> For the complete documentation index, see [llms.txt](https://docs.licensespring.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.licensespring.com/floating-server/floating-server-v1/deployment-methods/kubernetes-helm/hardware-key-support.md).

# Hardware Key Support

As of v1.5.0 the Floating Server supports using hardware keys (Yubikey) as a license protection method. If a license requires the usage of a hardware key a valid provisioned key must be accessible from the Pod running the floating server.

### Limitations

* Only one replica running at the same time - no HA support as of now
* The pod running the floating server is tied to the node which has the key connected

### Requirements

* Kubernetes node in which a yubikey can be inserted.\
  If running in a VM, the hypervisor must have USB passthrough support and configured.
* A way to passthrough the hardware key to the pod running the floating server.\
  Akri <https://docs.akri.sh/>\
  Generic Device Plugin <https://github.com/squat/generic-device-plugin>

### General

**Getting the udev information for the device.**

{% stepper %}
{% step %}

### Identify the device on the USB bus

First get the device bus and device ID with `lsusb`.
{% endstep %}

{% step %}

### Build the device path

Combine them into `/dev/bus/usb/<bus_id>/<device_id>`.
{% endstep %}

{% step %}

### Query udev attributes

Using `udevadm` get the attributes for the device:

```bash
udevadm info --attribute-walk --path=$(udevadm info --query=path /dev/bus/usb/<bus_id>/<device_id>)
```

Usually for Yubikeys these attributes are enough. But results may vary depending on system.

Example attribute match: `SUBSYSTEM=="usb", ATTR{idProduct}=="0407", ATTR{idVendor}=="1050"`
{% endstep %}
{% endstepper %}

**Setting up the floating server helm chart for use with a hardware key**

* Set `.Values.hardwareKeySupport = true` — disables replicas, values for `.Values.replica` will be ignored and set to 1

### Example - Akri plugin

{% stepper %}
{% step %}
Install and configure Akri with udev discovery:\
<https://docs.akri.sh/user-guide/getting-started>
{% endstep %}

{% step %}
Add a udev rule for Yubikey as a separate configuration or as part of the helm chart values. (Examples below)
{% endstep %}

{% step %}
Add the akri flags to `.Values.resources.limits` and `.Values.resources.requirments`
{% endstep %}
{% endstepper %}

#### Example 1 - akri configmap

{% code title="akri-yubikey-configuration.yaml" %}

```yaml
apiVersion: akri.sh/v0
kind: Configuration
metadata:
  name: akri-yubikey # Name we later use to get the resource
spec:
  capacity: 1
  discoveryHandler:
    discoveryDetails: |
      groupRecursive: true # Recommended unless using very exact udev rules
      udevRules:
      # udev attributes we gathered from udevadm
       - SUBSYSTEM=="usb", ATTR{idProduct}=="0407", ATTR{idVendor}=="1050"
    name: udev
```

{% endcode %}

#### Example 2 - setting udev rules via helm values - akri chart

{% code title="values.yaml (akri)" %}

```yaml
udev:
  configuration:
    # enabled defines whether to load a udev configuration
    enabled: true
    # name is the Kubernetes resource name that will be created for this
    # udev configuration
    name: akri-yubikey
    # brokerProperties is a map of properties that will be passed to any instances
    # created as a result of applying this udev configuration
    discoveryDetails:
      # groupRecursive defines whether to group discovered parent/children under the same instance
      groupRecursive: true
      # udevRules is the list of udev rules used to find instances created as a result of
      # applying this udev configuration
      udevRules:
        - SUBSYSTEM=="usb", ATTR{idProduct}=="0407", ATTR{idVendor}=="1050"
```

{% endcode %}

#### Example 3 - resource values for floating server chart

{% code title="values.yaml (floating server)" %}

```yaml
hardwareKeySupport: true

resources:
  requests:
    cpu: 50m
    memory: 64Mi
    akri.sh/akri-yubikey: "1"
  limits:
   # cpu: 200m
   # memory: 256Mi
    akri.sh/akri-yubikey: "1"
```

{% endcode %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.licensespring.com/floating-server/floating-server-v1/deployment-methods/kubernetes-helm/hardware-key-support.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.