Setup via quick start (kubeadm)
LV Containers Quick Start (kubeadm)
Clients wanting to perform an on-premises Kubernetes installation can follow these steps for Linux (Some steps may differ to various Linux installations). This makes use of kubeadm to simply the installation process for clients.
Hardware requirements
The minimum server requirements are as follows:
- Linux OS (ubuntu, redhat linux, centos, Darwin and rocky linux)
- CPU – 8 CPU Cores
- Memory – 16 GB Memory
- Boot Disk – 250 GB
Getting started
Access the following page GitHub - lumenvox/containers-quick-start: Setup scripts for LumenVox Containers to obtain the required installation files, steps, prerequisites, and supported environments.
Once the required operating environment has been set up the following steps can be followed by running the following in the command line:
Install LumenVox Containers Repo
git clone https://github.com/lumenvox/containers-quick-start.git
cd containers-quick-start/
Generate SSL Certificate
1. openssl genrsa -out server.key 2048 2. openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 -addext "subjectAltName = DNS:lumenvox-api.testmachine.com, DNS:biometric-api.testmachine.com, DNS:management-api.testmachine.com, DNS:reporting-api.testmachine.com, DNS:admin-portal.testmachine.com, DNS:deployment-portal.testmachine.com" |
The subject alternative name can be specific to the customers environment.
Grant execute permissions to scripts
1. chmod +x *.sh |
Perform Installation
Edit values.yaml file as per installation requirements.
./lumenvox-control-install.sh values.yaml server.key server.crt (use command as is)
Document the passwords created for redistribution, RabbitMQ, mongo and Postgres as these will be used later to create the deployment.
The following is an example of the values.yaml file
# kubeadm basic values lumenvox-common: rabbitmq: enabled: false redis: enabled: false mongodb: enabled: false postgresql: enabled: false global: licensing: # Note: licensing (and therefore system) will not work without a valid clusterGuid value clusterGuid: "<lumenvox-to-provide-cluster-guid>" defaultNamespace: "lumenvox" hostnameSuffix: ".testmachine.com" lumenvox: ingress: className: nginx loggingVerbosity: "warn" redisTtl: 4h image: tag: ":5.1" rabbitmq: enableTLS: false connection: url: "<ip-address-of-server-running-rabbitmq>" redis: enableTLS: false connection: url: "<ip-address-of-server-running-redis>" mongodb: connection: url: "<ip-address-of-server-running-mongodb>" postgresql: connection: url: "<ip-address-of-server-running-postgres>" databaseName: "lumenvox_single_db" databaseSchema: "public" enabled: lumenvoxSpeech: true lumenvoxVb: false lumenvoxCommon: true enableItn: true asrLanguages: - name: "en" ttsLanguages: - name: "en_us" voices: - name: "chris" vbLanguages: - name: "en_US" version: "2.1.15" |
See Setting up a deployment for final steps to for complete installation by setting up a deployment
Renewal of certificates
Kubeadm creates a certificate upon initial installation and this certificate expires every 365 days and needs to be manually renewed before expiration. The following steps can be followed:
Backing up the old certs and configs
1. mkdir -p $HOME/k8s-old-certs/pki 2. sudo /bin/cp -p /etc/kubernetes/pki/*.* $HOME/k8s-old-certs/pki 3. sudo /bin/cp -p /etc/kubernetes/*.conf $HOME/k8s-old-certs 4. mkdir -p $HOME/k8s-old-certs/.kube 5. sudo /bin/cp -p ~/.kube/config $HOME/k8s-old-certs/.kube/. |
Renewing the certificates
1. sudo kubeadm certs renew all |
This is the output from running the command:
[renew] Reading configuration from the cluster... [renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [renew] Error reading configuration from the Cluster. Falling back to default configuration
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed certificate for serving the Kubernetes API renewed certificate the apiserver uses to access etcd renewed certificate for the API server to connect to kubelet renewed certificate embedded in the kubeconfig file for the controller manager to use renewed certificate for liveness probes to healthcheck etcd renewed certificate for etcd nodes to communicate with each other renewed certificate for serving etcd renewed certificate for the front proxy client renewed certificate embedded in the kubeconfig file for the scheduler manager to use renewed |
The certificate used by kubelet
You'll find four files /var/lib/kubelet/pki/. One of them is kubelet.crt. This file has also expired if you check with openssl:
1. sudo cat /var/lib/kubelet/pki/kubelet.crt | openssl x509 -noout -enddate
1. sudo cat /var/lib/kubelet/pki/kubelet.crt | openssl x509 -noout -enddate |
Deleting old certificates
Stopping kubectl was not mentioned in any of the articles we suggest it gets done:
1. sudo systemctl stop kubelet 2. sudo rm /etc/kubernetes/kubelet.conf 3. sudo ls /var/lib/kubelet/pki 4. 5. sudo rm /var/lib/kubelet/pki/kubelet-client-<filename-from-ls-command>.pem 6. sudo rm /var/lib/kubelet/pki/kubelet-client-current.pem 7. sudo rm /var/lib/kubelet/pki/kubelet.crt 8. sudo rm /var/lib/kubelet/pki/kubelet.key |
Fixing Kubelet Service
This specific command regenerates the kube config file. The only article which mentions this step is this one.
1. sudo kubeadm init phase kubeconfig kubelet 2. sudo systemctl start kubelet |
Updating the client data configs
1. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config 2. sudo chown $(id -u):$(id -g) $HOME/.kube/config |
Access full installation guide here https://public.files.capacity.com/8e0415bb-7078-4be5-9629-9002e4a1f6ec/953b1ada-ecba-40cf-bfed-17772e0d1b36?FU=1723665304