You can deploy Domino into a Kubernetes cluster that meets the following requirements.
Kubernetes 1.15+
Domino 4.6 and 5.x have been validated with Kubernetes 1.18–1.20.
Starting with Kubernetes 1.20, Docker is deprecated as a container runtime.
Some distributors of Kubernetes software and providers of managed Kubernetes services (such as Azure Kubernetes Service (AKS) and Google Kubernetes Engine (GKE)) might change their default runtime from Docker to containerd.
Domino depends on some Docker functionality (for managing certificate trust) that is not available in containerd without special configuration.
Contact your Domino customer success team for guidance before replacing Docker with containerd.
When upgrading a cluster using a managed Kubernetes service:
-
Confirm that the version you’re upgrading to supports Docker runtime.
-
Configure the upgrade to use Docker runtime.
Some default upgrade paths on GKE and AKS automatically switch you to
containerdunless you specify otherwise.
The minimum node requirements for Domino are one platform node and one compute node.
If you are upgrading to 5.0 or higher, and the platform cluster does not support autoscaling, you must increase the number of nodes to support the increased node requirements (two platform nodes and two compute nodes).
Storage classes
Domino requires at least two storage classes.
-
Dynamic block storage
Domino requires high performance block storage for the following types of data:
-
Ephemeral volumes attached to user execution
-
High performance databases for Domino application object data
This storage must be backed by a storage class with the following properties:
-
Supports dynamic provisioning
-
Can be mounted on any node in the cluster
-
SSD-backed recommended for fast I/O
-
Capable of provisioning volumes of at least 100GB
-
Underlying storage provider can support
ReadWriteOncesemanticsIn AWS, EBS is used to back this storage class. The following is an example configuration for a compatible EBS storage class:
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: domino-compute-storage provisioner: kubernetes.io/aws-ebs parameters: type: gp2 fsType: ext4In GCP, compute engine persistent disks are used to back this storage class. The following is an example configuration for a compatible GCEPD storage class:
apiVersion: storage.k8s.io/v1 kind: StorageClass metadata: name: dominodisk parameters: replication-type: none type: pd-standard provisioner: kubernetes.io/gce-pd reclaimPolicy: Delete volumeBindingMode: WaitForFirstConsumer
-
-
Long term shared storage
Domino needs a separate storage class for long term storage for:
-
Project data uploaded or created by users
-
Domino Datasets
-
Docker images
-
Domino backups
This storage needs to be backed by a storage class with the following properties:
-
Dynamically provisions Kubernetes PersistentVolume
-
Can be accessed in ReadWriteMany mode from all nodes in the cluster
-
Uses a
VolumeBindingModeofImmediateIn AWS, these storage requirements are handled by a class that is backed by EFS for Domino Datasets, and a class that is backed by S3 for project data, backups, and Docker images.
In GCP, these storage requirements are handled by a Cloud Filestore volume mounted as NFS.
-
Domino requires a minimum of two node pools, one to host the Domino Platform and one to host Compute workloads. Additional optional pools can be added to provide specialized execution hardware for some Compute workloads.
-
Platform pool requirements
-
Boot Disk: 128GB
-
Min Nodes: 3
-
Max Nodes: 3
-
Spec: 8 CPU / 32GB
-
Labels:
dominodatalab.com/node-pool: platform
-
-
Compute pool requirements
-
Boot Disk: 400GB
-
Recommended Min Nodes: 1
-
Max Nodes: Set as necessary to meet demand and resourcing needs
-
Recommended min spec: 8 CPU / 32GB
-
Enable Autoscaling: Yes
-
Labels:
domino/build-node: true,dominodatalab.com/node-pool: default
-
-
Optional GPU compute pool
-
Boot Disk: 400GB
-
Recommended Min Nodes: 0
-
Max Nodes: Set as necessary to meet demand and resourcing needs
-
Recommended min Spec: 8 CPU / 16GB / One or more Nvidia GPU Device
-
Nodes must be pre-configured with appropriate Nvidia driver, Nvidia-docker2 and set the default docker runtime to nvidia. For example, EKS GPU optimized AMI.
-
Labels:
dominodatalab.com/node-pool: default-gpu,nvidia.com/gpu: true
-
Domino relies on
Kubernetes network policies to manage secure communication between pods in the cluster.
Network policies are implemented by the network plugin, so your cluster use a networking solution which supports NetworkPolicy, such as Calico.
Domino must be configured to serve from a specific FQDN, and DNS for that name must resolve to the address of an SSL-terminating load balancer with a valid certificate. The load balancer must target incoming connections on ports 80 and 443 to port 80 on all nodes in the Platform pool. This load balancer must support websocket connections.
Health checks for this load balancer must use HTTP on port 80 and check for 200 responses from a path of /health on the nodes.
|
Note
| Domino continues to support environments with subdomains. If you are using subdomains for your Domino deployment and need best-practice information, contact your Account Manager. However, Domino recommends that you do not use them for improved security. |
To support SSO protocols, TLS connections to external services, intra-cluster TLS when using Istio, and to avoid general interoperability issues, the nodes in your Kubernetes cluster must have a valid Network Time Protocol (NTP) configuration. This will allow for successful TLS validation and operation of other time-sensitive protocols.