Licensing of KX Insights on Azure
The licensing of KX Insights Platform on Azure Marketplace is consumption-based. KX will automatically collect usage logs based on the deployment footprint and monitor the usage against the license terms for accurate billing & payment purposes.
This page will discuss the three key elements of the license workflow;
- initial deployment
- license renewals
- usage data uploading
The workflow is reliant on network connectivity in order to communicate with the KX licensing server. If network connectivity will be restricted post-deployment, please refer this section.
Initial deployment
As part of the initial deployment of the application, a license will be automatically provisioned for the cluster
by KX. This license will be persisted in the cluster as a Kubernetes
secret
called kxi-license
. There is no action required of the user and the application will be configured to use this
secret.
License registration
This process will register the KX license against the email address of the user who created the deployment. They will be the contact point for KX representatives and any license administration that's required at a later point.
License renewals
The licenses provisioned as part of the initial deploy are short-lived and are only valid for 10 days. A Kubernetes CronJob is used to automatically renew this license.
This job is scheduled to run every twelve hours and checks whether the license is close to expiry. When the license is within three days of its expiry, it will attempt to renew the license. This process involves:
- downloading the existing license expiry
- checking the remaining days before the expiry date
- making REST requests to the KX license server to fetch a renewed license
- patching the license secret with the updated license
Internet connectivity required
This process communicates with the KX license server hosted in the public cloud
at ll.kx.com
. It is recommended to allow connectivity to this host to prevent
the license expiring and service outages.
If unblocking this host is not possible, see the firewalled deployments section.
Usage data uploads
As described above, the billing of KX Insights is consumption-based. The application collects usage logs which describe the footprint of the deployment. These logs are automatically uploaded by the application to Azure Blob Storage buckets for review by KX.
This procedure happens in the background;
- requests an object storage URL from the KX license server
- uploads usage logs to this bucket URL using a HTTP request
Internet connectivity required
As with the renewal workflow, this process needs to be able to communicate
with ll.kx.com
and access to Azure Blob Storage buckets.
If this is not possible, see the firewalled deployments section.
Firewalled deployments
As described in the previous sections, the license renewal and usage data upload workflows are online
processes. They require network access to ll.kx.com
and Azure Blob Storage. If this is not possible
in your deployment, alternative processes will need to be put in place. This section will describe
how to implement the processes separately. For simplicity they assume the commands are running
on a Bastion host with:
- Internet connectivity
- kubectl installed and configured for the KX Insights cluster
To implement these processes, the klic tool will be required. This is KX's self-service tool for managing license resources. To install this, follow the docs here.
The expectation is that these processes could be fully automated within the deployed infrastructure.
License renewals
Without connectivity to ll.kx.com
, the licensing job will not function and licenses will expire.
The procedure below will renew the license and update the license secret.
Firstly get the license identifier from the license secret and a service account token for communicating with the license server.
export KX_LIC_UUID=$(kubectl get secret kxi-license -o jsonpath='{.data.uuid}' | base64 -d -)
export KX_LIC_TOKEN=$(kubectl get secret kxi-license -o jsonpath='{.data.klic-serviceaccount-token}' | base64 -d -)
The license can then be renewed and downloaded using the command below. Note if the license is before two thirds of its expiry date, the renew command will fail as the license doesn't need to be renewed yet.
env KLIC_SERVICEACCOUNT="${KX_LIC_TOKEN}" klic license renew $KX_LIC_UUID \
&& klic license fetch $KX_LIC_UUID
The license will be downloaded to the current directory or a directory pointed to by $QLIC
.
This can then be patched into the existing license secret using the command below.
kubectl patch secret kxi-license --patch "{ \"data\": { \"license\": \"$(base64 -w0 kx.lic)\" } }"
Usage data
The usage data is stored in PVCs of the insights-kxi-acc-svc
pods. This data can be copied
locally and uploaded to KX.
The command below will download all logs from the application and store to a kxi-lic-logs
directory.
PODS=$(kubectl get pods -l app.kubernetes.io/name=kxi-acc-svc -o name | cut -d/ -f2)
for POD in $PODS ; do kubectl cp $POD:/run/kod/data kxi-lic-logs ; done
Next the klic can be used to get a bucket URL for uploading the data to.
Note: this URL expires after seven days so needs to be updated periodically.
export KX_LIC_URL=$(klic accounting url --provider azure | awk 'FNR == 1 {print $2}')
The usage data can then be uploaded to the bucket using the command below.
find . -maxdepth 1 -type f -name '*.t.koda' | xargs -r -I{} curl -s -f -L -X PUT -H 'Content-Type: application/octet-stream' -H 'x-ms-blob-type: BlockBlob' --data-binary @'{}' $KX_LIC_URL
echo $?
Providing this returns a successful (0) response, the usage data in the cluster can be deleted. This is done by running the commands below to delete inactive logs.
for POD in $PODS ; do kubectl exec $POD sh -c "cd $KX_ACCT && find . -maxdepth 1 -type f -name '*.t.koda' -mmin +10 -delete" ; done