Versions Compared

Old Version 4

changes.mady.by.user Robert Andelin

Saved on

compared with

New Version 5

changes.mady.by.user Robert Andelin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space LSDEV and version 2023.2

In this section:

Table of Contents
maxLevel13

Deploying License Server in Kubernetes with a Helm Chart

Parasoft has published an official Helm chart to Docker Hub for your convenience. Full installation instructions are included in the readmeREADME there. See https://hub.docker.com/r/parasoft/lss-helm.

...

If you want to set up a custom keystore, you will need to create a configuration map for the " .keystore " and " server.xml " files. The command below creates a configuration map called "keystore-cfgmap" with file mappings for the custom " .keystore " and " server.xml" filesxml files. In this example, each file mapping is given a key: "keystore" for the .keystore file and "server-config" for the server.xml file. While giving each file mapping a key is not necessary, it is useful when you don't want the key to be the file name. 

...

Code Block
languageyml
titleparasoft-lss.yaml
apiVersion: v1
kind: Pod
metadata:
  name: lss
  namespace: parasoft-lss-namespace
  labels:
    app: LSS
spec:
  volumes:
    - name: lss-data
      nfs:
        server: NFS_SERVER_HOST
        path: /lss/
# Uncomment section below if you are setting up a custom keystore; you will also need to uncomment out the associated volumeMounts below
#    - name: keystore-cfgmap-volume
#      configMap:
#        name: keystore-cfgmap
  securityContext:
    runAsNonRoot: true
  containers:
    - name: lss-server
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop: ["ALL"]
        seccompProfile:
          type: RuntimeDefault    
      image: LSS_DOCKER_IMAGE
      imagePullPolicy: Always
      env:
        - name: PARASOFT_POD_NAME			    #REQUIRED, DO NOT CHANGE
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: PARASOFT_POD_NAMESPACE		    #REQUIRED, DO NOT CHANGE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
# To inject JVM arguments into the container, specify the "env" property as in the example below, which injects LSS_JAVA_OPTS
#        - name: LSS_JAVA_OPTS
#          value: "-Dparasoft.use.license.v2=true"
      ports:
        - containerPort: 8080
          name: "http-server"
        - containerPort: 8443
          name: "https-server"
      volumeMounts:
        - mountPath: "/usr/local/parasoft/license-server/data"
          name: lss-data
# Uncomment section below if you are setting up a custom keystore. Note that updates made to these files will not be reflected inside the container once it's been deployed; you will need to restart the container for it to contain any updates.
#        - name: keystore-cfgmap-volume
#          mountPath: "/usr/local/parasoft/license-server/app/tomcat/conf/.keystore"
#          subPath: keystore
#        - name: keystore-cfgmap-volume
#          mountPath: "/usr/local/parasoft/license-server/app/tomcat/conf/server.xml"
#          subPath: server-config
# To prevent liveness probe failures on environments with low or overly taxed RAM/CPU, we recommend increasing the timeout seconds
      livenessProbe:
        exec:
          command:
          - healthcheck.sh
        initialDelaySeconds: 120
        periodSeconds: 60
        timeoutSeconds: 30
        failureThreshold: 5
  restartPolicy: Always
  serviceAccountName: parasoft-account
  imagePullSecrets:
    - name: YOUR_SECRET
---
apiVersion: v1
kind: Service
metadata:
  name: lss
  namespace: parasoft-lss-namespace
spec:
  type: NodePort
  selector:
    app: LSS
  ports:
    - port: 8080
      name: PORT_NAME_1
      nodePort: XXXXX
    - port: 8443
      name: PORT_NAME_2
      nodePort: XXXXX
   
# SERVICE CONFIG NOTES:
# 'name' can be whatever you want
# 'nodePort' must be between 30000-32768
# 'spec.selector' must match 'metadata.labels' in pod config

...

Code Block
languageyml
titleparasoft-lss.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: lss
  namespace: parasoft-lss-namespace
  labels:
    app: LSS
spec:
  selector:
    matchLabels:
      app: LSS
  serviceName: lss-service
  replicas: 1
  template:
    metadata:
      labels:
        app: LSS
    spec:
      volumes:
      - name: lss-data
        nfs:
          server: NFS_SERVER_HOST
          path: /lss/
#        persistentVolumeClaim:
#          claimName: lss-pvc
# Uncomment section below if you are setting up a custom keystore; you will also need to uncomment out the associated volumeMounts below
#      - name: keystore-cfgmap-volume
#        configMap:
#          name: keystore-cfgmap
      securityContext:
        runAsNonRoot: true
      containers:
      - name: lss-server
        securityContext:
          allowPrivilegeEscalation: false
          capabilities:
            drop: [ "ALL" ]
          seccompProfile:
            type: RuntimeDefault
        image: LSS_DOCKER_IMAGE
        imagePullPolicy: Always
        env:
        - name: PARASOFT_POD_NAME			    #REQUIRED, DO NOT CHANGE
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: PARASOFT_POD_NAMESPACE
		    #REQUIRED, DO NOT CHANGE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
# To inject JVM arguments into the container, specify the "env" property as in the example below, which injects LSS_JAVA_OPTS
#        - name: LSS_JAVA_OPTS
#          value: "-Dparasoft.use.license.v2=true"
        ports:
        - containerPort: 8080
          name: "http-server"
        - containerPort: 8443
          name: "https-server"
        volumeMounts:
        - name: lss-data
          mountPath: "/usr/local/parasoft/license-server/data"
# Uncomment section below if you are setting up a custom keystore. Note that updates made to these files will not be reflected inside the container once it's been deployed; you will need to restart the container for it to contain any updates.
#        - name: keystore-cfgmap-volume
#          mountPath: "/usr/local/parasoft/license-server/app/tomcat/conf/.keystore"
#          subPath: keystore
#        - name: keystore-cfgmap-volume
#          mountPath: "/usr/local/parasoft/license-server/app/tomcat/conf/server.xml"
#          subPath: server-config
# To prevent liveness probe failures on environments with low or overly taxed RAM/CPU, we recommend increasing the timeout seconds
        livenessProbe:
          exec:
            command:
            - healthcheck.sh
          initialDelaySeconds: 120
          periodSeconds: 60
          timeoutSeconds: 30
          failureThreshold: 5
      restartPolicy: Always
      serviceAccountName: parasoft-account
      imagePullSecrets:
        - name: YOUR_SECRET
---
apiVersion: v1
kind: Service
metadata:
  name: lss
  namespace: parasoft-lss-namespace
spec:
  type: NodePort
  selector:
    app: LSS
  ports:
    - port: 8080
      name: PORT_NAME_1
      nodePort: XXXXX
    - port: 8443
      name: PORT_NAME_2
      nodePort: XXXXX
    
# SERVICE CONFIG NOTES:
# 'name' can be whatever you want
# 'nodePort' must be between 30000-32768
# 'spec.selector' must match 'metadata.labels' in pod config

...

Code Block
languagetext
kubectl exec <POD_NAME> -c <CONTAINER_NAME> -- printenv

Custom Truststore

Required Settings for a Stable Machine ID

As you modify either of the parasoft-lss.yaml samples shown above or craft your own yaml, be aware that the following fields need to be consistent across upgrades and redeployments in order to assure a stable machine ID:

  • metadata: name
  • metadata: namespace
  • containers: name

In addition, the following environment variables are required:

  • env: name: PARASOFT_POD_NAME
  • env: name: PARASOFT_POD_NAMESPACE

Custom Truststore

Using a custom truststore in Kubernetes environments is similar to using a custom keystore as described above. Adjust the directions for using a custom keystore as appropriate. Note that the truststore location is /usr/local/parasoft/license-server/Using a custom truststore in Kubernetes environments is similar to using a custom keystore as described above. Adjust the directions for using a custom keystore as appropriate. Note that the truststore location is /usr/local/parasoft/license-server/app/jre/lib/security/cacerts.

...

  1. Copy log4j.xml from the <INSTALL_DIR>/app/ directory to <INSTALL_DIR>/data/.

  2. Open the log4j.xml file in <INSTALL_DIR>/data/ and add the following logger in Loggers element:

    Code Block
    languagetext
    <Logger name="com.parasoft.xtest" level="ALL">
  <AppenderRef ref="CONSOLE" />
</Logger>

  3. Find commented-out section for LSS_JAVA_OPTS in the yaml file, uncomment it, then add the following as the value for LSS_JAVA_OPTS:

    Code Block
    languageyml
    -Dparasoft.cloudvm.verbose=true -Dparasoft.logging.config.file=/usr/local/parasoft/license-server/data/log4j.xml
  4. Restart the application.

  5. Additional logging will go to catalina log file (stdout).  You can run this command to get the log file to local file system (replace "lss-pod1-nfs" with your pod name and "parasoft-lss-namespace" with the namespace you used):

    Code Block
    languagetext
    kubectl logs lss-pod1-nfs -n parasoft-lss-namespace > lss-debug.log

...

This issue can occur when there is an underlying permission issue. To resolve it, try the following options:

...

  1. Verify that you have created permissions required by License Server using parasoft-permissions.yaml.
    • Note: if you are upgrading, make sure to use the parasoft-permissions.yaml for the version to which you are upgrading.
  2. Confirm that all Parasoft-required resources are using the same namespace.

...