Licensing in K8S
Licensing Configuration
Every time a pod of md-core is created it will create a deployment id attached to that pod so it is automatically activated. In case the pod goes down it will be automatically deactivated thanks to the logic included in the app container that will make a call to the OPSWAT Activation Server.
Following the best practices for Kubernetes, MetaDefender Core handles the SIGTERM signal, sent by a Kubernetes cluster component to the app container, and run the logic to deactivate the deployment id linked to the pod.
The md-core pods use the secrets mdcore-license-key to generate a deployment id and activate that pod. In case of failure on activation the app container will restart until that secret is properly set up with a license key with enough activations.
Licensing Clean Up on Involuntary Disruption
Aiming to cover as much as possible situations of disruption when running MetaDefender Core application in Kubernetes, OPSWAT provides with a mechanism to cleanup the zombie activations in case an old app container terminated did not get the SIGTERM signal from the Kubernetes cluster.
How to enable licensing Clean Up
Pre-requisites
Set Up environment variables
LICENSING_CLEANUP=true
MY_POD_NAME->
metadata.nameMY_POD_NAMESPACE->
metadata.namespace
Create Role and RoleBinding with the following rules
- apiGroups: [""]
- resources: ["pods","secrets"]
- verbs: ["create","update","get","list","patch"]
When providing the environment variable LICENSING_CLEANUP
in the MetaDefender Core pod, it will store in a new secret (mdcore-licensing by default) the deployment id as value and <md-core-pod-id>-<app-container-id> as key of the secret.