Hardware Key Support

as of v1 5 0 the floating server supports using hardware keys (yubikey) as a license protection method if a license requires the usage of a hardware key a valid provisioned key must be accessible from the pod running the floating server limitations only one replica running at the same time no ha support as of now the pod running the floating server is tied to the node which has the key connected requirements kubernetes node in which a yubikey can be inserted if running in a vm, the hypervisor must have usb passthrough support and configured a way to passthrough the hardware key to the pod running the floating server akri https //docs akri sh/ generic device plugin https //github com/squat/generic device plugin general getting the udev information for the device first get the device bus and device id with lsusb combine them into /dev/bus/usb/\<bus id>/\<device id> using udevadm get the atribbutes for the device udevadm info attribute walk path=$(udevadm info query=path /dev/bus/usb/\<bus id>/\<device id>) usually for yubikeys these attributes are enough but results may vary depending on system subsystem=="usb", attr{idproduct}=="0407", attr{idvendor}=="1050" setting up the floating server helm chart for use with a hardware key set values hardwarekeysupport = true disables replicas, values for values replica will be ignored and set to 1 example akri plugin install and configure akri with udev discovery https //docs akri sh/user guide/getting started add a udev rule for yubikey as a separate configuration or as part of the helm chart values (examples 1 2 below) add the akri flags to values resoruces limits and values resources requirments example 1 akri configmap yaml apiversion akri sh/v0 kind configuration metadata name akri yubikey # name we later use to get the resource spec capacity 1 discoveryhandler discoverydetails | grouprecursive true # recommended unless using very exact udev rules udevrules \# udev attributes we gathered from udevadm \ subsystem=="usb", attr{idproduct}=="0407", attr{idvendor}=="1050" name udev example 2 setting udev rules via helm values akri chart udev configuration \# enabled defines whether to load a udev configuration enabled true \# name is the kubernetes resource name that will be created for this \# udev configuration name akri yubikey \# brokerproperties is a map of properties that will be passed to any instances \# created as a result of applying this udev configuration discoverydetails \# grouprecursive defines whether to group discovered parent/children under the same instance grouprecursive true \# udevrules is the list of udev rules used to find instances created as a result of \# applying this udev configuration udevrules \ subsystem=="usb", attr{idproduct}=="0407", attr{idvendor}=="1050" example 3 resource values for floating server chart hardwarekeysupport true resources requests cpu 50m memory 64mi akri sh/akri yubikey "1" limits \# cpu 200m \# memory 256mi akri sh/akri yubikey "1"