Skip to main content
Version: v4.8 Stable

With Offline License Server

Enterprise
Available in these plansFreeDevProdScale
Air-Gapped ModeAdd-OnAdd-OnAdd-On

This guide explains how to deploy the offline license server and expose it through an ingress. It also covers configuring vCluster Platform with LICENSE_SERVER and exporting usage data.

Overview

The offline license server runs inside your cluster and handles license validation locally. Use this approach instead of an offline license key when you need:

  • Usage tracking and data export
  • A dedicated in-cluster service for license validation without external connectivity

The license server stores state in PostgreSQL (embedded or external) and exposes a /license/v2 API endpoint that vCluster Platform calls for license checks.

Prerequisites

  • Kubernetes 1.28+
  • Helm 3+
  • An offline license key provided by vCluster Labs

Deploy the license server

Use this option to run PostgreSQL as part of the Helm deployment. For production deployments, use an externally managed PostgreSQL.

Create namespace and secret
kubectl create namespace license-server

kubectl create secret generic license-server-config \
  --namespace license-server \
  --from-literal=postgres-password='my-password' \
  --from-literal=static-api-key='<your-static-api-key>' \
  --from-literal=offline-license-key='<your-offline-license-key>'
Install license server with embedded PostgreSQL
helm install license-server license-server \
  --repo https://charts.loft.sh \
  --namespace license-server \
  --set postgresql.enabled=true \
  --set existingSecret=license-server-config
tip

<your-static-api-key> can be any value you choose. It's used to export usage data later.

License server endpoint

The license server API base path is /license/v2.

Use one of these endpoint styles depending on your network setup:

  • In-cluster: http://license-server.license-server.svc.cluster.local/license/v2
  • Ingress or load balancer: https://<license-server-host>/license/v2

Expose the license server via ingress

If the platform doesn't run in the same Kubernetes cluster as the license server, or you want a stable DNS endpoint, expose the license server through an ingress.

Install with ingress enabled
helm install license-server license-server \
  --repo https://charts.loft.sh \
  --namespace license-server \
  --set postgresql.enabled=true \
  --set existingSecret=license-server-config \
  --set ingress.enabled=true \
  --set ingress.className=nginx \
  --set ingress.hosts[0].host=license-server.example.com \
  --set ingress.hosts[0].paths[0].path=/ \
  --set ingress.hosts[0].paths[0].pathType=Prefix

Your platform should target:

  • http://license-server.example.com/license/v2 or https://license-server.example.com/license/v2 (based on your ingress setup)

Configure vCluster Platform to use the offline license server

Set the platform environment variable LICENSE_SERVER to your license server base URL including /license/v2.

vcluster-platform.yaml
env:
  LICENSE_SERVER: "https://license-server.example.com/license/v2"

If the platform can reach the service directly in-cluster:

vcluster-platform.yaml (in-cluster service endpoint)
env:
  LICENSE_SERVER: "http://license-server.license-server.svc.cluster.local/license/v2"

If your license server endpoint uses a self-signed certificate, set insecureSkipVerify: true in the platform Helm values:

vcluster-platform.yaml (self-signed certificate)
env:
  LICENSE_SERVER: "https://license-server.example.com/license/v2"

insecureSkipVerify: true

Apply the updated values through your normal upgrade flow (for example, helm upgrade).

Export usage data

If you included static-api-key in license-server-config, you can export usage data from the license server:

curl -X GET -H "Authorization: Bearer <KEY>" https://my-license-server.com/license/v2/instance/usage/export -o usage.csv

Uninstall

helm uninstall license-server --namespace license-server