Versions Compared

Old Version 1

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version 2

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space LSDEV and version 2023.1

This section describes how to deploy License Server in Kubernetes. Topics include:

Table of Contents
maxLevel1

Overview

To deploy License Server in Kubernetes, follow the directions described below.

Note

Deploying multiple License Servers in Kubernetes is not supported with this version. Support is limited to a single instance of License Server running in a Kubernetes cluster.

Prerequisites

Prerequisites

First, create a namespace for License Server to run in:

Code Block
kubectl create namespace parasoft-lss-namespace
Warning

Once License Server has been licensed, deleting the namespace will invalidate machine-locked licenses, even if you recreate the same namespace.

NextFirst, you will need a Kubernetes cluster. After starting the cluster, create the namespace, service account , and permissions required by the License Server pod and related resources. An example of a yaml file that might be used to for this purpose is shown below.

Code Block
languageyml
titleparasoft-permissions.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: parasoft-namespace
---
# Stable access for clients to license server
kind: Service
apiVersion: v1
metadata:
  name: parasoft-service
  namespace: parasoft-namespace
spec:
  selector:
    tag: parasoft-service
  ports:
    - name: https
      port: 443
      protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: parasoft-account
  namespace: parasoft-lss-namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: parasoft-namespace-roleread
  namespace: parasoft-lss-namespace
rules:
- apiGroups:
  - "*"
  resources:
  - "*"
  verbs:
  - get
  - "*" read
  - list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: parasoft-namespaceread-bind
  namespace: parasoft-lss-namespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: parasoft-namespace-roleread
subjects:
- kind: ServiceAccount
  name: parasoft-account
  namespace: parasoft-lss-namespace

Use your yaml file to create the required namespace, service account , and permissions before creating the License Server environment:

...

You should see something similar to the output below in your console:

Code Block
languagetext
namespace/parasoft-namespace created
service/parasoft-service created
serviceaccount/parasoft-account created
role.rbac.authorization.k8s.io/parasoft-namespace-roleread created
rolebinding.rbac.authorization.k8s.io/parasoft-namespaceread-bind created
Warning
The "parasoft-namespace" namespace defined in the provided configuration is required and we recommend using the "parasoft-permissions.yaml" as it is documented. The service account used by the License Server Pod requires access to the "parasoft-namespace" namespace, therefore if you choose to create a custom permissions configuration that has different names for the resources defined in the provided permissions configuration, then a namespace with the name "parasoft-namespace" must also be 
created
. If this namespace requirement is not met, License Server will treat any license installed as invalid.
Custom Keystore
If you want to set up a custom keystore, you will need to create a configuration map for the ".keystore" and "server.xml" files. The command below creates a configuration map called "keystore-cfgmap" with file mappings for the custom ".keystore" and "server.xml" files. In this example, each file mapping is given a key: "keystore" for the .keystore file and "server-config" for the server.xml file. While giving each file mapping a key is not necessary, it is useful when you don't want the key to be the file name. 
 Code Block
languagetext
~$ kubectl create configmap keystore-cfgmap --from-file=keystore=/path/to/.keystore --from-file=server-config=/path/to/server.xml
configmap/keystore-cfgmap created
Create the License Server environment
To create the License Server environment, you will first need a yaml file that defines a secret (optional), a volume, a pod, and a service (optional). The secret is used to pull the License Server image from the repository. The pod is set up to run a License Server container configured with a volume to persist data and a liveness probe for the container health. The service makes License Server accessible via external clients by allocating ports in the node and mapping them to ports in the pod. An example yaml file called "parasoft-lss.yaml" is shown below. This example uses an NFS volume, but that is not required; use the volume type that fits your needs best.
 Code Block
languageyml
titleparasoft-lss.yaml
apiVersion: v1
kind: Pod
metadata:
  name: lss
  namespace: parasoft-lss-namespace
  labels:
    app: LSS
spec:
  volumes:
    - name: lss-data
      nfs:
        server: NFS_SERVER_HOST
        path: /lss/
# Uncomment section below if you are setting up a custom keystore; you will also need to uncomment out the associated volumeMounts below
#    - name: keystore-cfgmap-volume
#      configMap:
#        name: keystore-cfgmap
  securityContext:
    runAsNonRoot: true
  containers:
    - name: lss-server
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop: ["ALL"]
        seccompProfile:
          type: RuntimeDefault    
      image: LSS_DOCKER_IMAGE
      imagePullPolicy: Always
      env:
        - name: PARASOFT_POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: PARASOFT_POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
# To inject JVM arguments into the container, specify the "env" property as in the example below, which injects LSS_JAVA_OPTS
#     env:
#       - name: LSS_JAVA_OPTS
#          value: "-Dparasoft.use.license.v2=true"
      imagePullPolicy: Always
      ports:
        - containerPort: 8080
          name: "http-server"
        - containerPort: 8443
          name: "https-server"
      volumeMounts:
        - mountPath: "/usr/local/parasoft/license-server/data"
          name: lss-data
# Uncomment section below if you are setting up a custom keystore. Note that updates made to these files will not be reflected inside the container once it's been deployed; you will need to restart the container for it to contain any updates. 
#       
#        - name: keystore-cfgmap-volume 
#          mountPath: "/usr/local/parasoft/license-server/tomcat/conf/.keystore" 
#          subPath: keystore 
#        - name: keystore-cfgmap-volume 
#          mountPath: "/usr/local/parasoft/license-server/tomcat/conf/server.xml" 
#          subPath: server-config 
# To prevent liveness probe failures on environments with low or overly taxed RAM/CPU, we recommend increasing the timeout seconds
      livenessProbe:
        exec:
          command:
          - healthcheck.sh
        initialDelaySeconds: 120
        periodSeconds: 60
        timeoutSeconds: 30
        failureThreshold: 5
  restartPolicy: Always
  serviceAccountName: parasoft-account
  imagePullSecrets:
    - name: YOUR_SECRET
---
apiVersion: v1
kind: Service
metadata:
  name: lss
  namespace: parasoft-lss-namespace
spec:
  type: NodePort
  selector:
    app: LSS
  ports:
    - port: 8080
      name: PORT_NAME_1
      nodePort: XXXXX
    - port: 8443
      name: PORT_NAME_2
      nodePort: XXXXX
   
# SERVICE CONFIG NOTES:
# 'name' can be whatever you want
# 'nodePort' must be between 30000-32768
# 'spec.selector' must match 'metadata.labels' in pod config
...
 Code Block
languagetext
kubectl exec <POD_NAME> -c <CONTAINER_NAME> -- printenv
Custom Truststore
Using a custom truststore in Kubernetes environments is similar to using a custom keystore as described above. Adjust the directions for using a custom keystore as appropriate. Note that the truststore location is /usr/local/parasoft/license-server/jre/lib/security/cacerts.
Troubleshooting
Enabling Additional Logging
  1. Copy log4j.xml from the <INSTALL_DIR>/app/ directory to <INSTALL_DIR>/data/.
  2. Open the log4j.xml file in <INSTALL_DIR>/data/ and add the following logger in Loggers element:
     Code Block
    languagetext
    <Logger name="com.parasoft.xtest" level="ALL">
  <AppenderRef ref="CONSOLE" />
</Logger>
  3. Find commented-out section for LSS_JAVA_OPTS in the yaml file, uncomment it, then add the following as the value for LSS_JAVA_OPTS:
     Code Block
    languageyml
    -Dparasoft.cloudvm.verbose=true -Dparasoft.logging.config.file=/usr/local/parasoft/license-server/data/log4j.xml
  4. Restart the application.
  5. Additional logging will go to catalina log file (stdout).  You can run this command to get the log file to local file system (replace "lss-pod1-nfs" with your pod name and "parasoft-lss-namespace" with the namespace you used):
     Code Block
    languagetext
    kubectl logs lss-pod1-nfs -n parasoft-lss-namespace > lss-debug.log