You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

To deploy License Server in Kubernetes, follow the directions described below.

Deploying multiple License Servers in Kubernetes is not supported with this version. Support is limited to a single instance of License Server running in a Kubernetes cluster.

Prerequisites

First, you will need a Kubernetes cluster. After starting the cluster, create the namespace, service account, and permissions required by the License Server pod and related resources. An example of a yaml file that might be used to for this purpose is shown below.

parasoft-permissions.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: parasoft-namespace
---
# Stable access for clients to license server
kind: Service
apiVersion: v1
metadata:
  name: parasoft-service
  namespace: parasoft-namespace
spec:
  selector:
    tag: parasoft-service
  ports:
    - name: https
      port: 443
      protocol: TCP
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: parasoft-account
  namespace: parasoft-namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: parasoft-namespace-role
  namespace: parasoft-namespace
rules:
- apiGroups:
  - "*"
  resources:
  - "*"
  verbs:
  - "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: parasoft-namespace-bind
  namespace: parasoft-namespace
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: parasoft-namespace-role
subjects:
- kind: ServiceAccount
  name: parasoft-account
  namespace: parasoft-namespace

Use your yaml file to create the required namespace, service account, and permissions before creating the License Server environment:

kubectl create -f parasoft-permissions.yaml

You should see something similar to the output below in your console:

namespace/parasoft-namespace created
service/parasoft-service created
serviceaccount/parasoft-account created
role.rbac.authorization.k8s.io/parasoft-namespace-role created
rolebinding.rbac.authorization.k8s.io/parasoft-namespace-bind created

The "parasoft-namespace" namespace defined in the provided configuration is required and we recommend using the "parasoft-permissions.yaml" as it is documented. The service account used by the License Server Pod requires access to the "parasoft-namespace" namespace, therefore if you choose to create a custom permissions configuration that has different names for the resources defined in the provided permissions configuration, then a namespace with the name "parasoft-namespace" must also be created. If this namespace requirement is not met, License Server will treat any license installed as invalid.

Custom Keystore

If you want to set up a custom keystore, you will need to create a configuration map for the ".keystore" and "server.xml" files. The command below creates a configuration map called "keystore-cfgmap" with file mappings for the custom ".keystore" and "server.xml" files. In this example, each file mapping is given a key: "keystore" for the .keystore file and "server-config" for the server.xml file. While giving each file mapping a key is not necessary, it is useful when you don't want the key to be the file name. 

~$ kubectl create configmap keystore-cfgmap --from-file=keystore=/path/to/.keystore --from-file=server-config=/path/to/server.xml
configmap/keystore-cfgmap created

Create the License Server environment

To create the License Server environment, you will first need a yaml file that defines a secret (optional), a volume, a pod, and a service (optional). The secret is used to pull the License Server image from the repository. The pod is set up to run a License Server container configured with a volume to persist data and a liveness probe for the container health. The service makes License Server accessible via external clients by allocating ports in the node and mapping them to ports in the pod. An example yaml file called "parasoft-lss.yaml" is shown below. This example uses an NFS volume, but that is not required; use the volume type that fits your needs best.

parasoft-lss.yaml
apiVersion: v1
kind: Pod
metadata:
  name: lss
  namespace: parasoft-namespace
  labels:
    app: LSS
spec:
  volumes:
    - name: lss-data
      nfs:
        server: NFS_SERVER_HOST
        path: /lss/
# Uncomment section below if you are setting up a custom keystore; you will also need to uncomment out the associated volumeMounts below
#   - name: keystore-cfgmap-volume
#     configMap:
#       name: keystore-cfgmap
  containers:
    - name: lss-server
      image: LSS_DOCKER_IMAGE
# To inject JVM arguments into the container, specify the "env" property as in the example below, which injects LSS_JAVA_OPTS
#     env:
#       - name: LSS_JAVA_OPTS
#         value: "-Dparasoft.use.license.v2=true"
      imagePullPolicy: Always
      ports:
        - containerPort: 8080
          name: "http-server"
        - containerPort: 8443
          name: "https-server"
      volumeMounts:
        - mountPath: "/usr/local/parasoft/license-server/data"
          name: lss-data
# Uncomment section below if you are setting up a custom keystore. Note that updates made to these files will not be reflected inside the container once it's been deployed; you will need to restart the container for it to contain any updates. 
#       - name: keystore-cfgmap-volume 
#         mountPath: "/usr/local/parasoft/license-server/tomcat/conf/.keystore" 
#         subPath: keystore 
#       - name: keystore-cfgmap-volume 
#         mountPath: "/usr/local/parasoft/license-server/tomcat/conf/server.xml" 
#         subPath: server-config 
# To prevent liveness probe failures on environments with low or overly taxed RAM/CPU, we recommend increasing the timeout seconds
      livenessProbe:
        exec:
          command:
          - healthcheck.sh
        initialDelaySeconds: 120
        periodSeconds: 60
        timeoutSeconds: 30
        failureThreshold: 5
  restartPolicy: Always
  serviceAccountName: parasoft-account
  imagePullSecrets:
    - name: YOUR_SECRET
---
apiVersion: v1
kind: Service
metadata:
  name: lss
  namespace: parasoft-namespace
spec:
  type: NodePort
  selector:
    app: LSS
  ports:
    - port: 8080
      name: PORT_NAME_1
      nodePort: XXXXX
    - port: 8443
      name: PORT_NAME_2
      nodePort: XXXXX
 
# SERVICE CONFIG NOTES:
# 'name' can be whatever you want
# 'nodePort' must be between 30000-32768
# 'spec.selector' must match 'metadata.labels' in pod config

Use the yaml file to create the LSS environment:

kubectl create -f parasoft-lss.yaml

To access the UI on a web browser, use the node ports allocated in the service definition as the address (for example, NODE_HOST:NODE_PORT).

If you injected JVM arguments into the container and want to verify their status, run the following command:

kubectl exec <POD_NAME> -c <CONTAINER_NAME> -- printenv

Custom Truststore

Using a custom truststore in Kubernetes environments is similar to using a custom keystore as described above. Adjust the directions for using a custom keystore as appropriate. Note that the truststore location is /usr/local/parasoft/license-server/jre/lib/security/cacerts.


  • No labels

Need assistance? Visit our support page