Planning for a Kubernetes cluster configuration
When installing Sametime in a Kubernetes cluster, there are several considerations, some are a prerequisite to installing Sametime. Sametime can also be installed into the same Kubernetes cluster as other products, for example, MongoDB as long as the system requirements are met.
- role:main
- role:video
The video node runs the video pods only. This allows the video pod full access to the machine. A video node is reached from clients by NodePort, directly to its Public IP address. There is no load balancer or service requirement for inbound media traffic, as the media traffic is addressed to the specific video bridge where the meeting is active. The machine type must be suitable for media, with a minimum of 4 CPU and 16GB of RAM. When creating the node, pool autoscaling must be enabled. The Sametime autoscaler uses CPU utilization to determine when to bring up more nodes. For guidance on how many nodes to include in the video node pool, contact HCL
Availability zones for resiliency
If you are installing Sametime into a cloud hosted Kubernetes environment, such as Google Kubernetes Engine, or Amazon Elastic Kubernetes Service, consider creating nodes in more than one availability zone. This provides some additional resiliency if the cloud provider has an outage in a particular data center, having nodes in a different zone allow a fail over event to take place.
Namespaces
kubectl -n sametime get pods
To see
a list of namespaces that are configured, issue the following command:
kubectl get namespaces
For additional information, see Namespace topic in the Kubernetes documentation.
Network
- Node
- A node is the virtual machine or hardware running the Kubernetes cluster, it hosts the pods that run the Sametime workloads. A node has an IP address in the node IP range, it will have both an internal IP address and an external IP address. Video nodes are reached by end users from their public IP address directly to the node’s external IP address.
- Pod
- A pod is a Kubernetes based workload, which has one or more containers inside. These are stateless in Sametime which means they have a defined life cycle and they do not persist. Each pod has its own unique cluster-wide IP address which changes as the pods are scaled. Typical container-to-container communications between pods on the same host are normally permitted without any additional configuration. For example, the community pod communicating to the proxy pod.
- Service
- A Kubernetes service is used by Sametime to expose various components running in pods outside the cluster. It provides a single endpoint to multiple back-ends. Kubernetes services have their own IP address range that is separate from the node IP and pod IP ranges. This provides a consistent IP address as a front-end since the IP addresses for pod change frequently. There are different types of services in Kubernetes, Sametime uses the LoadBalancer type service which directs traffic to back-end pods, each cloud provider has its own implementation of this and some cloud providers have more features than others.
- Network Address Translation (NAT)
- If you cannot permit your firewall to allow the entire pod IP address range, consider deploying a Network Address Translation (NAT). A source NAT can replace the source IP address on a packet. Note that each Kubernetes cloud provider has its own implementation and features for NAT. For an overview, see the Using Source IP topic in the Kubernetes documentation.
Storage
When you create a persistent volume there is a certain type of access mode associated with it. If you have more than one node in the main node pool, be sure to use read-write-many (RWX) access mode, this allows for more than one node to access the volume at a time. If you only have one main node in the node pool, the standard read-write-once access (RWO) is sufficient.
- Files
- Users can upload files to chats in any of the clients including meetings. They are stored in the PV and are retained for 90 days (configurable).
- Backgrounds
- Users can upload their own virtual backgrounds to be used when they enable their video. These images are stored in the PV.
- Recordings
- Recordings are saved as MP4 files, and vary in size depending on duration.
- Reports
- When meeting reports are enabled, PDFs are saved in the PV containing the report.
Monitoring and logging
The Grafana dashboards shipped with Sametime provides multiple types of statistics. You can also deploy Elasticsearch, Fluentd and Kibana (EFK stack) to aggregate the logs and make them indexable. This is helpful to produce your own statistics, if the Grafana dashboard does not have the statistics you need. It can also aid in troubleshooting because the logs can be written to a PV outside of the pods. If the logs are not configured to be written to a PV using the EFK stack, then the logs are part of the pods and are lost when the pods are scaled. If you deploy the EFK stack, it has its own persistent volume separate from the Sametime pods.
While these tools are helpful, they do not provide proactive monitoring to alert the administrator of problems. Other products can be used for monitoring such as: Panopta or New Relic.
Container registry
The Sametime container images can be stored and retrieved from a public or private container registry. Using a registry might require authenticated access or keys. The Sametime server authenticates with the container registry using a Kubernetes secret. The secret must be created prior to installing Sametime. During the install process container images are pushed to the container registry by running the load.sh script. The container images are retrieved by the pods when the pod is initialized. For additional information, see the Using a private registry topic in the Kubernetes documentation.
MongoDB
MongoDB is deployed separately from Sametime and can be deployed as a standalone virtual machine (VM), a cluster installed on VMs, or a Kubernetes cluster. MongoDB has options for both running your own Kubernetes cluster or a cloud hosted cluster. These options might require an enterprise license. For more information or questions about licensing, contact a MongoDB representative. Contact information can be found on the MongoDB, Inc website.
MongoDB can be also be installed into the same Kubernetes cluster as Sametime. Ensure that you allow for additional capacity if installing into the same node pool as the main node pool, or you can dedicate a node pool to MongoDB.