📙 You will learn
How to change a ThreadFix license with Kubernetes.
Prerequisites
Audience: IT Professional
Difficulty: Intermediate
Time needed: Approximately 10 minutes
Tools required: See Pre-requisites list below
Pre-requisites list:
ThreadFix instance running in Kubernetes
kubectl access to Kubernetes cluster
Helm version greater than 3.2
Enter the following commands on a command line to perform the described action.
There are two ways to apply a license to ThreadFix running in Kubernetes, through a Kubernetes secret or a Helm value. Follow the appropriate section for the current installation method. If unsure of which method is currently being used, run the following command.
| Code Block |
|---|
helm get values $(helm ls | grep threadfix | awk '{print $1}') | grep -E '^"?threadfix\.license' >> /dev/null && echo 'Helm Value' || echo 'Kubernetes Secret' |
Kubernetes Secret
Follow this section if managing a ThreadFix license with a manually created Kubernetes Secret.
Copy the new ThreadFix license to the current working directory with the name
threadfix.license.Get the current ThreadFix license secret name.
Code Block TF_LICENSE_SECRET=$(kubectl get deploy -l app.kubernetes.io/name=auth,app.kubernetes.io/part-of=threadfix -o jsonpath='{ .items[].spec.template.spec.volumes[?(@.name=="tf-license")].secret.secretName }')Backup the current ThreadFix license.
Code Block kubectl get secret $TF_LICENSE_SECRET -o go-template='{{ index .data "threadfix.license" }}' | base64 -d > threadfix.license.bakRemove the current license from the Kubernetes cluster.
Code Block kubectl delete secret $TF_LICENSE_SECRET
Create a new license secret.
Code Block kubectl create secret generic $TF_LICENSE_SECRET --from-file=threadfix.license=threadfix.license
Restart all ThreadFix containers.
Code Block for name in $(kubectl get deploy -l app.kubernetes.io/part-of=threadfix -o jsonpath='{.items[*].metadata.name}'); do kubectl rollout restart deploy $name; done
Helm Value
Use this method if managing the ThreadFix license from the user’s values file.
Get the Helm release name for the ThreadFix instance.
Code Block TF_RELEASE=$(helm ls | grep threadfix | awk '{print $1}')Get the current installed version of ThreadFix.
Code Block TF_VERSION=$(helm ls --filter "$TF_RELEASE" | grep -o 'threadfix-[Az0-9\.\-]*' | sed 's|threadfix-||g')
Export the currently installed Helm values.
Code Block helm get values $TF_RELEASE > currentValues.yaml
Backup values to a separate file.
Code Block cp currentValues.yaml currentValues.yaml.bak
Add the new license to myValuescurrentValues.yaml by performing the following:
Open the myValuescurrentValues.yaml file with a text editor.
Navigate to the item named "threadfix.license".
Replace the lines after "threadfix.license" with the content of the new ThreadFix license.
Indentation is important for this file to render correctly. Ensure that the new content
adheres to the same indentation as the previous item.
Save this file.
Update the ThreadFix Helm installation.
Code Block helm upgrade --no-hooks $TF_RELEASE denimgroup/threadfix --version $TF_VERSION -f currentValues.yaml
If not using 'denimgroup/threadfix' as the chart name, this value must be changed to the location of the ThreadFix chart. Use helm search repo threadfix to find the correct chart name.
If the new license does not apply after a few minutes, restart ThreadFix deployments.
Code Block for name in $(kubectl get deploy -l app.kubernetes.io/part-of=threadfix -o jsonpath='{.items[*].metadata.name}'); do kubectl rollout restart deploy $name; done
https://threadfix.it/ | www.denimgroup.com
© Copyright 2020 Denim Group, LTD. All Rights Reserved.
Table of
contentsContents
| Table of Contents |
|---|