LV Containers Quick Start (kubeadm)

Clients wanting to perform an on-premises Kubernetes installation can follow these steps for Linux (Some steps may differ to various Linux installations). This makes use of kubeadm to simply the installation process for clients.

Hardware requirements

The minimum server requirements are as follows:

• Linux OS (ubuntu, redhat  linux, centos, Darwin and rocky linux)
• CPU – 8 CPU Cores
• Memory – 16 GB Memory
• Boot Disk – 250 GB

Getting started

Access the following page GitHub - lumenvox/containers-quick-start: Setup scripts for LumenVox Containers to obtain the required installation files, steps, prerequisites, and supported environments. 

Once the required operating environment has been set up the following steps can be followed by running the following in the command line:

Install LumenVox Containers Repo

git clone https://github.com/lumenvox/containers-quick-start.git
cd containers-quick-start/

Generate SSL Certificate

openssl genrsa -out server.key 2048
openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 -addext "subjectAltName = DNS:lumenvox-api.testmachine.com, DNS:biometric-api.testmachine.com, DNS:management-api.testmachine.com, DNS:reporting-api.testmachine.com, DNS:admin-portal.testmachine.com, DNS:deployment-portal.testmachine.com"

The subject alternative name can be specific to the customers environment.

Grant execute permissions to scripts

chmod +x *.sh

Perform Installation

Edit values.yaml file as per installation requirements.

./lumenvox-control-install.sh values.yaml server.key server.crt (use command as is)

Document the passwords created for redistribution, RabbitMQ, mongo and Postgres as these will be used later to create the deployment. 

The following is an example of the values.yaml file 

# kubeadm basic values


global:
  licensing:
  # Note: licensing (and therefore system) will not work without a valid clusterGuid value
    clusterGuid: "<lumenvox-to-provide-cluster-guid>"
  defaultNamespace: "lumenvox"
  hostnameSuffix: ".testmachine.com"
  lumenvox:
    ingress:
      className: nginx
    loggingVerbosity: "warn"
    redisTtl: 4h
  image:
    tag: ":6.2"
  rabbitmq:
    enableTLS: false
    connection:
      url: "<ip-address-of-server-running-rabbitmq>"
  redis:
    enableTLS: false
    connection:
      url: "<ip-address-of-server-running-redis>"
  mongodb:
    connection:
      url: "<ip-address-of-server-running-mongodb>"
  postgresql:
    connection:
      url: "<ip-address-of-server-running-postgres>"
      databaseName: "lumenvox_single_db"
      databaseSchema: "public"
  enabled:
    lumenvoxSpeech: true
    lumenvoxVb: false
    lumenvoxCommon: true
  enableItn: false
  enableDiarization: false
  enableLanguageId: false
  enableNlu: false
  asrLanguages:
    - name: "en"
  ttsLanguages:
    - name: "en_us"
      legacyEnabled: false
      voices:
        - name: "jeff"
          version: "4.0.0"
        - name: "megan"
          version: "4.0.0"
  vbLanguages:
    - name: "en_US"
      version: "2.1.15"
  lidLanguages:
    - name: "LID"
    Version: “2.0.0”     
itnLanguages:
    - name: "en"
    - name: "es"

See Setting up a deployment for final steps to for complete installation by setting up a deployment

 Renewal of certificates

Backing up the old certs and configs

mkdir -p $HOME/k8s-old-certs/pki
sudo /bin/cp -p /etc/kubernetes/pki/*.* $HOME/k8s-old-certs/pki
sudo /bin/cp -p /etc/kubernetes/*.conf $HOME/k8s-old-certs
mkdir -p $HOME/k8s-old-certs/.kube
sudo /bin/cp -p ~/.kube/config $HOME/k8s-old-certs/.kube/.

Renewing the certificates

sudo kubeadm certs renew all 

 This is the output from running the command:

[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[renew] Error reading configuration from the Cluster. Falling back to default configuration
 
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed 

The certificate used by kubelet

You'll find four files /var/lib/kubelet/pki/. One of them is kubelet.crt. This file has also expired if you check with openssl:

sudo cat /var/lib/kubelet/pki/kubelet.crt | openssl x509 -noout -enddate 

 Deleting old certificates

Stopping kubectl was not mentioned in any of the articles we suggest it gets done:

sudo systemctl stop kubelet
sudo rm /etc/kubernetes/kubelet.conf
sudo ls /var/lib/kubelet/pki
 
sudo rm /var/lib/kubelet/pki/kubelet-client-<filename-from-ls-command>.pem
sudo rm /var/lib/kubelet/pki/kubelet-client-current.pem    
sudo rm /var/lib/kubelet/pki/kubelet.crt
sudo rm /var/lib/kubelet/pki/kubelet.key

Fixing Kubelet Service

This specific command regenerates the kube config file. The only article which mentions this step is this one.

sudo kubeadm init phase kubeconfig kubelet
sudo systemctl start kubelet

Updating the client data configs

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Access full installation guide here https://public.files.capacity.com/8e0415bb-7078-4be5-9629-9002e4a1f6ec/9f982cd2-13a7-4607-b46a-5414320939fa?FU=1751623589