要在 Kubernetes 中部署 CTP,请遵循以下流程。
此版本不支持在 Kubernetes 中部署多个 CTP 服务器。支持仅限于在 Kubernetes 集群中运行的单个 CTP 实例。
前提条件
首先,为 CTP 创建一个命名空间:
kubectl create namespace parasoft-ctp-namespace
授权 CTP 后,删除命名空间将使单机许可证失效,即使重新创建相同的命名空间也是如此。
接下来,需要用于数据库配置和导出存储的持久卷和持久卷声明。应为它们配置约 1GB (用于数据库配置)至 10GB (用于导出存储)的空间(可根据需要增减),建议采用 ReadWriteOnce 访问模式。该空间将用于 CTP 服务器的工作空间。
您挂载的卷中必须有格式良好的 db_config.xml。请参阅下面的 db_config.xml,了解良好格式的示例。您还可以将下面的示例复制到要挂载的卷中,任何需要进行的配置都将在应用程序中完成。请注意,如果 URL JDBC 字符串用于 MariaDB、MySQL 或 Oracle,则您的 CTP 部署/pod 应正确配置 JDBC 适配器;如果 URL JDBC 字符串用于 HyperSQL,则无论您的 CTP 部署/pod 配置如何,它都理应会启动。
db_config.xml
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<db_config>
<connection>
<url>jdbc:hsqldb:file:/usr/local/parasoft/ctp/hsqldb/em;ifexists=true</url>
<username>em</username>
<password>em</password>
</connection>
</db_config>
</configuration>
默认的持久卷声明名称是 'ctp-config-storage' 和 'ctp-exports-storage',这些名称可以通过更新 CTP 服务器的 yaml 定义进行自定义。以下示例展示了设置 NFS 持久卷和持久卷声明的配置。虽然示例中使用的是 NFS,但这并不是必需的;可根据需要使用任何持久卷类型。
警告:对于 NFS,导出目录的 UID 和 GID 必须与运行容器的 Parasoft 用户相同。例如,执行 chown 1000:1000 <shared_path> 命令。
ctp-pv.yaml
# ==== Persistent Volume to Mount db_config.xml ====
apiVersion: v1
kind: PersistentVolume
metadata:
name: ctp-config-storage
namespace: parasoft-ctp-namespace
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
path: <path>
server: <ip_address>
---
# ==== PersistentVolumeClaim for db_config.xml ====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ctp-config-pvc
namespace: parasoft-ctp-namespace
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs
resources:
requests:
storage: 1Gi
volumeName: "ctp-config-storage"
---
# ==== Persistent Volume for Export Storage ====
apiVersion: v1
kind: PersistentVolume
metadata:
name: ctp-exports-storage
namespace: parasoft-ctp-namespace
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
path: <path>
server: <ip_address>
---
# ==== PersistentVolumeClaim for CTP exports folder ====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ctp-exports-pvc
namespace: parasoft-ctp-namespace
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs
resources:
requests:
storage: 10Gi
volumeName: "ctp-exports-storage"
使用 yaml 文件创建持久卷和持久卷声明:
kubectl create -f ctp-pv.yaml
需要为数据库建立持久卷和持久卷声明。应为其配置约 50GB 的空间(可根据需要增减),建议采用 ReadWriteOnce 访问模式。
通过更新 CTP 服务器的 yaml 定义,可以自定义下面示例中的默认持久卷声明名称。虽然示例中使用的是 NFS,但这并不是必需的;可根据需要使用任何持久卷类型。请注意,对于外部数据库,持久卷和持久卷声明挂载用于数据库 JDBC 适配器,而不是数据库本身。
嵌入式 HyperSQL 数据库和每个受支持的外部数据库都包含不同的 yaml 示例。请使用适用于您的环境的产品。
警告:对于 NFS,导出目录的 UID 和 GID 必须与运行容器的 Parasoft 用户相同。例如,执行 chown 1000:1000 <shared_path> 命令。
HyperSQL(嵌入式)
ctp-db.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: ctp-hsqldb-storage
namespace: parasoft-ctp-namespace
spec:
capacity:
storage: 50Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
path: <path>
server: <ip_address>
---
# PersistentVolumeClaim for CTP HyperSQL DB
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ctp-hsqldb-pvc
namespace: parasoft-ctp-namespace
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs
resources:
requests:
storage: 50Gi
MariaDB
ctp-db.yaml
# ==== Persistent Volume for MariaDB JDBC Adapter
apiVersion: v1
kind: PersistentVolume
metadata:
name: ctp-mariadbadapter-storage
namespace: parasoft-ctp-namespace
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
path: <path>
server: <ip_address>
---
# ==== PersistentVolumeClaim for MariaDB JDBC Adapter ====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ctp-mariadbadapter-pvc
namespace: parasoft-ctp-namespace
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs
resources:
requests:
storage: 1Gi
volumeName: "ctp-mariadbadapter-storage"
MySQL
ctp-db.yaml
# ==== Persistent Volume for MySQL JDBC Adapter
apiVersion: v1
kind: PersistentVolume
metadata:
name: ctp-mysqladapter-storage
namespace: parasoft-ctp-namespace
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
path: <path>
server: <ip_address>
---
# ==== PersistentVolumeClaim for MySQL JDBC Adapter ====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ctp-mysqladapter-pvc
namespace: parasoft-ctp-namespace
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs
resources:
requests:
storage: 1Gi
volumeName: "ctp-mysqladapter-storage"
Oracle
ctp-db.yaml
# ==== Persistent Volume for OracleDB JDBC Adapter
apiVersion: v1
kind: PersistentVolume
metadata:
name: ctp-oracleadapter-storage
namespace: parasoft-ctp-namespace
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs
nfs:
path: <path>
server: <ip_address>
---
# ==== PersistentVolumeClaim for OracleDB JDBC Adapter ====
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ctp-oracleadapter-pvc
namespace: parasoft-ctp-namespace
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs
resources:
requests:
storage: 1Gi
volumeName: "ctp-oracleadapter-storage"
使用 yaml 文件创建持久卷和持久卷声明:
kubectl create -f ctp-db.yaml
您还需要创建服务账户和所需权限。
parasoft-permissions.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: parasoft-account namespace: parasoft-ctp-namespace --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: parasoft-read namespace: parasoft-ctp-namespace rules: - apiGroups: - "*" resources: - "*" verbs: - get - read - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: parasoft-read-bind namespace: parasoft-ctp-namespace roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: parasoft-read subjects: - kind: ServiceAccount name: parasoft-account namespace: parasoft-ctp-namespace
使用 yaml 文件创建服务账户和所需权限:
kubectl create -f parasoft-permissions.yaml
您可以在控制台中看到与以下内容类似的输出:
serviceaccount/parasoft-account created role.rbac.authorization.k8s.io/parasoft-read created rolebinding.rbac.authorization.k8s.io/parasoft-read-bind created
CTP 部署
满足前提条件后,即可在 Kubernetes 中部署 CTP。如果在之前的步骤中使用了自定义的持久卷声明名称,请确保更新相应的 'volumeMounts:name' 和 'claimName' 字段以匹配自定义名称。取消注释使用的数据库部分。
必须接受服务器 EULA,方法是在 -env 说明符中将 ACCEPT_EULA 值设置为“true”。此外,要选择向 Parasoft 发送匿名使用数据以帮助改进产品,请将 -env 说明符中的 USAGE_DATA 值改为“true”。
注意:不支持 kind: Deployment。请使用支持的 kind: Pod 或 kind: StatefulSet。
ctp-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: ctp-pod
namespace: parasoft-ctp-namespace
labels:
app: ctp
spec:
securityContext:
runAsNonRoot: true
serviceAccountName: parasoft-account
containers:
- name: ctp
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
image: parasoft/ctp:latest
ports:
- containerPort: 8080
# Delete database.properties file to prevent overwriting of db_config.xml on pod startup
command: [ "/bin/bash", "-c" ]
args:
-
cd ctp/webapps/em/WEB-INF/classes/META-INF/spring/ &&
rm database.properties &&
cd ~ &&
./entrypoint.sh
volumeMounts:
- name: ctp-config-storage
mountPath: /usr/local/parasoft/ctp/webapps/em/config/db_config.xml
subPath: db_config.xml
- name: ctp-exports-storage
mountPath: /usr/local/parasoft/exports
# - name: ctp-hsqldb-storage
# mountPath: /usr/local/parasoft/ctp/hsqldb
# === DB JDBC Adapter Volume Mounts ===
# - name: ctp-mariadbadapter-storage
# mountPath: /usr/local/parasoft/ctp/webapps/em/WEB-INF/lib/mariadb-java-client-3.0.8.jar
# subPath: mariadb-java-client-3.0.8.jar
# - name: ctp-mysqladapter-storage
# mountPath: /usr/local/parasoft/ctp/webapps/em/WEB-INF/lib/mysql-connector-java-8.0.30.jar
# subPath: mysql-connector-java-8.0.30.jar
# - name: ctp-oracleadapter-storage
# mountPath: /usr/local/parasoft/ctp/webapps/em/WEB-INF/lib/ojdbc8.jar
# subPath: ojdbc8.jar
env:
# === USE BELOW TO CONFIGURE ENVIRONMENT VARIABLES ===
# Configures CTP to connect to license server at the specified base URL
- name: LICENSE_SERVER_URL
value: https://licenseserver:8443
# Configures CTP to use basic authentication when connecting to license server
- name: LICENSE_SERVER_AUTH_ENABLED
value: "false"
# Configures CTP to connect to license server as the specified user
# - name: LICENSE_SERVER_USERNAME
# value: admin
# Configures CTP to connect to license server with the specified password
# - name: LICENSE_SERVER_PASSWORD
# value: admin
# Set to true or false to opt-in or opt-out of sending anonymous usage data to Parasoft
- name: USAGE_DATA
value: "false"
# Accepts the End User License Agreement if set to true
- name: ACCEPT_EULA
value: "false"
- name: CATALINA_OPTS
value: "-Dparasoft.cloudvm=true
-Dparasoft.cloudvm.config=Kubernetes"
- name: PARASOFT_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: PARASOFT_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# === PROBES ===
startupProbe:
httpGet:
path: /em/resources/favicon.ico
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
failureThreshold: 3
livenessProbe:
httpGet:
path: /em/resources/favicon.ico
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
readinessProbe:
httpGet:
path: /em/healthcheck
port: 8080
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 30
volumes:
- name: ctp-config-storage
persistentVolumeClaim:
claimName: ctp-config-pvc
- name: ctp-exports-storage
persistentVolumeClaim:
claimName: ctp-exports-pvc
# - name: ctp-hsqldb-storage
# persistentVolumeClaim:
# claimName: ctp-hsqldb-pvc
# === SQL JDBC Adapter Volumes ===
# - name: ctp-mariadbadapter-storage
# persistentVolumeClaim:
# claimName: ctp-mariadbadapter-pvc
# - name: ctp-mysqladapter-storage
# persistentVolumeClaim:
# claimName: ctp-mysqladapter-pvc
# - name: ctp-oracleadapter-storage
# persistentVolumeClaim:
# claimName: ctp-oracleadapter-pvc
---
# ==== CTP Service Definition ====
apiVersion: v1
kind: Service
metadata:
name: ctp-service
namespace: parasoft-ctp-namespace
spec:
selector:
app: ctp
type: NodePort
ports:
- protocol: TCP
port: 8080
targetPort: 8080
nodePort: 30000
使用 yaml 文件创建用于访问 Kubernetes 中 CTP 的服务:
kubectl create -f ctp-pod.yaml
