...
| Code Block | ||
|---|---|---|
| ||
serviceaccount/parasoft-account created role.rbac.authorization.k8s.io/parasoft-read created rolebinding.rbac.authorization.k8s.io/parasoft-read-bind created |
The following yaml below creates the SOAVirt server. If a custom Persistent Volume Claim name was used in previous steps, make sure to update the 'claimName' field to match the custom name.
Note: kind: Deployment is not supported. Use either kind: Pod or kind: StatefulSet.
...
Required Settings for a Stable Machine ID
| Anchor | ||||
|---|---|---|---|---|
|
...
As you modify the
soavirt-pod.yaml sample shown below or craft your own yaml, be aware that the following fields need to be consistent across upgrades and redeployments in order to assure a stable machine ID:
- metadata: name
- metadata: namespace
- containers: name
In addition, the following environment variables are required:
- env: name: PARASOFT_POD_NAME
- env: name: PARASOFT_POD_NAMESPACE
Note: kind: Deployment is not supported. Use either kind: Pod or kind: StatefulSet.
| Code Block | ||||
|---|---|---|---|---|
| ||||
apiVersion: apps | apiVersion: apps/v1
kind: StatefulSet
metadata:
name: soavirt
namespace: parasoft-sv-namespace
labels:
app: soavirt
spec:
replicas: 1
selector:
matchLabels:
app: soavirt
serviceName: soavirt
template:
metadata:
labels:
app: soavirt
spec:
securityContext:
runAsNonRoot: true
serviceAccountName: parasoft-account
automountServiceAccountToken: true
volumes:
- name: soavirt-pv
persistentVolumeClaim:
claimName: soavirt-pvc
- name: soavirt-config
configMap:
name: soavirt-config
containers:
- name: soavirt
image: parasoft/soavirt-server
imagePullPolicy: IfNotPresent
# When running on Kubernetes nodes with more than 32 CPU cores the product will print the following in the logs: This machine exceeds the licensed number of CPU cores
# To reduce the number of cores available, uncomment the following resource specification (if you are using OpenShift, see the note below) or contact Parasoft to enable running on higher core counts.
# resources:
# limits:
# cpu: "4"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: soavirt-pv
mountPath: /usr/local/parasoft/soavirt/webapps/ROOT/workspace
- name: soavirt-config
mountPath: /usr/local/parasoft/soavirt/webapps/config.properties
subPath: config.properties
ports:
- name: http
containerPort: 9080
- name: https
containerPort: 9443
startupProbe:
httpGet:
path: /soavirt/api/v6/healthcheck
port: 9080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
failureThreshold: 3
livenessProbe:
httpGet:
path: /soavirt/api/v6/healthcheck
port: 9080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
envFrom:
- secretRef:
name: soavirt-secret
optional: true
env:
- name: CATALINA_OPTS
value: "-Dparasoft.auto.deploy.new=false
-Dparasoft.cloudvm=true
-Dparasoft.cloudvm.config=Kubernetes"
- name: PARASOFT_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: PARASOFT_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
|
...
| No Format | ||
|---|---|---|
| ||
/usr/local/parasoft/soavirt/logs /usr/local/parasoft/soavirt/temp /usr/local/parasoft/soavirt/webapps/ROOT/WEB-INF/configs/builtin /usr/local/parasoft/soavirt/webapps/ROOT/felix-cache /usr/local/parasoft/soavirt/webapps/ROOT/apifiles /usr/local/parasoft/soavirt/work/Catalina/localhost/ROOT /usr/local/tomcat/logs/ |
Modifying the java.security File (Optional)
You may want to use a modified java.security file if, for example, you want to enable or disable an specific SSL cipher suite or something similarsuites or make other related security configurations. To do so, create a modified copy of your java.security file and save , store it in your parasoft directory (for example, in a ConfigMap, and mount it into the pod at /usr/local/parasoft/) and make your modifications to that file. Remember to add it to your configuration mapjava.security.
There are a few options you will want to keep in mind when employing applying your changes:
- When using your modified java.security settings, it's important to disable the global properties. If you don't, they will override your modifications:
-Djava.security.disableSystemPropertiesFile=true - When overriding To override the default security file, explicitly specify that the security properties JVM should use your modified custom security properties file explicitly:
-Djava.security.properties==/usr/local/parasoft/java.securityNote the double equal sign (==) that tells Java to entirely fully replace the java.security settings that would normally be loaded from the jvm. - To enable debugging of what debug which java.security properties were loaded, add the
java.security.debugproperty:-Djava.security.debug=properties
Put all together, you would run add the following to the env: section of the soavirt container:
| Code Block | ||
|---|---|---|
| ||
- name:--env JAVA_OPTS= value: "-Djava.security.disableSystemPropertiesFile=true -Djava.security.properties==/usr/local/parasoft/java.security -Djava.security.debug=properties" |
...