SPK Licensing¶
Overview¶
The Service Proxy for Kubernetes (SPK) software requires a valid SPK license to begin processing 5G application traffic using SPK CRs. Once the SPK CWC obtains a valid license, it begins collecting and reporting monthly SPK software CRD usage summary telemetry statistics for the cluster. SPK uses F5’s flexible consumption software licensing model, billing only for the SPK features used.
Note: SPK Licensing applies to the cluster level, and is performed prior to installing the SPK Controller instances.
This document guides you through the activating the SPK software license.
CPCL modes¶
As described in the SPK CWC guide, the Common Product Component and Libraries (CPCL) module supports two licensing modes:
- disconnected - When the CWC does not have access to the internet, each licensing task must be performed manually. Use this document to perform the required licensing steps.
- connected - When the CWC has access the internet, it can automatically perform each of the licensing tasks. Use this document to obtain the license status.
Licensing stages¶
When the CWC’s CPCL module operates in disconnected mode; having no direct access to the internet, uploading license reports and obtaining signed license acknowledgements from the F5 licensing server must be performed manually. Once the CWC and Controllers are installed, the licensing and entitlement events occur as follows:
- Obtain the JSON Web Token (JWT).
- Check CWC licensing status.
- Download the CWC cluster report.
- Send the report to the F5 licensing server.
- Send the signed acknowledgement to CWC.
Telemetry reports¶
Once the cluster is successfully licensed, the CWC enters a Telemetry In Progress state, calculating the software CRD usage summary telemetry statistics for the cluster. At the end of each month, the CWC generates a telemetry report which should be downloaded, sent to the F5 licensing server for acknowledgement, and the signed acknowledgement should then be sent back to the CWC. If a telemetry report is not signed by the F5 licensing server at the end of the month, it will be consolidated with the next telemetry report, and a consolidated report will then be available to download and sign.
Example of the Telemetry In Progress and report EndDate:
"TelemetryStatus": {
"NextReport": {
"StartDate": "2023-01-06 13:59:35.306014074 +0000 UTC m=+1346.343452122",
"EndDate": "2023-01-31 13:59:35",
"State": "Telemetry In Progress"
}
}
License expiration¶
The cluster license requires renewal after the LicenseExpiryDate has passed. It is important to note that SPK does not stop processing application traffic after this time, but will begin logging messages indicating the cluster must be relicensed.
Example of the LicenseExpiryDate:
"LicenseDetails": {
"DigitalAssetID": "5ec9234e-8df3-4d90-9536-45142b87049f",
"EntitlementType": "paid",
"LicenseExpiryDate": "2022-11-17T00:00:00Z",
"LicenseExpiryInDays": "204"
}
Licensing APIs¶
The CWC licensing APIs listed below can be used to perform licensing tasks programmatically, or with API platforms other than Postman. Refer to the Gather API info section to obtain the CWC’s SSL/TLS certificates and hostname. To license the cluster, refer to the Procedures section of this document.
Important: The URL to contact the CWC Pod includes the Project name. In the examples below the CWC is in the spk-telemetry Project.
License status¶
Returns the current CWC licensing status. This API should be used both for licensing the cluster and checking the telemetry report status. The LicenseStatus should indicate Config Report Ready to Download prior to downloading a license report.
https://f5-spk-cwc.spk-telemetry:30881/status
Example:
curl --cert client_certificate.pem --key client_key.pem --cacert ca_certificate.pem \
https://f5-spk-cwc.spk-telemetry:30881/status
License report¶
Downloads the CWC license report for the cluster. The license report will be sent to the F5 licensing server for acknowledgement.
https://f5-spk-cwc.spk-telemetry:30881/report
Example:
curl --cert client_certificate.pem --key client_key.pem --cacert ca_certificate.pem \
https://f5-spk-cwc.spk-telemetry:30881/report
Send report¶
Sends the license report to Telemetry server for acknowledgement. Send the full report, including the {} curly brackets.
Note: The DigitalAssetID is obtained from the License status, and the JWT from your MyF5 account.
https://product.apis.f5.com/ee/v1/entitlements/telemetry
Example:
curl -X POST https://product.apis.f5.com/ee/v1/entitlements/telemetry \
-H "Content-Type: application/json" -H "F5-DigitalAssetId: <DigitalAssetID>" \
-H "User-Agent: SPK" -H "Authorization: Bearer <JWT Object>" -d '<Full_Report>'
Send manifest¶
Sends the acknowledged manifest to CWC. Send only the manifest data, no curly brackets {}, or “ quotations.
https://f5-spk-cwc.spk-telemetry:30881/receipt
Example:
curl --cert client_certificate.pem --key client_key.pem --cacert ca_certificate.pem \
https://f5-spk-cwc.spk-telemetry:30881/receipt -d eyJhbGciOiJSUzUxMiIs
Reactivate¶
Sends the JWT object to CWC. Send only the JWT data, no curly brackets {}, or “ quotations.
Resubmit the JWT that was not submitted properly, as it is causing a CWC failure.
https://f5-spk-cwc.spk-telemetry:30881/reactivate
Example:
curl --k --cert-type PEM -cert client_certificate.pem --key client_key.pem --cacert ca_certificate.pem \
https://f5-spk-cwc.spk-telemetry:30881/reactivate -d <JWT object>
Requirements¶
Ensure you have:
- Installed the SPK software.
- Installed the SPK CWC.
- Obtained the JWT for this cluster from your MyF5 account.
Procedures¶
Gather API info¶
Licensing the SPK software requires querying the CWC REST API to determine the cluster’s licensing status, and uploading a valid license. To authenticate the CWC REST API, the SSL/TLS certificates and the IP address of the API interface must first be obtained. Use the steps below to obtain the API information.
Create a new directory for the CWC REST API certificates:
mkdir cwc_api
Copy each of the certificates into the new directory:
cp api-server-secrets/ssl/client/certs/client_certificate.pem cwc_api
cp api-server-secrets/ssl/ca/certs/ca_certificate.pem cwc_api
cp api-server-secrets/ssl/client/secrets/client_key.pem cwc_api
Obtain the name of the CWC Pod in the cluster:
In this example, the CWC is in the spk-telemetry Project.
oc get pods -n spk-telemetry | grep f5-spk-cwc
In this example, the CWC Pod is named f5-spk-cwc-86d89c4548-fmwpl.
f5-spk-cwc-86d89c4548-fmwpl 2/2 Running
Obtain the IP address of the node the CWC Pod is scheduled on:
In this example, the CWC is in the spk-telemetry Project.
oc describe pod f5-spk-cwc-86d89c4548-fmwpl -n spk-telemetry | grep Node:
In this example, the CWC Pod is running on worker-0.ocp.f5.com with IP address 10.144.175.18.
Node: worker-0.ocp.f5.com/10.144.175.18
Edit the hosts file on your system, or setup DNS resolution mapping the node IP address to the CWC’s hostname:
Important: The CWC hostname is required for SSL/TLS certiicate validation.
10.144.175.18 f5-spk-cwc.<project>
In this example, the CWC is in the spk-telemetry Project.
10.144.175.18 f5-spk-cwc.spk-telemetry
License the cluster¶
Use the following steps to license the cluster.
Verify the current LicenseStatus of the CWC Pod, and obtain the
DigitalAssetID
used to license the cluster:curl --key cwc_api/client_key.pem --cert cwc_api/client_certificate.pem \ --cacert cwc_api/ca_certificate.pem https://f5-spk-cwc.spk-telemetry:30881/status
In this example, LicenseStatus shows Config Report Ready to Download, and the
DigitalAssetID
is b9270cae-5980-4c0e-bb44-f1948ff4b235.{"InitialRegistrationStatus":{"ClusterDetails":{"Name":"SPK Cluster"}, "LicenseDetails":{"DigitalAssetID":"b9270cae-5980-4c0e-bb44-f1948ff4b235", "EntitlementType":"paid"},"LicenseStatus":{"State":"Config Report Ready to Download"}},"TelemetryStatus":{}
Download the Config Report and copy/paste it into a text file:
curl --key cwc_api/client_key.pem --cert cwc_api/client_certificate.pem \ --cacert cwc_api/ca_certificate.pem https://f5-spk-cwc.spk-telemetry:30881/report
The command output should appear similar to this truncated example:
{"report": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXlsb2FkIjp7ImRv"}
Send the Config Report, including the { and } characters, to the F5 licensing server along with the DigitalAssetID and your unique JWT:
Important: The returned manifest is quite large, the command below captures the output to a file named manifest.txt.
curl -X POST https://product.apis.f5.com/ee/v1/entitlements/telemetry \ -H "Content-Type: application/json" \ -H "F5-DigitalAssetId: b9270cae-5980-4c0e-bb44-f1948ff4b235" \ -H "User-Agent: SPK" \ -H "Authorization: Bearer eyJhbGciOiJSUzUxMiIsInR5cCI6" \ -d '{"report": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwYXlsb2FkIjp7ImRv"}' > manifest.txt
View the contents of the returned manifest.txt file:
cat manifest.txt
The command output should resemble this truncated example:
{"manifest":"eyJhbGciOiJSUzUxMiIsImtpZCI6InYxIiwiamt1"}
Send only the Manifest string after the : character. Do not include the { and } or “ characters:
curl --key cwc_api/client_key.pem --cert cwc_api/client_certificate.pem \ --cacert cwc_api/ca_certificate.pem https://f5-spk-cwc.spk-telemetry:30881/receipt \ -d eyJhbGciOiJSUzUxMiIsImtpZCI6InYxIiwiamt1
Verify the cluster license status:
curl --key cwc_api/client_key.pem --cert cwc_api/client_certificate.pem \ --cacert cwc_api/ca_certificate.pem https://f5-spk-cwc.spk-telemetry:30881/status
The command output indicates the EntitlementType is paid and the LicenseExpiryDate is 2024-03-05. The LicenseExpiryInDays shows expiration occurs in 362 days.
{"Status":{"ClusterDetails":{"Name":"SPK Cluster"},"LicenseDetails":{"DigitalAssetID":"f06ae970-5b16-4fc1-894e-ce419b928cc9", "EntitlementType":"paid","LicenseExpiryDate":"2024-03-05T00:01:13Z","LicenseExpiryInDays":"362"}, "LicenseStatus":{"State":"Verification Complete"}},"TelemetryStatus": {"NextReport": {"StartDate":"2023-03-08 00:03:20.585513148 UTC m=+3093.980461514","EndDate":"2023-03-31 00:03:20 UTC", "State":"Telemetry In Progress"}
Note: License switching is only supported from SPK 1.9.0 onwards. For versions prior to SPK 1.9.0, to switch or renew the SPK license, you must uninstall the CWC, clean up the secrets, and then reinstall the CWC using the new JWT.
Next step¶
Continue to the SPK Controller installation guide.
Feedback¶
Provide feedback to improve this document by emailing spkdocs@f5.com.