Kubernetes QuickStart Deployment

This section provides information to set up a basic, pilot non-production Kubernetes cluster fairly quickly to use to host a non-production Sametime Meeting server.

Before you begin

  • Download Docker CE.
  • Download Kubernetes v1.16.0 or later with an ingress controller. System should be resolvable in DNS and hostname should be set correctly:
    hostnamectl status 
        hostnamectl set-hostname meetings.company.com

    The following steps support ingress install on 1.16 through 1.19 and are not compatible with later versions of K8S. If using a later version of K8S you will need to manually deploy ingress to match your version. Follow instruction at inatallation Guide for example, if you want ot nginx ingress controller.

  • Swap should be disabled:
    sed -i '/swap/ s/^/# /' /etc/fstab
Note: For Kubernetes QuickStart (single node) installations, comment out the following entries in values.yaml before starting the environment.
# recorderNodeRole: recorder
# videoNodeRole: video
# mainNodeRole: main

About this task

To set up a Kubernetes non-production, single-node cluster running on a CentOS7 or RHEL 7 box, complete the steps in this procedure. When you're done, follow the procedure Installing Sametime Meetings with Kubernetes to install a non-production Sametime Meeting server.

  1. Prepare the Linux system.
    • Verify that the system can be resolved by DNS:
      hostnamectl status
    • Verify if the host name is set correctly:
      hostnamectl set-hostname meetings.company.com
    • Disable swap:
      sed -i '/swap/ s/^/# /' /etc/fstab
  2. Enter the following commands to install Docker CE:
    yum install -y yum-utils device-mapper-persistent-data lvm2
    yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
    yum install -y docker-ce
    mkdir /etc/docker
    cat > /etc/docker/daemon.json <<EOF
    {
    "exec-opts": ["native.cgroupdriver=systemd"],
    "log-driver": "json-file",
    "log-opts": {
    "max-size": "100m"
    },
    "storage-driver": "overlay2",
    "storage-opts": [
    "overlay2.override_kernel_check=true"
    ]
    }
    EOF
    mkdir -p /etc/systemd/system/docker.service.d
    systemctl daemon-reload
    systemctl enable docker
    systemctl restart docker
  3. Enter the following commands to install Kubernetes:
    cat <<EOF > /etc/sysctl.d/k8s.conf
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1
    EOF
    sysctl --system
    cat <<EOF > /etc/yum.repos.d/kubernetes.repo
    [kubernetes]
    name=Kubernetes
    baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
    enabled=1
    gpgcheck=1
    repo_gpgcheck=1
    gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    EOF
    setenforce 0
    sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
    yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
    systemctl enable --now kubelet
  4. Enter the following commands to create the internal Kubernetes cluster network and untaint the master node :
    Note: The following commands creates the network 192.168.0.0/16. If you already use this network in your DMZ, specify a different network.
    export POD_CIDR=192.168.0.0/16
    kubeadm init --pod-network-cidr=$POD_CIDR
    mkdir -p $HOME/.kube
    cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
    chown $(id -u):$(id -g) $HOME/.kube/config
    kubectl taint nodes --all node-role.kubernetes.io/master-
  5. Enter the following commands to install Calico 3.9:
    kubectl apply -f https://docs.projectcalico.org/v3.9/manifests/calico.yaml
    curl -O https://docs.projectcalico.org/v3.9/manifests/calico.yaml
    sed -i -e "s?192.168.0.0/16?$POD_CIDR?g" calico.yaml
    kubectl apply -f calico.yaml
  6. Enter the following commands to install Helm:
    curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
  7. Enter the following command to verify the configuration:
    # kubectl get pods -n kube-system
        The output should look similar to the following: 
        NAME                                       READY   STATUS    RESTARTS   AGE
        calico-kube-controllers-6b9d4c8765-8tlsb   1/1     Running   0          5m55s
        calico-node-4wwff                          1/1     Running   0          5m55s
        coredns-6955765f44-79g6n                   1/1     Running   0          7m5s
        coredns-6955765f44-lns5m                   1/1     Running   0          7m5s
        etcd-xxx.xxx.xxx                           1/1     Running   0          6m52s
        kube-apiserver-xxx.xxx.xxx                 1/1     Running   0          6m52s
        kube-controller-manager-xxx.xxx.xxx        1/1     Running   0          6m52s
        kube-proxy-2mtg5                           1/1     Running   0          7m5s
        kube-scheduler-xxx.xxx.xxx                 1/1     Running   0          6m52s
  8. Enable Ingress, which Sametime Meetings requires to allow inbound web traffic:
    Note: The following steps support ingress install on 1.16 through 1.19 and are not compatible with later versions of K8S. If using a later version of K8S, you need to manually deploy ingress to match your version. Follow the instructions at Installation Guide for example, if you want an nginx ingress controller. Refer to the article, Installing HCL Sametime Meetings 11.6 IF1 on newer versions of Kubernetes for more details.
    1. If not done already, download and extract sametime_meetings.zip from Flexnet.
    2. Run the following command from the directory that contains the extracted files:
      kubectl apply -f kubernetes/ingress/mandatory.yaml
    3. To apply custom certificates to your ingress controller, obtain the certificate(s) and private key. Then, run the following command to configure the ingress to use them. For KEY_FILE specify the private key file and for CERT_FILE specify the certificate(s) file.
      export CERT_NAME=ingress-tls-cert
      export KEY_FILE=privkey.pem
      export CERT_FILE=fullchain.pem
      kubectl -n ingress-nginx create secret tls ${CERT_NAME} --key ${KEY_FILE} --cert ${CERT_FILE}
      kubectl patch deployment nginx-ingress-controller -n ingress-nginx --patch "$(cat kubernetes/ingress/nginx-tls-patch.yaml)"

      To apply, you will need to restart the ingress controller:

      kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=0
                        kubectl scale deployment nginx-ingress-controller -n ingress-nginx --replicas=1
  9. To enable enable EFK (Elasticsearch, Fluentd, Kibina) stack global logging:
    1. Run the following commands from the directory where you extracted sametime_meetings.zip to enable global logging on the system.
      kubectl create namespace logging
      kubectl create -f kubernetes/logging/elastic.yaml -n logging
      kubectl create -f kubernetes/logging/kibana.yaml -n logging
      kubectl create configmap fluentd-conf --from-file=kubernetes/logging/kubernetes.conf --namespace=kube-system
      kubectl create -f kubernetes/logging/fluentd-daemonset-elasticsearch-rbac.yaml 
    2. To access logs, run the following commands:
      # kubectl get service -n logging
      The output should look similar to the following:
              NAME            TYPE       CLUSTER-IP       EXTERNAL-IP        PORT(S)           AGE
              elasticsearch   NodePort   10.102.149.212   <none>        9200:30531/TCP       17m
              kibana          NodePort   10.106.226.34    <none>        5601:32683/TCP       74s

      The IP:port 10.106.226.34 in the example above is where kibana may be accessed. You must tunnel to that port via SSH -L 5601:10.106.226.34:32683 or use kube-proxy or some other ingress mechanism to access from a remote machine.

  10. To enable monitoring with Prometheus:
    1. Run the following commands from the directory where you extracted sametime_meetings.zip:
      
      helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
      kubectl create namespace monitoring
      helm install -n monitoring prometheus --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false prometheus-community/kube-prometheus-stack
      Note: If auto scaling is not needed and the necessary Kubernetes APIs for monitoring with Prometheus are not configured, you must delete the following files:
      • helm/charts/jibri/templates/recorder-servicemonitor.yaml
      • helm/charts/video/templates/video-servicemonitor.yaml
      This causes the service monitors not to be included in the install process.
    2. To access the dashboards, run the following command:
      # kubectl get service -n monitoring
      The output should look similar to the following: 
              NAME                    TYPE        CLUSTER-IP     EXTERNAL-IP       PORT(S)                      AGE
              alertmanager-main       ClusterIP   10.102.208.148   <none>         9093/TCP                     3m28s
              alertmanager-operated   ClusterIP   None             <none>         9093/TCP,9094/TCP,9094/UDP   3m28s
              grafana                 ClusterIP   10.99.202.138    <none>         3000/TCP                     3m27s
              kube-state-metrics      ClusterIP   None             <none>         8443/TCP,9443/TCP            3m27s
              node-exporter           ClusterIP   None             <none>         9100/TCP                     3m27s
              prometheus-adapter      ClusterIP   10.96.21.117     <none>         443/TCP                      3m26s
              prometheus-k8s          ClusterIP   10.108.84.189    <none>         9090/TCP                     3m26s
              prometheus-operated     ClusterIP   None             <none>        9090/TCP                     3m26s
              prometheus-operator     ClusterIP   None             <none>        8443/TCP       

      The IP(s):port(s) 10.108.84.189:9090, 10.102.208.148:9093, 10.99.202.138:3000 are the respective dashboards for Prometheus, Alertmanager, and Grafana. You must tunnel to those ports via SSH -L 9090:10.108.84.189:9090 -L 10.102.208.148:9093 -L 3000:10.99.202.138:3000 or use kube-proxy or some other ingress mechanism to access from a remote machine.

What to do next

Installing Sametime Meetings with Kubernetes