...
| Code Block |
|---|
| language | yml |
|---|
| title | soavirt-service.yaml |
|---|
|
kind: Service
apiVersion: v1
metadata:
name: soavirt-service
namespace: parasoft-sv-namespace
spec:
selector:
tagapp: soavirt
type: NodePort
ports:
- name: http
protocol: TCP
port: 9080
targetPort: 9080
nodePort: 30080
- name: https
protocol: TCP
port: 9443
targetPort: 9443
nodePort: 30083 |
Use the yaml file to create service that can be used to access SOAVirt server in Kubernetes:
...
| Code Block |
|---|
| language | yml |
|---|
| title | soavirt-config.yaml |
|---|
|
apiVersion: v1
kind: ConfigMap
metadata:
name: soavirt-config
namespace: parasoft-sv-namespace
data:
config.properties: |
# Configuration properties for soavirt server
# === END USER LICENSE AGREEMENT ===
# Set to true to accept the end user license agreement
# Please review the EULA.txt file included in the distribution zip for soavirt.war
parasoft.eula.accepted=false
# === WORKING DIRECTORY ===
# Specifies workspace location
#working.dir=C:/Users/../workspace
# === LOGGING CONFIGURATION ===
# Specifies configuration file for logging
logging.config.file=/WEB-INF/default.logging.xml
# Replace with the following line to enable debug information
#logging.config.file=/WEB-INF/debug.logging.xml
# === CTP SERVER ===
# Specifies CTP server endpoint
#env.manager.server=http\://[CTP Server Host]\:8080
# Specifies the server name that will be displayed in CTP
#env.manager.server.name=[Server Name]
# Specifies username for CTP authentication
#env.manager.username=[CTP Server Username]
# Specifies password for CTP authentication
#env.manager.password=[CTP Server Password]
# Enables notifications to CTP for deployments
#env.manager.notify=true
# === SERVLET CONTAINER ===
# Specifies the hostname to use for remote access to this server
# Useful when a name or address must be strictly used for CTP connectivity
# If empty, the address will be auto-detected
#server.hostname=[Server Hostname]
# Specifies port for http
# Port should match your servlet container
server.port.http=9080
# Specifies port for https
# Port should match your servlet container
#serverserver.port.https=84439443
# === PRODUCT LICENSING ===
# Enables virtualize functionality
virtualize.license.enabled=true
# Enables soatest functionality
soatest.license.enabled=true
# === NODE-LOCK LICENSE ===
# Specifies password for virtualize local license
#virtualize.license.local.password=[Virtualize License Password]
# Specifies password for soatest local license
#soatest.license.local.password=[Soatest License Password]
# === NETWORK LICENSE ===
# Enables network licensing for virtualize
virtualize.license.use_network=true
# Specifies the type of network license for virtualize ['performance_server_edition', 'runtime_server_edition', 'custom_edition']
virtualize.license.network.edition=custom_edition
# Specifies features for virtualize 'custom_edition' license
virtualize.license.custom_edition_features=Service Enabled, Performance, Extension Pack, Validate, Message Packs, Developer Sandbox 1000 Hits/Day, 10000 Hits/Day, 25000 Hits/Day, 50000 Hits/Day, 100000 Hits/Day, 500000 Hits/Day, 1 Million Hits/Day, Unlimited Hits/Day, 30 HPS, 100 HPS
# Enables network licensing for soatest
soatest.license.use_network=true
# Specifies the type of network license for soatest ['server_edition', 'custom_edition']
soatest.license.network.edition=custom_edition
# Specifies features for soatest 'custom_edition' license
soatest.license.custom_edition_features=RuleWizard, Command Line, SOA, Web, Server API Enabled, Message Packs, Advanced Test Generation Desktop, Advanced Test Generation 5 Users, Advanced Test Generation 25 Users, Advanced Test Generation 100 Users, Requirements Traceability, API Security Testing
# === LICENSE SERVER ===
# Enables using a specific license server
# If true, the license network properties below will be used to retrieve a license
# If false, the DTP server properties will be used to retrieve a license
license.network.use.specified.server=true
# Specifies license server URL, e.g., https://host[:port][/context-path]
license.network.url=https\://[License Server Host]\:8443
# Enables http authentication for the license server
license.network.auth.enabled=false
# Specifies username for license server authentication
#license.network.user=[License Server Username]
# Specifies password for license server authentication
#license.network.password=[License Server Password]
# === DTP SERVER ===
# Specifies DTP server URL, e.g., https://host[:port][/context-path]
#dtp.url=https\://[DTP Server Host]\:8443
# Specifies username for DTP authentication
#dtp.user=[DTP Server Username]
# Specifies password for DTP authentication
#dtp.password=[DTP Server Password]
# Specifies the name of the DTP project that you want to link to
#dtp.project=[DTP Project]
# === MISC ===
# Specifies scripting timeout in minutes
#scripting.timeout.minutes=10
# Enables logging telemetry data
#usage.reporting.enabled=true
# === OIDC ===
# Enables or disables user authentication via OpenID Connect
#oidc.enabled=false
# Specifies the URI of the OpenID Connect server
#oidc.issuer.uri=
# Specifies the ID provided by your OpenID Connect server
#oidc.client.id=
# Specifies the method that will be used to authenticate the user on the OpenID Connect server
#oidc.cli.mode=devicecode
# Specifies the path to the token file containing user authentication information
#oidc.devicecode.token.file=
# === REPORTS ===
# Specifies a tag that represents a unique identifier for each run
# e.g., ${config_name}-${project_module}-${scontrol_branch}-${exec_env}
#session.tag=${config_name}
# Specifies a build identifier used to label results
#build.id=${dtp_project}-yyyy-MM-dd
# Specifies data that should be included in the report
#report.developer_errors=true
#report.developer_reports=true
#report.authors_details=true
#report.testcases_details=false
#report.test_suites_only=true
#report.failed_tests_only=false
#report.output_details=false
#report.env_details=false
#report.organize_security_findings_by=CWE
#report.associations=false
#report.assoc.url.pr=
#report.assoc.url.fr=
#report.assoc.url.task=
#report.assoc.url.req=
#report.assoc.url.test=
# Specifies report format configuration ['html', 'pdf', 'xml', 'custom']
report.format=html
#report.custom.extension=
#report.custom.xsl.file=
# Specifies installation directory for Jtest or dotTEST that generates coverage report
#jtest.install.dir=
#dottest.install.dir= |
...
After creating the configuration map, you need to create the service account and required permissions.can choose to set up a secret for the server. This step is optional.
| Code Block |
|---|
| language | yml |
|---|
| title | parasoftsoavirt-permissionssecret.yaml |
|---|
|
apiVersion: v1
kind: ServiceAccountSecret
metadata:
name: parasoftsoavirt-accountsecret
namespace: parasoft-sv-namespace
automountServiceAccountTokentype: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: parasoft-read
namespace: parasoft-sv-namespace
rules:
- apiGroups:
- ""
resources:
- "namespaces"
- "pods"
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: parasoft-read-bind
namespace: parasoft-sv-namespace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: parasoft-read
subjects:
- kind: ServiceAccount
name: parasoft-account
namespace: parasoft-sv-namespace |
Use the yaml file to create the service account and required permissions:
| Code Block |
|---|
|
kubectl create -f parasoft-permissions.yaml |
You should see something similar to the output below in your console:
| Code Block |
|---|
|
serviceaccount/parasoft-account created
role.rbac.authorization.k8s.io/parasoft-read created
rolebinding.rbac.authorization.k8s.io/parasoft-read-bind created |
The following creates the SOAVirt server. If a custom Persistent Volume Claim name was used in previous steps, make sure to update the 'claimName' field to match the custom name.
Note: kind: Deployment is not supported. Use either kind: Pod or kind: StatefulSet.
Opaque
# It is recommended to encrypt password values using the -encodepass CLI option or the encodepass.sh script.
# After encryption, both username and password values must be base64 encoded.
# Example: echo -n "[string]" | base64
# For additional security, see https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/.
data:
# Specifies username for CTP authentication
#env.manager.username: [CTP Server Username]
# Specifies password for CTP authentication
#env.manager.password: [CTP Server Password]
# Specifies username for license server authentication
#license.network.user: [License Server Username]
# Specifies password for license server authentication
#license.network.password: [License Server Password]
# Specifies username for DTP authentication
#dtp.user: [DTP Server Username]
# Specifies password for DTP authentication
#dtp.password: [DTP Server Password] |
Use the yaml file to create the secret for the SOAVirt server:
| Code Block |
|---|
|
kubectl create -f soavirt-secret.yaml |
| Info |
|---|
| title | Encrypting Your Password |
|---|
|
To encrypt a password, run the following command to create a pod that has the parasoft/soavirt-server image without starting the server. | Code Block |
|---|
kubectl run soavirt-encodepass -n parasoft-sv-namespace --image parasoft/soavirt-server --command -- tail -f /dev/null |
Once the pod is created, run the following command to execute the encodepass.sh script inside the pod. Make sure to substitute the desired password. | Code Block |
|---|
kubectl exec -n parasoft-sv-namespace --stdin --tty soavirt-encodepass -- /usr/local/parasoft/soavirt/webapps/ROOT/scripts/encodepass.sh <YOUR_PASSWORD> |
After the password is encrypted, delete the pod. | Code Block |
|---|
kubectl delete pod soavirt-encodepass -n parasoft-sv-namespace |
|
Once you have set up the configuration map and the secret for the server, you need to create the service account and required permissions.
| Code Block |
|---|
| language | yml |
|---|
| title | parasoft-permissions.yaml |
|---|
|
apiVersion: v1
kind: ServiceAccount
metadata:
name: parasoft-account
namespace: parasoft-sv-namespace
automountServiceAccountToken: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: parasoft-read
namespace: parasoft-sv-namespace
rules:
- apiGroups:
- ""
resources:
- "namespaces"
- "pods"
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: parasoft-read-bind
namespace: parasoft-sv-namespace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: parasoft-read
subjects:
- kind: ServiceAccount
name: parasoft-account
namespace: parasoft-sv-namespace |
Use the yaml file to create the service account and required permissions:
| Code Block |
|---|
|
kubectl create -f parasoft-permissions.yaml |
You should see something similar to the output below in your console:
| Code Block |
|---|
|
serviceaccount/parasoft-account created
role.rbac.authorization.k8s.io/parasoft-read created
rolebinding.rbac.authorization.k8s.io/parasoft-read-bind created |
The following creates the SOAVirt server. If a custom Persistent Volume Claim name was used in previous steps, make sure to update the 'claimName' field to match the custom name.
Note: kind: Deployment is not supported. Use either kind: Pod or kind: StatefulSet.
| Code Block |
|---|
| language | yml |
|---|
| title | soavirt-pod.yaml |
|---|
|
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: soavirt
namespace: parasoft-sv-namespace
labels:
app: soavirt
spec:
replicas: 1
selector:
matchLabels:
app: soavirt
serviceName: soavirt
template:
metadata:
labels: |
| Code Block |
|---|
| language | yml |
|---|
| title | soavirt.yaml |
|---|
|
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: soavirt
namespace: parasoft-sv-namespace
labels:
tag: soavirt
spec:
replicas: 1
selector:
matchLabels:
tag: soavirt
serviceName: soavirt
template:
metadata:
labels:
tag: soavirt
spec:
securityContext:
runAsNonRoot: true
serviceAccountName: parasoft-account
automountServiceAccountToken: true
volumes:
- name: soavirt-pv
persistentVolumeClaim:
claimName: soavirt-pvc
- name: soavirt-config
configMap:
name: soavirt-config
containers:
- name: soavirt
image: parasoft/soavirt-server
imagePullPolicy: IfNotPresent
# When running on Kubernetes nodes with more than 32 CPU cores the product will print the following in the logs: This machine exceeds the licensed number of CPU cores
# To reduce the number of cores available, uncomment the following resource specification (if you are using OpenShift, see the note below) or contact Parasoft to enable running on higher core counts.
# resources:
# limits:
# cpu: "4"
securityContext:
allowPrivilegeEscalation: false
app: capabilities:soavirt
spec:
dropsecurityContext:
["ALL"]
runAsNonRoot: true
seccompProfile:
serviceAccountName: parasoft-account
automountServiceAccountToken: true
typevolumes: RuntimeDefault
- volumeMounts:name: soavirt-pv
- name: soavirt-pvpersistentVolumeClaim:
mountPathclaimName: /usr/local/parasoft/soavirt/webapps/ROOT/workspacesoavirt-pvc
- name: soavirt-config
mountPath: /usr/local/parasoft/soavirt/webapps/config.propertiesconfigMap:
subPathname: soavirt-config.properties
portscontainers:
- name: httpsoavirt
containerPortimage: 9080parasoft/soavirt-server
startupProbeimagePullPolicy: IfNotPresent
# When running on Kubernetes nodes with more than 32 httpGet:
CPU cores the product will print the following in the logs: This path: /soavirt/api/v6/healthcheck
port: 9080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
machine exceeds the licensed number of CPU cores
# To reduce the number of cores available, uncomment the following resource specification (if you are using OpenShift, see the note below) or contact Parasoft to enable running on higher core counts.
# resources:
# failureThresholdlimits: 3
# livenessProbe:
cpu: "4"
httpGetsecurityContext:
pathallowPrivilegeEscalation: /soavirt/api/v6/healthcheckfalse
portcapabilities:
9080
initialDelaySeconds: 30 drop: ["ALL"]
periodSecondsseccompProfile:
30
timeoutSecondstype: 30 RuntimeDefault
envvolumeMounts:
- name: CATALINA_OPTSsoavirt-pv
value: "-Dparasoft.auto.deploy.new=falsemountPath: /usr/local/parasoft/soavirt/webapps/ROOT/workspace
- -Dparasoft.cloudvm=truename: soavirt-config
mountPath: /usr/local/parasoft/soavirt/webapps/config.properties
-Dparasoft.cloudvm.config=Kubernetes"subPath: config.properties
- name: PARASOFT_POD_NAMEports:
- name: valueFrom:http
containerPort: fieldRef:9080
fieldPath- name: metadata.namehttps
- namecontainerPort: PARASOFT_POD_NAMESPACE9443
valueFromstartupProbe:
httpGet:
fieldRef:
path: /soavirt/api/v6/healthcheck
port: fieldPath: metadata.namespace
9080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
failureThreshold: 3
livenessProbe:
httpGet:
path: /soavirt/api/v6/healthcheck
port: 9080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
envFrom:
- secretRef:
name: soavirt-secret
optional: true
env:
- name: CATALINA_OPTS
value: "-Dparasoft.auto.deploy.new=false
-Dparasoft.cloudvm=true
-Dparasoft.cloudvm.config=Kubernetes"
- name: PARASOFT_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: PARASOFT_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
|
| Info |
|---|
|
If you are using OpenShift and your host is |
| Info |
|---|
|
If you are using OpenShift and your host is using more than 32 cores, you will need to look at your OpenShift version's documentation about Quotas and Limit Ranges for CPU as there are significant differences between versions. This link is to the documentation for version 4.16, but you should consult the documentation for your exact version: https://docs.openshift.com/container-platform/4.16/nodes/clusters/nodes-cluster-limit-ranges.html |
...
| Code Block |
|---|
|
kubectl create -f soavirt-pod.yaml |
| Anchor |
|---|
| UsingALocalLicense |
|---|
| UsingALocalLicense |
|---|
|
Using a Local License: To use a node-lock license, you will need to retrieve the machine ID from the deployed server in order to procure your license from Parasoft.
Open a shell to the running container:
| Code Block |
|---|
kubectl exec --stdin --tty soavirt-0 -n parasoft-sv-namespace -- /bin/bash |
Make a curl call to the SOAVirt REST API to retrieve the machine ID:
| Code Block |
|---|
curl http://localhost:9080/soavirt/api/v6/status?fields=machineId |
- Note the machine ID in the response and provide it to your Parasoft representative, who will send you a license password.
- Once you've received your license password, apply it in the soavirt-config.yaml.apply it in the soavirt-config.yaml.
Apply the updated soavirt-config.yaml to the running container:
| Code Block |
|---|
kubectl apply -f soavirt-config.yaml |
The license will be applied when the pod is restarted automatically. Alternatively, you can delete and recreate the pod for the changes to take effect.
| Code Block |
|---|
kubectl delete -f soavirt-pod.yaml
kubectl create |
Apply the updated soavirt-config.yaml to the running container:
| Code Block |
|---|
kubectl apply -f soavirt-configpod.yaml |
The license will be applied when the pod is restarted automatically. Alternatively, you can delete and recreate the pod for the changes to take effect.
| Code Block |
|---|
kubectl delete -f soavirt.yaml
kubectl create -f soavirt.yaml
Volume Mount Security Policies (Optional)
If your security policy requires applications to only write to mounted volumes, then in addition to the workspace (which is already set in the example pod) you will need to mount the following locations:
| No Format |
|---|
|
/usr/local/parasoft/soavirt/logs
/usr/local/parasoft/soavirt/temp
/usr/local/parasoft/soavirt/webapps/ROOT/WEB-INF/configs/builtin
/usr/local/parasoft/soavirt/webapps/ROOT/felix-cache
/usr/local/parasoft/soavirt/webapps/ROOT/apifiles
/usr/local/parasoft/soavirt/work/Catalina/localhost/ROOT
/usr/local/tomcat/logs/ |
Deploying SOAVirt Server in Kubernetes with a Helm Chart
...