the component name
indexed.<csc name> This contains the numeric value specifying the length of the <csc name> key

3.3   Apps with Special Support

This section will detail any applications that require special support that is outside the supplied chart.

3.3.1   Hexapodsim

The athexapod application requires the use of a simulated hexapod low-level controller when running in simulation mode. This simulator (hexapodsim) is accessed by a specific IP address and port. The hexapodsim app uses a Service from the Kubernetes Service APIs to setup the port. Kubernetes conjoins that with the deployed pod IP in an environment variable: HEXAPOD_SIM_SERVICE_HOST. The ATHexapod CSC code uses that variable to set the proper connection information. The hexapodsim application has its own chart that uses Deployment from the Kubernetes Workloads API. This chart contains no OSPL features since the simulator does not require it. The use of the Deployment allows the application to be brought up with the auxtel collector app, but remain up if the CSCs are taken down since those are run as Jobs.

3.3.2   Header Service

Both the aheaderservice and ccheaderservice apps require the use of an Ingress and Service Kubernetes APIs. This is only necessary while the header services apps leverage an internal web service for header file exposition. Once the header service moves to using the S3 LFA, the extra APIs will be removed.

3.4   Examples

ArgoCD level configuration files follow this general format.

chart-name:
  chart-key1: values
  chart-key2: values
  ...

If a given application uses extra APIs for deployment, those configurations will look like the following.

api-key1: values
api-key2: values
...

Refer to the appropriate Helm Chart section for chart level key descriptions. API key descriptions are in this section.

3.4.1   Cluster Configuration

The main values.yaml file looks like:

cluster-config:
  namespaces:
    - auxtel
    - eas
    - maintel
    - obssys
    - kafka-producers
    - ospl-daemon

This sets the namespaces for all sites. This configuration can be overridden on a per site basis, but it is not recommended for summit environment.

The site specific configuration files only needs to contain the deployEnv keyword. The values-ncsa-teststand.yaml is shown as an example.

deployEnv: ncsa-teststand

If you want to override the list of namespaces for a particular site, this is how it would be done for a site specific file. Also included in the example is how one would specify extra namespace secrets.

cluster-config:
  namespaces:
    - test1
    - myspace
    - home

deployEnv: tucson-teststand

extraSecrets:
  - name: key1
    namespaces:
      - test1
      - home
  - name: key2
    namespaces:
      - myspace
      - home

3.4.2   OSPL Configuration

This is the ospl-config directory within the ArgoCD repository. The all-site configuration in values.yaml looks like this.

ospl-config:
  namespaces:
    - auxtel
    - eas
    - maintel
    - obssys
    - kafka-producers
    - ospl-daemon
  networkInterface: net1
  shmemSize: 504857600
  maxSamplesWarnAt: 50000
  schedulingClass: Default
  schedulingPriority: 0
  monitorStackSize: 6000000
  waterMarksWhcHigh: 8MB
  deliveryQueueMaxSamples: 10000
  squashParticipants: true
  namespacePolicyAlignee: Lazy
  domainReportEnabled: false
  ddsi2TracingEnabled: false
  ddsi2TracingVerbosity: finer
  ddsi2TracingLogfile: stdout
  durabilityServiceTracingEnabled: false
  durabilityServiceTracingVerbosity: FINER
  durabilityServiceTracingLogfile: stdout

The list of namespaces MUST contain at least the same namespaces as cluster-config. The networkInterface is the name specified by the multus CNI and is the same for all sites that we currently deploy to. The rest of the configuration is meant for handling setup, services and features related to the shared memory configuration. If you want to adjust configuration parameters for testing without effecting other sites, a site specific configuration file can be used.

3.4.3   OSPL Daemon Configuration

The OSPL daemon configuration has a global values.yaml file that sets the namespace, OSPL log files and OSPL version for all sites. All other configuration should be handled in a site YAML configuration file. The an example configuration for the summit is shown below.

ospl-daemon:
  image:
    repository: ts-dockerhub.lsst.org/ospl-daemon
    tag: c0016
    pullPolicy: Always
    nexus3: nexus3-docker
  env:
    LSST_DDS_PARTITION_PREFIX: summit
  shmemDir: /run/ospl
  osplVersion: V6.10.5
  initContainer:
    repository: lsstit/ddsnet4u
    tag: latest
    pullPolicy: Always

3.4.4   Kafka Producer Configuration

The Kafka producer configuration has a global values.yaml file that sets the namespace, OSPL log files and OSPL version and producer CSC configuration for all sites. A snippet of the configuration is shown below.

kafka-producers:
  namespace: kafka-producers
  ...
  producers:
    auxtel:
      cscs: >-
        ATAOS
        ATDome
        ATDomeTrajectory
        ATHexapod
        ATPneumatics
        ATPtg
        ATMCS
    maintel:
      cscs: >-
        MTAOS
        Dome
        MTDomeTrajectory
        MTPtg
    ...

Each key under producers is the name for that given producer along with the list of CSCs that producer will monitor.

The Docker image and other producer configuration is handled on a site basis. Here is an example from the values-ncsa-teststand.yaml.

kafka-producers:
  image:
    repository: ts-dockerhub.lsst.org/salkafka
    tag: c0016
    pullPolicy: Always
    nexus3: nexus3-docker
  env:
    lsstDdsDomain: ncsa
    brokerIp: cp-helm-charts-cp-kafka-headless.cp-helm-charts
    brokerPort: 9092
    registryAddr: https://lsst-schema-registry-nts-efd.ncsa.illinois.edu
    partitions: 1
    replication: 3
    waitAck: 1
    logLevel: 20

The env information is specifically tailored for the NCSA teststand. The image information is applied to all producers at this site. You can override both the producers deployed, reconfigure them if necessary or add new ones to a specific site. You can also change the image information for a given producer as well. You must ensure that the different image can interact with the others already deployed without interfering with their functioning. Below is an example of doing all the above.

kafka-producers:
  image:
    repository: ts-dockerhub.lsst.org/salkafka
    tag: c0016
    pullPolicy: Always
    nexus3: nexus3-docker
  env:
    lsstDdsDomain: ncsa
    brokerIp: cp-helm-charts-cp-kafka-headless.cp-helm-charts
    brokerPort: 9092
    registryAddr: https://lsst-schema-registry-nts-efd.ncsa.illinois.edu
    partitions: 1
    replication: 3
    waitAck: 1
    logLevel: 20
    extras:
      LSST_DDS_RESPONSIVENESS_TIMEOUT: 15s
  producers:
    comcam: null
    auxtel: null
    eas:
      cscs: >-
        DSM
    latiss: null
    test:
      image:
        tag: c0016.001
    ccarchiver:
      cscs: >-
        CCArchiver
    cccamera:
      cscs: >-
        CCCamera
    ccheaderservice:
      cscs: >-
        CCHeaderService

The null is how to remove producers from the values.yaml configuration. The eas producer changes the list of CSCs from DIMM, DSM, Environment to DSM. The test producer changes the site configured image tag to something different. The ccarchiver, cccamera and ccheaderservice producers are new ones specified for this site only.

3.4.5   CSC Configuration

Most CSC configuration consists of Docker image information and environment variables that must be set as well as the namespace that the CSC should belong to. The namespace is handled in the CSC values.yaml in order to have that applied uniformly across all sites. An example of a simple configuration showing a specific namespace is shown below.

csc:
  namespace: maintel

CSCs may have other values they need to apply regardless of site. Here is an example from the mtcamhexapod application.

csc:
  namespace: maintel
  env:
    OSPL_INFOFILE: /tmp/ospl-info-mtcamhexapod.log
    OSPL_ERRORFILE: /tmp/ospl-error-mtcamhexapod.log
  osplVersion: V6.10.4

Other global environment variables can be specified in this manner. Note that variables specified in the values.yaml can still be overridden by site-specific files.

The Docker image configuration is handled on a site basis to allow independent evolution. This also applies to the LSST_DDS_PARTITION_PREFIX environment variable since those are definitely site specific. Below is an example site configuration from the mtcamhexapod for the NCSA test stand.

csc:
  image:
    repository: ts-dockerhub.lsst.org/mthexapod
    tag: c0016
    pullPolicy: Always
    nexus3: nexus3-docker
  env:
    LSST_DDS_PARTITION_PREFIX: ncsa
    RUN_ARG: --simulate 1
  shmemDir: /scratch.local/ospl

The RUN_ARG configuration sets the index for the underlying component that the container will run and puts it into simulation mode. Other site specific environment variables can be listed in the env section if they are appropriate to running the CSC container.

All containers require the use of the Nexus3 repository, identified by the use of ts-dockerhub.lsst.org in the image.repository name. The image.nexus3 key must be configured in order for secret access to occur. The value in the image.nexus3 entry is specific to the Nexus3 instance that is based in Tucson. This may be expanded to other replications in the future. The site specific configuration for the mtcamhexapod application given previously shows this information is configured.

The CSC container may need to override the command script that the container automatically runs on startup. An example of how this is accomplished is shown below.

csc:
  image:
    repository: ts-dockerhub.lsst.org/atdometrajectory
    tag: c0016
    pullPolicy: Always
  env:
    LSST_DDS_PARTITION_PREFIX: lsatmcs
  entrypoint: |
    #!/usr/bin/env bash

    source ~/miniconda3/bin/activate

    source $OSPL_HOME/release.com

    source /home/saluser/.bashrc

    run_atdometrajectory.py

The script for the entrypoint must be entered line by line with an empty line between each one in order for the script to be created with the correct execution formatting. The pipe (|) at the end of the entrypoint keyword is required to help obtain the proper formatting. Using the entrypoint key activates the use of the ConfigMap API.

If a CSC requires a physical volume to read and/or write files out to, the pvcMountpoint and nfsMountpoint keys should be used. This should be a rarely used variant, but it is supported. The persistent volume claim created by using pvcMountpoint is local to the Kubernetes cluster and by default is not persisted if the volume claim disappears. The Header Service will use this when deployed to the summit until the S3 system is available. A configuration might look like the following.

csc:
  ...
  pvcMountpoint:
  - name: www
    path: /home/saluser/www
    accessMode: ReadWriteOnce
    claimSize: 50Gi

The description of the claimSize units can be found at this page.

The nfsMountpoint key can be used to attach to a NFS export. The mtaos leverages this mechanism for reading Bulter ingested files. An example configuration taken from the mtaos summit configuration, looks like this.

csc:
  ...
  nfsMountpoint:
  - name: comcam-data
    containerPath: /readonly/lsstdata/comcam
    readOnly: true
    server: comcam-arctl01.cp.lsst.org
    serverPath: /lsstdata

3.4.6   Collector Applications

As noted earlier, these applications are collections of individual CSC apps aligned with a particular subsystem. The all-site configuration handles ArgoCD information, CSCs that are not simulators and possibly indexed CSCs. Here is how the values.yaml file for the maintel app looks.

spec:
  destination:
    server: https://kubernetes.default.svc
  source:
    repoURL: https://github.com/lsst-ts/argocd-csc
    targetRevision: HEAD

noSim:
  - mtptg
  - mtdometrajectory

The spec section is specific to ArgoCD and should not be changed unless you really understand the consequences. The exceptions to this are the repoURL and targetRevision parameters. It is possible the GitHub repository moves during the lifetime of the project, so repoURL will need to be updated if that happens. There might also be a need to testing something that is not on the master branch of the repository. To support that, change the targetRevision to the appropriate branch name. Use this sparingly, as main configuration tracking is on the master branch.

The site specific configurations handle setting up the list of CSCs to run and the environment for that site. It can also handle the need for running simulators on the summit. Below is the configuration for maintel from the values-summit.yaml configuration.

env: summit
cscs:
  - mtaos
  - mtptg
  - mtmount
  - mtdome
  - mtdometrajectory
  - ccheaderservice
runAsSim:
  - mtaos
  - mtdome
  - mtmount

The env parameter sets the value-<env>.yaml for the listed CSC apps. This will change on a per site basis. The cscs parameter is the listing of the CSC apps that the collector app will control.

The auxtel collector app follows similar configuration mechanisms but controls a different list of CSC apps as does the obssys and eas collector apps.

The eas collector app has one other variation since it handles indexed CSCs all coming from the same application. Below is a section from the values.yaml file showing how indexed components are treated.

...
indexed:
  dimm: 4
  weatherstation: 14
  dsm: 3

The key points to the application directory that will be used and the number represents the length of the key. This is necessary since there are no tools in the Helm system that allow the length determination of a string. To use the indexed components, here is the values-summit.yaml configuration for the eas app.

env: summit
cscs:
  - dimm1
  - dimm2

Using the length provided in the values.yaml file, the number at the end of the name is retrieved. This is used to set the appropriate configuration file in the application directory for the specific index. The index configuration files look like values-<app name><#>.yaml and contain index specific setup. The index=1 DIMM component configuration values-dimm1.yaml is shown below.

csc:
  env:
    RUN_ARG: 1

The index specific configuration required will vary with the different CSCs.

[Fau20]Angelo Fausti. EFD Operations. Technote, March 2020. URL: https://sqr-034.lsst.io.