Licensing in K8S

Licensing Configuration

Every time a pod of md-core is created it will create a deployment id attached to that pod so it is automatically activated. In case the pod goes down it will be automatically deactivated thanks to the logic included in the app container that will make a call to the OPSWAT Activation Server.

Following the best practices for Kubernetes, MetaDefender Core handles the SIGTERM signal, sent by a Kubernetes cluster component to the app container, and run the logic to deactivate the deployment id linked to the pod.

The md-core pods use the secrets mdcore-license-key to generate a deployment id and activate that pod. In case of failure on activation the app container will restart until that secret is properly set up with a license key with enough activations.

Licensing Clean Up on Involuntary Disruption

Aiming to cover as much as possible situations of disruption when running MetaDefender Core application in Kubernetes, OPSWAT provides with a mechanism to cleanup the zombie activations in case an old app container terminated did not get the SIGTERM signal from the Kubernetes cluster.

How to enable licensing Clean Up

Pre-requisites

  • Set Up environment variables

    • LICENSING_CLEANUP=true

    • MY_POD_NAME->metadata.name

    • MY_POD_NAMESPACE->metadata.namespace

  • Create Role and RoleBinding with the following rules

    • apiGroups: [""]
    • resources: ["pods","secrets"]
    • verbs: ["create","update","get","list","patch"]

When providing the environment variable LICENSING_CLEANUP in the MetaDefender Core pod, it will store in a new secret (mdcore-licensing by default) the deployment id as value and <md-core-pod-id>-<app-container-id> as key of the secret.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
High Availability on K8S
On This Page
Licensing in K8SLicensing ConfigurationLicensing Clean Up on Involuntary DisruptionHow to enable licensing Clean Up