Supported platforms and hardware requirements
Before you install License Service on the cluster, review the following installation requirements.
- Supported platforms
- Required resources
- Hyperthreading
- Cluster permissions
- Pod security policy for VMware Tanzu Kubernetes Grid
Supported platforms
License Service is supported on all Kubernetes-orchestrated clouds on Linux® x86_64, Linux on Power (ppc64le), Linux on IBM Z and LinuxONE on the following platforms:
- Red Hat® OpenShift® Container Platform 4.10 and later
- Kubernetes 1.19 and later
Required resources
By default, License Service is installed with the resource settings for large environments with up to 1000 pods and three IBM Cloud Paks®. License Service consists of two main components that require resources: the operator deployment and the application deployment. The following table shows the required resources for these components for the large environment:
CPU Request (m) | CPU Limit (m) | Memory Request (Mi) | Memory Limit (Mi) |
---|---|---|---|
200 | 500 | 256 | 1024 |
*where m stands for Millicores, and Mi for Mebibytes
If your environment is smaller than the default, you can change the limits and resources for the application deployment by editing the IBMLicensing instance. For more information, see Configuration.
The following table shows the available deployment profiles with the respective resource requirements for Linux x86_64.
Profile | Environment | CPU Limit (m) | Memory Limit (Mi) |
---|---|---|---|
small | 200 pods and 3 IBM Cloud Paks® | 200 | 850 |
medium | 500 pods and 3 IBM Cloud Paks® | 300 | 850 |
large | 1000 pods and 3 IBM Cloud Paks® | 500 | 1024 |
Note: If additional software, solution or plugin is deployed in your cluster that might require extra memory or CPU resources, for example Dynatrace, check the documentation of this product and add additional resources to prevent memory saturation.
Minimal resource requirements
Linux® x86_64 clusters
CPU Request (cores) | CPU Limit (cores) | Memory Request (GB) | Memory Limit (GB) |
---|---|---|---|
0.1 | 0.2 | 0.5 | 0.9 |
Linux® on Power® (ppc64le) clusters
CPU Request (cores) | CPU Limit (cores) | Memory Request (GB) | Memory Limit (GB) |
---|---|---|---|
0.1 | 0.3 | 0.3 | 0.6 |
Linux® on IBM® Z and LinuxONE clusters
CPU Request (cores) | CPU Limit (cores) | Memory Request (GB) | Memory Limit (GB) |
---|---|---|---|
0.1 | 0.2 | 0.3 | 0.4 |
Hyperthreading
License Service supports multiple threads per physical core also referred to as Simultaneous multithreading (SMT) or Hyper-Threading (HT).
For more information about how to enable hyperthreading in License Service, and examples, see Hyperthreading.
Cluster permissions
The IBM License Service operator requires certain cluster-level permissions to perform the main operations. These permissions are closely tracked and documented so that users can understand any implications that they might have on other workloads in the cluster.
API group | Resources | Verbs | Description |
---|---|---|---|
" " | pods namespaces nodes |
Get List |
The cluster permissions for the ibm-license-service service account are read-only access permissions that are required to properly discover the running IBM applications to report license usage of the Virtual
Processor Core (VPC) and Processor Value Unit (PVU) metrics. |
apps | deployments | Get List |
Read-only access permissions are required to properly discover the status of the deployments, and avoid miscalculations of license usage while upgrading the applications. |
operator.openshift.io | servicecas | List | These permissions are required to generate the TLS certificate for License Service. |
operator.ibm.com | ibmlicensings ibmlicenseservicereporters ibmlicensings/status ibmlicenseservicereporters/status ibmlicensings/finalizers ibmlicenseservicereporters/finalizers |
Create Delete Get List Patch Update Watch |
The cluster permissions for the ibm-licensing-operator service account are required to properly manage the status of the IBM License Service operator. |
Pod security policy for VMware Tanzu Kubernetes Grid
Before you deploy License Service on VMware Tanzu Kubernetes Grid, you need the ClusterRoleBinding to run a privileged set of workloads.
To check whether you have the proper policy in place, run the following command:
kubectl get clusterrolebinding default-tkg-admin-privileged-binding
If you do not have the proper policy in place, you can apply it, for example, by running the following command:
kubectl create clusterrolebinding default-tkg-admin-privileged-binding --clusterrole=psp:vmware-system-privileged --group=system:authenticated
For more information, see Using Pod Security Policies with Tanzu Kubernetes Clusters and Example Role Bindings for Pod Security Policy in VMware documentation.