Skip to content

Licensing of KX Insights on Azure

The licensing of KX Insights Platform on Azure Marketplace is consumption-based. KX will automatically collect usage logs based on the deployment footprint and monitor the usage against the license terms for accurate billing & payment purposes.

This page will discuss the three key elements of the license workflow;

  • initial deployment
  • license renewals
  • usage data uploading

The workflow is reliant on network connectivity in order to communicate with the KX licensing server. If network connectivity will be restricted post-deployment, please refer this section.

Initial deployment

As part of the initial deployment of the application, a license will be automatically provisioned for the cluster by KX. This license will be persisted in the cluster as a Kubernetes secret called kxi-license. There is no action required of the user and the application will be configured to use this secret.

License registration

This process will register the KX license against the email address of the user who created the deployment. They will be the contact point for KX representatives and any license administration that's required at a later point.

License renewals

The licenses provisioned as part of the initial deploy are short-lived and are only valid for 10 days. A Kubernetes CronJob is used to automatically renew this license.

This job is scheduled to run every twelve hours and checks whether the license is close to expiry. When the license is within three days of its expiry, it will attempt to renew the license. This process involves:

  • downloading the existing license expiry
  • checking the remaining days before the expiry date
  • making REST requests to the KX license server to fetch a renewed license
  • patching the license secret with the updated license

Internet connectivity required

This process communicates with the KX license server hosted in the public cloud at It is recommended to allow connectivity to this host to prevent the license expiring and service outages.

If unblocking this host is not possible, see the firewalled deployments section.

Usage data uploads

As described above, the billing of KX Insights is consumption-based. The application collects usage logs which describe the footprint of the deployment. These logs are automatically uploaded by the application to Azure Blob Storage buckets for review by KX.

This procedure happens in the background;

  • requests an object storage URL from the KX license server
  • uploads usage logs to this bucket URL using a HTTP request

Internet connectivity required

As with the renewal workflow, this process needs to be able to communicate with and access to Azure Blob Storage buckets.

If this is not possible, see the firewalled deployments section.

Firewalled deployments

As described in the previous sections, the license renewal and usage data upload workflows are online processes. They require network access to and Azure Blob Storage. If this is not possible in your deployment, alternative processes will need to be put in place. This section will describe how to implement the processes separately. For simplicity they assume the commands are running on a Bastion host with:

  • Internet connectivity
  • kubectl installed and configured for the KX Insights cluster

To implement these processes, the klic tool will be required. This is KX's self-service tool for managing license resources. To install this, follow the docs here.

The expectation is that these processes could be fully automated within the deployed infrastructure.

License renewals

Without connectivity to, the licensing job will not function and licenses will expire. The procedure below will renew the license and update the license secret.

Firstly get the license identifier from the license secret and a service account token for communicating with the license server.

export KX_LIC_UUID=$(kubectl get secret kxi-license -o jsonpath='{.data.uuid}' | base64 -d -)
export KX_LIC_TOKEN=$(kubectl get secret kxi-license -o jsonpath='{.data.klic-serviceaccount-token}' | base64 -d -)

The license can then be renewed and downloaded using the command below. Note if the license is before two thirds of its expiry date, the renew command will fail as the license doesn't need to be renewed yet.

env KLIC_SERVICEACCOUNT="${KX_LIC_TOKEN}" klic license renew $KX_LIC_UUID \
  && klic license fetch $KX_LIC_UUID

The license will be downloaded to the current directory or a directory pointed to by $QLIC. This can then be patched into the existing license secret using the command below.

kubectl patch secret kxi-license --patch "{ \"data\": { \"license\": \"$(base64 -w0 kx.lic)\" } }"

Usage data

The usage data is stored in PVCs of the insights-kxi-acc-svc pods. This data can be copied locally and uploaded to KX.

The command below will download all logs from the application and store to a kxi-lic-logs directory.

PODS=$(kubectl get pods -l -o name | cut -d/ -f2)
for POD in $PODS ; do kubectl cp $POD:/run/kod/data kxi-lic-logs ; done

Next the klic can be used to get a bucket URL for uploading the data to.

Note: this URL expires after seven days so needs to be updated periodically.

export KX_LIC_URL=$(klic accounting url --provider azure | awk 'FNR == 1 {print $2}')

The usage data can then be uploaded to the bucket using the command below.

find . -maxdepth 1 -type f -name '*.t.koda' | xargs -r -I{} curl -s -f -L -X PUT -H 'Content-Type: application/octet-stream' -H 'x-ms-blob-type: BlockBlob' --data-binary @'{}' $KX_LIC_URL
echo $?

Providing this returns a successful (0) response, the usage data in the cluster can be deleted. This is done by running the commands below to delete inactive logs.

for POD in $PODS ; do kubectl exec $POD sh -c "cd $KX_ACCT && find . -maxdepth 1 -type f -name '*.t.koda' -mmin +10 -delete" ; done