Skip to main content
Calico Cloud Pro documentation

License metrics

Big picture

Use the Prometheus monitoring and alerting tool to get Calico Cloud license metrics.

Value

Platform engineering teams need to report licensing usage on third-party software (like Calico Cloud) for their CaaS/Kubernetes platforms. This is often driven by compliance, but also to mitigate risks from license expiration or usage that may impact operations. For teams to easily access these vital metrics, Calico Cloud provides license metrics using the Prometheus monitoring and alerting tool.

Concepts

About Prometheus

The Prometheus monitoring tool scrapes metrics from instrumented jobs and displays time series data in a visualizer (such as Grafana). For Calico Cloud, the “jobs” that Prometheus can harvest metrics from the License Agent component.

About License Agent

The License Agent is a containerized application that monitors the following Calico Cloud licensing information from the Kubernetes cluster, and exports the metrics through the Prometheus server:

  • Days till expiration
  • Nodes available
  • Nodes used

FAQ

How long does it take to get a new Calico Cloud license?
After you submit a sales purchase order to Tigera, 1-2 days.

Is there a grace period?
No.

Does the web console display license expiration? Yes. The license indicator in the web console (top right banner) turns red when the license expires.

expiration

What happens when a license expires or is invalid?
Users can log in to the web console with read/access for all previously-created resources, but they cannot create any new Calico Cloud resources. The web console may appear to function, but actions will not be applied; so it is important to proactively managed your license.

What happens if I add nodes beyond what I'm licensed for?

  • Node limits are not currently enforced
  • All Calico Cloud features still work

How do I get information about my license? Monitor the expiration date?

How to

Add license agent in your Kubernetes cluster

To add the license-agent component in a Kubernetes cluster for license metrics, install the pull secret and apply the license-agent manifest.

  1. Create a namespace for the license-agent. 
     kubectl create namespace tigera-license-agent
  2. Install your pull secret. 
     kubectl create secret generic tigera-pull-secret \
       --type=kubernetes.io/dockerconfigjson -n tigera-license-agent \
       --from-file=.dockerconfigjson=<path/to/pull/secret>
  3. Apply the manifest. 
     kubectl apply -f https://downloads.tigera.io/ee/v3.21.0-1.0/manifests/licenseagent.yaml

Create alerts using Prometheus metrics

In the following example, an alert is configured when the license expiry is fewer than 15 days.

apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: calico-prometheus-license
  namespace: tigera-prometheus
  labels:
    role: tigera-prometheus-rules
    prometheus: calico-node-prometheus
spec:
  groups:
    - name: tigera-license.rules
      rules:
        - alert: CriticalLicenseExpiry
          expr: license_number_of_days < 15
          labels:
            severity: Warning
          annotations:
            summary: 'Calico Enterprise License expires in less than 15 days'
            description: 'Calico Enterprise License expires in less than 15 days'
note

If the Kubernetes api-server serves on any port other than 6443 or 443, add that port in the Egress policy of the license agent manifest.

Additional resources