Appendix B: Deploying a CL Server in Kubernetes on GCP
This topic describes how to deploy a cloud License Manager service in a Docker container using a MySQL database to Kubernetes on GCP (Google Cloud Platform).
Prerequisites
The following is required for deploying a cloud license server on GCP:
>A console that is able to access Google Cloud Platform
>Cloud database instance for MySQL 5. 7, with a user account created for Sentinel LDK License Manager service. (MySQL Docker can also be used for this purpose)
Database Initialization for the LMS (Sentinel LDK License Manager Service)
>If the database user has full access to the database, the database and tables can be created automatically by the LMS.
>If the database user only has the read/write rights to update the data in tables, but no rights to create the database and tables, the deployment user should create the database and tables for the LMS manually. Use the file sentinel_ldk_table.sql to perform initialization.
Deployment
NOTE The procedure that follows describes how to implement an LMS in Docker on GCP. If you want to expose the LMS directly on the cloud platform, consider the security enhancements required to protect the service deployed on Kubernetes according to your security requirements.
To deploy the License Manager Service in a Docker container on Kubernetes:
1.Enter the following to create a VLIB configmap on Kubernetes with a vendor library:
kubectl create configmap haspvlib --from-file=./haspvlib_x86_64_37517.so
The vendor library should be located in the path /var/hasplm in Docker.
2.Enter the following to create the LMS initialization configmap:
kubectl create configmap hasplmini --from-file=./hasplm.ini
The hasplm.ini file should be located in the path /etc/hasplm in Docker.
NOTE The trusted IP address should be set to 0.0.0.0/0 in hasplm.ini. This enables the LMS to be accessed by the Load Balancer.
LMS Docker reads the following configmap file at startup. Once any LMS configuration is updated, all configuration information is saved to the MysQL database. Once that occurs, the configuration information in database is used instead of the information in the configmap file.
[SERVER] listen_also = 1 requestlog = 1 loglocal = 1 logremote = 1 logadmin = 1 errorlog = 1 rotatelogs = 1 pidfile = 1 passacc = 1 accessfromremote = anyone accremote = 1 adminremote = 1 [REMOTE] broadcastsearch = 0 [EMS] emsurl = http://localhost:8080 emsurl = http://127.0.0.1:8080 [TRUST] trusted_ip = 0.0.0.0/0
3.Create the LMS deployment yaml file. The yaml file shows:
• How to deploy the LMS Docker image.
• How to implement the LivenessProbe and ReadinessProbe for the LMS.
•How to load the hasplm.ini and vendor library with configmap on Kubernetes.
NOTE The replicas should be set to 1 when deploying LMS Docker on Kubernetes.
apiVersion: apps/v1
kind: Deployment
metadata:
name: lms
labels:
name: lms
spec:
replicas: 1
selector:
matchLabels:
app: lms
template:
metadata:
labels:
app: lms
spec:
containers:
- name: lms
image: thalesgroupsm/sentinel_ldk_rte
#should be set to "Always" when deploying with Kubernetes
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /sentinel/ldk/v1/healthz
port: 1947
initialDelaySeconds: 120
timeoutSeconds: 30
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /sentinel/ldk/v1/readyz
port: 1947
initialDelaySeconds: 120
timeoutSeconds: 30
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
ports:
- containerPort: 1947
volumeMounts:
- name: hasplmcfgfile
mountPath: /etc/hasplm/hasplm.ini
subPath: hasplm.ini
- name: haspvlibfile
mountPath: /var/hasplm/haspvlib_x86_64_37517.so
subPath: haspvlib_x86_64_37517.so
env:
- name: HASPLM_DATABASE
value: mysql
- name: HASPLM_DATABASE_MYSQL_HOST
value: mysql
- name: HASPLM_DATABASE_MYSQL_PASSWORD
value: root!
- name: HASPLM_DATABASE_MYSQL_USER
value: root
- name: HASPLM_DATABASE_MYSQL_PORT
value: "3306"
volumes:
- name: hasplmcfgfile
configMap:
name: hasplmini
- name: haspvlibfile
configMap:
name: haspvlib
4.Create the LMS yaml file. It is up to you to decide how to expose the LMS to the public IP address. The yaml file below shows how to expose the LMS in the load balancer.
apiVersion: v1
kind: Service
metadata:
name: lms
labels:
app: lms
spec:
type: LoadBalancer
ports:
- port: 1947
targetPort: 1947
protocol: TCP
selector:
app: lms
5.Run the following to deploy the LMS:
kubectl apply -f lms_deployment.yaml -f lms_svc.yaml
The LMS can be accessed with the following URL:
http://<IP_exposed_by_the_LoadBalancer>:1947