summaryrefslogtreecommitdiffstats
path: root/docs/sections/design-components/component-specification/docker-specification.rst
blob: 20ce340d7eb0d07ff280f62dff3b23033ea8f947 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0

.. _docker-requirements:

Component Spec Requirements
===========================

The component specification contains the following groups of
information. 

-  :any:`Metadata <metadata>`
-  :any:`Interfaces <interfaces>` including the
   associated :any:`Data Formats <data-formats>`
-  :any:`Parameters <common-specification-parameters>`
-  :any:`Auxiliary Details <docker-auxiliary-details>`
-  :any:`List of Artifacts <artifacts>`

.. _docker-auxiliary-details:

Auxiliary Details
-----------------

``auxiliary`` contains Docker specific details like health check, port
mapping, volume mapping and policy reconfiguration script details.


+--------------------------------+---------+---------------------------+
| Name                           | Type    | Description               |
+================================+=========+===========================+
| healthcheck                    | JSON    | *Required*. Health check  |
|                                | object  | definition details        |
+--------------------------------+---------+---------------------------+
| ports                          | JSON    | each array item maps a    |
|                                | array   | container port to the     |
|                                |         | host port. See example    |
|                                |         | below.                    |
+--------------------------------+---------+---------------------------+
| volume                         | JSON    | each array item contains  |
|                                | array   | a host and container      |
|                                |         | object. See example       |
|                                |         | below.                    |
+--------------------------------+---------+---------------------------+
| policy                         | JSON    | *Required*. Policy        |
|                                | array   | reconfiguration script    |
|                                |         | details                   |
+--------------------------------+---------+---------------------------+
| tls_info                       | JSON    | *Optional*. Information   |
|                                | object  | about usage of tls certif\|
|                                |         | icates                    |
+--------------------------------+---------+---------------------------+

Health Check Definition
~~~~~~~~~~~~~~~~~~~~~~~

The platform currently supports http and docker script based health checks. 

When choosing a value for interval, consider that too frequent
healthchecks will put unnecessary load on the platform. If there is a
problematic resource, then more frequent healthchecks are warranted (eg
15s or 60s), but as stability increases, so can these values, (eg
300s).

When choosing a value for timeout, consider that too small a number will
result in increasing timeout failures, and too large a number will
result in a delay in the notification of the resource problem. A
suggestion is to start with 5s and work from there.

http
^^^^

+--------------------------------+---------+---------------------------+
| Property Name                  | Type    | Description               |
+================================+=========+===========================+
| type                           | string  | *Required*. ``http``      |
+--------------------------------+---------+---------------------------+
| interval                       | string  | Interval duration in      |
|                                |         | seconds i.e. ``60s``      |
+--------------------------------+---------+---------------------------+
| timeout                        | string  | Timeout in seconds i.e.   |
|                                |         | ``5s``                    |
+--------------------------------+---------+---------------------------+
| endpoint                       | string  | *Required*. GET endpoint  |
|                                |         | provided by the component |
|                                |         | for checking health       |
+--------------------------------+---------+---------------------------+

Example:

.. code:: json

    "auxilary": {
        "healthcheck": {
            "type": "http",
            "interval": "15s",
            "timeout": "1s",
            "endpoint": "/my-health"
        }
    }

docker script example
^^^^^^^^^^^^^^^^^^^^^

+--------------------------------+---------+---------------------------+
| Property Name                  | Type    | Description               |
+================================+=========+===========================+
| type                           | string  | *Required*. ``docker``    |
+--------------------------------+---------+---------------------------+
| interval                       | string  | Interval duration in      |
|                                |         | seconds i.e. ``15s``      |
+--------------------------------+---------+---------------------------+
| timeout                        | string  | Timeout in seconds i.e.   |
|                                |         | ``1s``                    |
+--------------------------------+---------+---------------------------+
| script                         | string  | *Required*. Full path of  |
|                                |         | script that exists in the |
|                                |         | Docker container to be    |
|                                |         | executed                  |
+--------------------------------+---------+---------------------------+

During deployment, the K8S plugin maps the healthcheck defined into 
into a Kubernetes readiness probe.  

Kubernetes execs the script in the container (using the `docker exec API
 <https://docs.docker.com/engine/api/v1.29/#tag/Exec>`__ ). 
It will examine the
script result to identify whether your component is healthy. Your
component is considered healthy when the script returns ``0`` otherwise
your component is considered not healthy.

Example:

.. code:: json

    "auxilary": {
        "healthcheck": {
            "type": "docker",
            "script": "/app/resources/check_health.py",
            "timeout": "30s",
            "interval": "180s"
        }
    }

Ports
~~~~~

This method of exposing/mapping a local port to a host port is NOT
RECOMMENDED because of the possibility of port conflicts. If multiple
instances of a docker container will be running, there definitely will
be port conflicts. Use at your own risk. (The preferred way to expose a
port is to do so in the Dockerfile as described
:any:`here <dcae-cli-docker-ports>`).

.. code:: json

    "auxilary": {
        "ports": ["8080:8000"]
    }

In the example above, container port 8080 maps to host port 8000.

Volume Mapping
~~~~~~~~~~~~~~

.. code:: json

    "auxilary": {
        "volumes": [
            {
               "container": {
                   "bind": "/tmp/docker.sock",
                   "mode": "ro"
                },
                "host": {
                    "path": "/var/run/docker.sock"
                }
            }
        ]
    }

At the top-level:

+---------------+-------+-------------------------------------+
| Property Name | Type  | Description                         |
+===============+=======+=====================================+
| volumes       | array | Contains container and host objects |
+---------------+-------+-------------------------------------+

The ``container`` object contains:


+-----------------------+-----------------------+-------------------------------+
| Property Name         | Type                  | Description                   |
+=======================+=======================+===============================+
| bind                  | string                | path to the container         |
|                       |                       | volume                        |
+-----------------------+-----------------------+-------------------------------+
| mode                  | string                | ro - indicates                |
|                       |                       | read-only volume              |
+-----------------------+-----------------------+-------------------------------+
|                       |                       | w - indicates that            |
|                       |                       | the contain can write         |
|                       |                       | into the bind mount           |
+-----------------------+-----------------------+-------------------------------+

The ``host`` object contains:

+---------------+--------+-------------------------+
| Property Name | Type   | Description             |
+===============+========+=========================+
| path          | string | path to the host volume |
+---------------+--------+-------------------------+

Here’s an example of the minimal JSON that must be provided as an input:

.. code:: json

    "auxilary": {
        "volumes": [
            {
               "container": {
                   "bind": "/tmp/docker.sock"
                },
                "host": {
                    "path": "/var/run/docker.sock"
                }
            }
        ]
    }

In the example above, the container volume “/tmp/docker.sock” maps to
host volume “/var/run/docker.sock”.


Policy 
~~~~~~~

Policy changes made in the Policy UI will be provided to the Docker
component by triggering a script that is defined here.

+--------------------------------+---------+---------------------------+
| Property Name                  | Type    | Description               |
+================================+=========+===========================+
| reconfigure_type               | string  | *Required*. Current value |
|                                |         | supported is ``policy``   |
+--------------------------------+---------+---------------------------+
| script_path                    | string  | *Required*. Current value |
|                                |         | for ‘policy’              |
|                                |         | reconfigure_type must be  |
|                                |         | “/opt/app/reconfigure.sh” |
+--------------------------------+---------+---------------------------+

Example:

.. code:: json

    "auxilary": {
        "policy": {
            "reconfigure_type": "policy",
            "script_path": "/opt/app/reconfigure.sh"
        }
    }

The docker script interface is as follows: \`/opt/app/reconfigure.sh
$reconfigure_type {“updated policies”: , “application config”: }

+---------------------+--------------+----------------------------------------+
| Name                | Type         | Description                            |
+=====================+==============+========================================+
| reconfigure_type    | string       | policy                                 |
+---------------------+--------------+----------------------------------------+
| updated_policies    | json         | TBD                                    |
+---------------------+--------------+----------------------------------------+
| updated_appl_config | json         | complete generated app_config, not     |
|                     |              | fully-resolved, but ``policy-enabled`` |
|                     |              | parameters have been updated. In order |
|                     |              | to get the complete updated            |
|                     |              | app_config, the component would have   |
|                     |              | to call ``config-binding-service``.    |
+---------------------+--------------+----------------------------------------+

TLS Info
~~~~~~~~~~~~~~~~~

TLS Info is used to trigger addition of init containers that can provide main application containers with certificates
for internal and external communication.

+--------------------------------+---------+---------------------------------------------------------------------------+
| Property Name                  | Type    | Description                                                               |
+================================+=========+===========================================================================+
| cert_directory                 | string  | *Required*. Directory where certificates should be created.               |
|                                |         | i.e. ``/opt/app/dcae-certificate``                                        |
+--------------------------------+---------+---------------------------------------------------------------------------+
| use_tls                        | boolean | *Required*. A boolean that indicates whether server certificates for int\ |
|                                |         | ernal communication should be added to the main container                 |
|                                |         | i.e ``true``                                                              |
+--------------------------------+---------+---------------------------------------------------------------------------+
| use_external_tls               | boolean | *Optional*. A boolean that indicates whether the component uses AAF Cert\ |
|                                |         | Service to acquire operator certificate to protect external (between xNFs |
|                                |         | and ONAP) traffic. For a time being only operator certificate from CMPv2  |
|                                |         | server is supported.                                                      |
|                                |         | i.e ``true``                                                              |
+--------------------------------+---------+---------------------------------------------------------------------------+


Example:

.. code:: json

	"auxilary": {
		"tls_info": {
			"cert_directory": "/opt/app/dcae-certificate",
			"use_tls": true
			"use_external_tls": true,
		}
	},

Docker Component Spec - Complete Example
----------------------------------------

.. code:: json

    {
        "self": {
            "version": "1.0.0",
            "name": "yourapp.component.kpi_anomaly",
            "description": "Classifies VNF KPI data as anomalous",
            "component_type": "docker"
        },
        "streams": {
            "subscribes": [{
                "format": "dcae.vnf.kpi",
                "version": "1.0.0",
                "route": "/data",
                "type": "http"
            }],
            "publishes": [{
                "format": "yourapp.format.integerClassification",
                "version": "1.0.0",
                "config_key": "prediction",
                "type": "http"
            }]
        },
        "services": {
            "calls": [{
                "config_key": "vnf-db",
                "request": {
                    "format": "dcae.vnf.meta",
                    "version": "1.0.0"
                    },
                "response": {
                    "format": "dcae.vnf.kpi",
                    "version": "1.0.0"
                    }
            }],
            "provides": [{
                "route": "/score-vnf",
                "request": {
                    "format": "dcae.vnf.meta",
                    "version": "1.0.0"
                    },
                "response": {
                    "format": "yourapp.format.integerClassification",
                    "version": "1.0.0"
                    }
            }]
        },
        "parameters": [
            {
                "name": "threshold",
                "value": 0.75,
                "description": "Probability threshold to exceed to be anomalous"
            }
        ],
        "auxilary": {
            "healthcheck": {
                "type": "http",
                "interval": "15s",
                "timeout": "1s",
                "endpoint": "/my-health"
            }
        },
        "artifacts": [{
            "uri": "fake.nexus.att.com/dcae/kpi_anomaly:1.0.0",
            "type": "docker image"
        }]
    }