...
After creating the configuration map, you need to create the service account and required permissionscan choose to set up a secret for the server. This step is optional.
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: v1 kind: ServiceAccountSecret metadata: name: parasoftsoavirt-accountsecret namespace: parasoft-sv-namespace automountServiceAccountTokentype: true --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadataOpaque # Data must base64 encoded! data: name: parasoft-read namespace: parasoft-sv-namespace rules: - apiGroups: - "" resources: - "namespaces" - "pods" verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: parasoft-read-bind namespace: parasoft-sv-namespace roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: parasoft-read subjects: - kind: ServiceAccount name: parasoft-account namespace: parasoft-sv-namespace# Specifies username for CTP authentication #env.manager.username: [CTP Server Username] # Specifies password for CTP authentication #env.manager.password: [CTP Server Password] # Specifies username for license server authentication #license.network.user: [License Server Username] # Specifies password for license server authentication #license.network.password: [License Server Password] # Specifies username for DTP authentication #dtp.user: [DTP Server Username] # Specifies password for DTP authentication #dtp.password: [DTP Server Password] |
Use the yaml file to create the service account and required permissionssecret for the SOAVirt server:
| Code Block | ||
|---|---|---|
| ||
kubectl create -f parasoftsoavirt-permissionssecret.yaml |
You should see something similar to the output below in your console:Once you have set up the configuration map and the secret for the server, you need to create the service account and required permissions.
| Code Block | |||||
|---|---|---|---|---|---|
| serviceaccount/
| ||||
apiVersion: v1 kind: ServiceAccount metadata: name: parasoft-account namespace: parasoft-sv-namespace automountServiceAccountToken: true --- apiVersion: account created role.rbac.authorization.k8s.io/parasoft-read created rolebinding.rbac.authorization.k8s.io/v1 kind: Role metadata: name: parasoft-read-bind created |
The following creates the SOAVirt server. If a custom Persistent Volume Claim name was used in previous steps, make sure to update the 'claimName' field to match the custom name.
Note: kind: Deployment is not supported. Use either kind: Pod or kind: StatefulSet.
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: apps/v1 kind: StatefulSet namespace: parasoft-sv-namespace rules: - apiGroups: - "" resources: - "namespaces" - "pods" verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: soavirtparasoft-read-bind namespace: parasoft-sv-namespace roleRef: labels:apiGroup: rbac.authorization.k8s.io kind: Role appname: soavirtparasoft-read specsubjects: - replicaskind: 1ServiceAccount selectorname: parasoft-account matchLabelsnamespace: parasoft-sv-namespace |
Use the yaml file to create the service account and required permissions:
| Code Block | ||
|---|---|---|
| ||
kubectl create -f parasoft-permissions.yaml |
You should see something similar to the output below in your console:
| Code Block | ||
|---|---|---|
| ||
serviceaccount/parasoft-account created
role.rbac.authorization.k8s.io/parasoft-read created
rolebinding.rbac.authorization.k8s.io/parasoft-read-bind created |
The following creates the SOAVirt server. If a custom Persistent Volume Claim name was used in previous steps, make sure to update the 'claimName' field to match the custom name.
Note: kind: Deployment is not supported. Use either kind: Pod or kind: StatefulSet.
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: apps/v1 kind: StatefulSet metadata: name: soavirt namespace: parasoft-sv-namespace labels: app: soavirt spec: replicas: 1 selector: matchLabels: app: soavirt serviceName: soavirt template: metadata: labels: app: soavirt spec: securityContext: app: soavirt serviceName: soavirt template: metadata: labels: app: soavirt spec: securityContext: runAsNonRoot: true serviceAccountName: parasoft-account automountServiceAccountToken: true volumes: - name: soavirt-pv persistentVolumeClaim: claimName: soavirt-pvc - name: soavirt-config configMap: name: soavirt-config containers: - name: soavirt image: parasoft/soavirt-server imagePullPolicy: IfNotPresent # When running on Kubernetes nodes with more than 32 CPU cores the product will print the following in the logs: This machine exceeds the licensed number of CPU cores # To reduce the number of cores available, uncomment the following resource specification (if you are using OpenShift, see the note below) or contact Parasoft to enable running on higher core counts. # resources: # limits: # cpu: "4" securityContext: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] seccompProfile: type: RuntimeDefault volumeMounts: - name: soavirt-pv mountPath: /usr/local/parasoft/soavirt/webapps/ROOT/workspace - name: soavirt-config mountPath: /usr/local/parasoft/soavirt/webapps/config.properties subPath: config.properties ports: - name: http containerPort: 9080 - name: https containerPort: 9443 startupProbe: httpGet: path: /soavirt/api/v6/healthcheck port: 9080 initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 30 failureThreshold: 3 livenessProbe: httpGet: path: /soavirt/api/v6/healthcheck port: 9080 initialDelaySeconds: 30 periodSeconds: 30 timeoutSeconds: 30 30 envFrom: - secretRef: name: soavirt-secret optional: true env: - name: CATALINA_OPTS value: "-Dparasoft.auto.deploy.new=false -Dparasoft.cloudvm=true -Dparasoft.cloudvm.config=Kubernetes" - name: PARASOFT_POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: PARASOFT_POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace |
...
Open a shell to the running container:
Code Block kubectl exec --stdin --tty soavirt-0 -n parasoft-sv-namespace -- /bin/bash
Make a curl call to the SOAVirt REST API to retrieve the machine ID:
Code Block curl http://localhost:9080/soavirt/api/v6/status?fields=machineId
- Note the machine ID in the response and provide it to your Parasoft representative, who will send you a license password.
- Once you've received your license password, apply it in the soavirt-config.yaml.
Apply the updated soavirt-config.yaml to the running container:
Code Block kubectl apply -f soavirt-config.yaml
The license will be applied when the pod is restarted automatically. Alternatively, you can delete and recreate the pod for the changes to take effect.
Code Block kubectl delete -f soavirt.yaml kubectl create -f soavirt.yaml
Volume Mount Security Policies (Optional)
If your security policy requires applications to only write to mounted volumes, then in addition to the workspace (which is already set in the example pod) you will need to mount the following locations:
| No Format | ||
|---|---|---|
| ||
/usr/local/parasoft/soavirt/logs
/usr/local/parasoft/soavirt/temp
/usr/local/parasoft/soavirt/webapps/ROOT/WEB-INF/configs/builtin
/usr/local/parasoft/soavirt/webapps/ROOT/felix-cache
/usr/local/parasoft/soavirt/webapps/ROOT/apifiles
/usr/local/parasoft/soavirt/work/Catalina/localhost/ROOT
/usr/local/tomcat/logs/ |
Deploying SOAVirt Server in Kubernetes with a Helm Chart
...