Licensing of kdb Insights Enterprise on Azure
kdb Insights Enterprise on Azure Marketplace has a consumption-based licensing. KX will automatically collect usage logs based on the deployment footprint and monitor the usage against the license terms for accurate billing & payment purposes.
This page will discuss the three key elements of the license workflow:
- Initial deployment
- License renewals
- Usage data uploading
Network connectivity is required for the workflow to communicate with the KX licensing server. If network connectivity will be restricted post-deployment, please refer to this section.
Initial deployment
As part of the initial deployment of the application, KX will automatically provision a license for the cluster.
This license will be persisted in the cluster as a Kubernetes secret
called kxi-license
. There is no action required by you - the application will be configured to use this
secret.
License registration
This process will register the KX license against the email address you entered when creating the deployment. The email address provided at install time will be the contact point for KX representatives and any license administration that's required at a later point.
License renewals
Licenses provisioned as part of the initial deployment are short-lived and are only valid for 10 days.
A Kubernetes CronJob is used to automatically renew this license.
This CronJob is scheduled to run every twelve hours and checks whether the license is close to expiration. When the license is within three days of its expiration date, it will attempt to renew the license. This process involves:
- Downloading the existing license expiry
- Checking the remaining days before the expiry date
- Making REST requests to the KX license server to fetch a renewed license
- Patching the license secret with the updated license
Internet connectivity required
This process communicates with the KX license server hosted in the public cloud
at ll.kx.com
. It is recommended to allow connectivity to this host to prevent
the license expiring and service outages.
If unblocking this host is not possible, see the firewalled deployments section.
Usage data uploads
As described above, the billing of kdb Insights Enterprise is consumption-based. The application collects usage logs which describe the footprint of the deployment. These logs are automatically uploaded by the application to Azure Blob Storage buckets for review by KX.
This procedure happens in the background;
- Requests an object storage URL from the KX license server
- Uploads usage logs to this bucket URL using a HTTP request
Internet connectivity required
As with the renewal workflow, this process needs to be able to communicate
with ll.kx.com
and access to Azure Blob Storage buckets.
If this is not possible, see the firewalled deployments section.
Firewalled deployments
As described in the previous sections, the license renewal and usage data upload workflows are online
processes. They require network access to ll.kx.com
and Azure Blob Storage. If this is not possible
in your deployment, alternative processes will need to be put in place. This section will describe
how to implement the processes separately. For simplicity they assume the commands are running
on a Bastion host with:
- Internet connectivity
- kubectl installed and configured for kdb Insights Enterprise cluster
To implement these processes, the klic tool will be required. This is KX's self-service tool for managing license resources. To install this, follow the docs here.
It is expected these processes are fully automated in the deployed infrastructure.
License renewals
Without connectivity to ll.kx.com
, the licensing job will not function and licenses will expire.
The procedure below will renew the license and update the license secret.
To get started, get the license identifier from the license secret and a service account token for communicating with the license server.
export KX_LIC_UUID=$(kubectl get secret kxi-license -o jsonpath='{.data.uuid}' | base64 -d -)
export KX_LIC_TOKEN=$(kubectl get secret kxi-license -o jsonpath='{.data.klic-serviceaccount-token}' | base64 -d -)
The license can then be renewed and downloaded using the command below. Note if the license is before two thirds of its expiration date, the renewal will fail as the license doesn't need to be renewed yet.
env KLIC_SERVICEACCOUNT="${KX_LIC_TOKEN}" klic license renew $KX_LIC_UUID \
&& klic license fetch $KX_LIC_UUID
The license will be downloaded to the current directory or a directory pointed to by $QLIC
.
This can then be patched into the existing license secret using the command below.
kubectl patch secret kxi-license --patch "{ \"data\": { \"license\": \"$(base64 -w0 kx.lic)\" } }"
Usage data
The usage data is stored in PVCs of the insights-kxi-acc-svc
pods. This data can be copied
locally and uploaded to KX.
The command below will download all logs from the application and store them to a kxi-lic-logs
directory.
PODS=$(kubectl get pods -l app.kubernetes.io/name=kxi-acc-svc -o name | cut -d/ -f2)
for POD in $PODS ; do kubectl cp $POD:/run/kod/data kxi-lic-logs ; done
Next the klic can be used to get a bucket URL for uploading the data to.
Note: this URL expires after seven days so it needs to be updated periodically.
export KX_LIC_URL=$(klic accounting url --provider azure | awk 'FNR == 1 {print $2}')
The usage data can then be uploaded to the bucket using the command below.
find . -maxdepth 1 -type f -name '*.t.koda' | xargs -r -I{} curl -s -f -L -X PUT -H 'Content-Type: application/octet-stream' -H 'x-ms-blob-type: BlockBlob' --data-binary @'{}' $KX_LIC_URL
echo $?
If the above command returns a successful (0) response, the usage data in the cluster can be deleted. This is done by running the commands below to delete inactive logs.
for POD in $PODS ; do kubectl exec $POD sh -c "cd $KX_ACCT && find . -maxdepth 1 -type f -name '*.t.koda' -mmin +10 -delete" ; done