Update Confluent Platform License

You can use Confluent for Kubernetes (CFK), Kafka, and Confluent Control Center for a 30-day trial period without a license key. After 30 days, Confluent for Kubernetes and Confluent components require license keys. See Confluent Platform Licenses for information about Confluent licenses, including types of licenses.

Important

When you update the global or component license, restart the components that use the license so that the license change propagates to the component.

Update CFK global license

The CFK configures the global license key for Confluent components.

  1. To add or update the CFK license key, navigate to the directory that has the downloaded CFK bundle. Navigate to the helm sub-directory and run the following command:

    helm upgrade --install confluent-operator ./confluent-for-kubernetes \
       --set licenseKey=<CFK license key>
    

    When the above command runs, the confluent-operator-licensing secret is created with the license.txt and publicKey.pem files:

    • license.txt contains the <CFK license key> you specified in the command.
    • publicKey.pem contains the public key used to validate the signed license. This key is only used by CFK and is not used by Confluent Platform components.
  2. To use the global license set in CFK:

    1. Set spec.license.globalLicense: true in the component custom resource (CR).

      The following is a CR snippet:

      spec:
        license:
          globalLicense: true
      
    2. Apply the component CR change:

      kubectl apply -f <component CR> --namespace <namespace>
      
    3. Restart the updated component to use the global license.

When using the global license, CFK creates the confluent-operator-licensing and internal-confluent-operator-licensing Secrets. The Secrets are used by Confluent Platform components and should not be deleted.

Update component-level licenses

You can configure the license structure at the CR-level which takes precedence over license configured by CFK.

The CR-level license can be provided either through a Kubernetes Secret (secretRef) or through Vault (directoryPathInContainer).

The license.txt file is required to be present either in the secretRef or directoryPathInContainer path.

If both secretRef or directoryPathInContainer is configured, directoryPathInContainer takes the precedence.

License key in Kubernetes Secret

To provide a component license key using a Kubernetes Secret:

  1. Create the license.txt file with license=<your license key>:

    echo -n "license=<your license key>" > license.txt
    
  2. Create a Kubernetes Secret for the license.txt file. --from-file=license.txt= should be included in the command:

    For example, with the license.txt file in the current directory:

    kubectl create secret generic confluent-license \
      --from-file=license.txt=./license.txt \
      --namespace <namespace>
    
  3. Set the Secret name in the component CR. Using the previous example:

    spec:
      license:
        secretRef: confluent-license
    
  4. Apply the component CR change:

    kubectl apply -f <component CR> --namespace <namespace>
    
  5. Roll the component cluster to apply the license change.

    1. Find the name of the StatefulSet corresponding to the Confluent Platform cluster you want to restart:

      kubectl get statefulset --namespace <namespace>
      
    2. Using the StatefulSet name, <name-of-statefulset>, from the previous step, roll the cluster:

      kubectl rollout restart statefulset/<name-of-statefulset> \
        --namespace <namespace>
      

License key in Vault

To provide a component license key using a Vault:

  1. Install and configure Vault.

  2. Create the license.txt file with license=<your license key>:

    echo -n "license=<your license key>" > license.txt
    
  3. Write license.txt to Vault. For example:

    cat ./license.txt | \
      vault kv put /secrets/license.txt license=-
    
  4. Set the Secret name in the component CR. Using the previous example:

    spec:
      license:
        directoryPathInContainer: /vault/secrets
    
  5. Apply the component CR change:

    kubectl apply -f <component CR> --namespace <namespace>
    
  6. Roll the component cluster to apply the license change.

    1. Find the name of the StatefulSet corresponding to the Confluent Platform cluster you want to restart:

      kubectl get statefulset --namespace <namespace>
      
    2. Using the StatefulSet name, <name-of-statefulset>, from the previous step, roll the cluster:

      kubectl rollout restart statefulset/<name-of-statefulset> \
        --namespace <namespace>