About Domino
Domino Data LabKnowledge BaseData Science BlogTraining

Configuration Reference

KeyDescriptionRequiredValues

schema

YAML schema version.

1.0

name

Unique deployment name. This must contain the name of the deployment owner.

[a-zA-Z0-9_-]+

version

Domino version to install.

Supported versions: 4.1.10, 4.2.0

hostname

Hostname Domino application will be accessed at.

Valid fully qualified domain name (FQDN)

pod_cidr

If network policies are enabled, allow access from this CIDR. This range must cover addresses used by your cluster nodes and pods.

Valid CIDR range, for example, 10.0.0.0/8

ssl_enabled

Should Domino only be accessible using HTTPS.

true, false

ssl_redirect

Should Domino only be accessible using HTTPS.

true, false

create_ingress_controller

Create an NGINX ingress controller.

true, false

request_resources

Create Kubernetes resource requests and limits for services.

true, false

enable_network_policies

Use network policies for fine-grained service access.

true, false,

Note

enable_pod_security_policies

Enables pod security policies for locked down system capabilities.

true, false

create_restricted_pod_security_policy

Creates pod security policies for locked down system capabilities.

true, false

Ingress controller

This section configures the NGINX ingress controller deployed by the fleetcommand-agent.

KeyDescriptionRequiredValues

ingress_controller.create

Whether to create the ingress controller.

true, false

ingress_controller.gke_cluster_uuid

When running Domino on GKE you must supply the GKE cluster UUID here to configure GCP networking for ingress.

Cluster UUID

Namespaces

Namespaces are a way to virtually segment Kubernetes executions. Domino will create namespaces according to the specifications in this section, and the installer requires that these namespaces not already exist at installation time.

KeyDescriptionRequiredValues

namespaces.platform.name

Namespace to place Domino services

Kubernetes Names

namespaces.compute.name

Namespace for user executions

Kubernetes Names

Note

namespaces.system.name

Namespace for deployment metadata

Kubernetes Names

namespaces.*.annotations

Optional annotations to apply to each namespace

Kubernetes Annotation

Storage classes

Storage Classes are a way to abstract the dynamic provisioning of volumes in Kubernetes.

Domino requires the following storage classes:

  1. block storage for Domino services and user executions that need fast I/O.

  2. shared storage that can be shared between multiple executions.

Domino supports pre-created storage classes, although the installer can create a shared storage class backed by NFS or a cloud NFS analog as long as the cluster can access the NFS system for read and write, and the installer can create several types of block storage classes backed cloud block storage systems like Amazon EBS.

KeyDescriptionRequiredValues

storage_classes.block.create

Whether to create the block storage class

  • true

  • false

storage_classes.block.name

Kubernetes Name

Note

storage_classes.block.type

Name of the block storage class to use

  • ebs

  • hostpath

  • gce

  • azure-disk

storage_classes.block.base_path

Base path to use on nodes as a base when using hostpath volumes

storage_classes.block.default

Whether to set this storage class as the default.

  • true

  • false

storage_classes.shared.create

Whether to create the shared storage class

  • true

  • false

storage_classes.shared.name

Kubernetes Name

storage_classes.shared.type

Type of the shared storage class to use

  • efs

  • nfs

  • azure-file Azure File requires outbound port 445 to be open from your Azure cluster

storage_classes.shared.efs.region

EFS store AWS region

for example, us-west-2

storage_classes.shared.efs.filesystem_id

EFS filesystem ID

for example, fs-7a535bd1

storage_classes.shared.nfs.server

NFS server IP or hostname

storage_classes.shared.nfs.mount_path

Base path to use on the server when creating shared storage volumes

storage_classes.shared.nfs.mount_options

YAML List of additional NFS mount options

for example, - mfsymlinks

storage_classes.shared.azure_file.storage_account

Azure storage account to create filestores

Blob storage

Domino can store long-term, unstructured data in “blob storage” buckets. Only the shared storage class described previously (NFS) and S3 are supported.

To apply a default S3 bucket or shared storage type to all use-cases of blob storage, it is only necessary to fill out the default setting and make sure enabled is true. Otherwise, all other blob storage uses (projects, logs, and backups) must be filled out.

KeyDescriptionRequiredValues

blob_storage.default.enabled

Whether the default configuration must take precedence over individual config keys

  • true

  • false

blob_storage.*.type

Which type of blob storage to use

  • shared

  • s3

blob_storage.*.s3.region

AWS region of the S3 bucket store

for example, us-west-2

blob_storage.*.s3.bucket

S3 bucket name

for example, domino-bucket-1

Autoscaler

For Kubernetes clusters without native cluster scaling in response to new user executions, Domino supports the use of the cluster autoscaler.

KeyDescriptionRequiredValues

autoscaler.enabled

Enable cluster autoscaling

  • true

  • false

autoscaler.cloud_provider

Cloud provider Domino is deployed with

  • aws

  • azure

autoscaler.aws.region

AWS region Domino is deployed into

for example, us-west-2

autoscaler.azure.resource_group

Azure resource group Domino is deployed into

Azure resource group

autoscaler.azure.subscription_id

Azure subscription ID Domino is deployed with

Azure subscription ID

Groups

Autoscaling groups are not dynamically discovered. Each autoscaling group must be individually specified including the minimum and maximum scaling size.

KeyDescriptionRequiredValues

autoscaler.groups.*.name

Autoscaling group name

Must exactly match the name in the cloud provider

autoscaler.groups.*.min_size

for example, 0

autoscaler.groups.*.max_size

for example, 10

External DNS

Domino can automatically configure your cloud DNS provider. More extensive documentation can be found on the external-dns homepage.

KeyDescriptionRequiredValues

external_dns.enabled

Whether Domino must configure cloud DNS

  • true

  • false

external_dns.provider

Cloud DNS provider

for example, aws

external_dns.domain_filters

Only allow access to domains that match this filter

for example, my-domain.example.com

external_dns.zone_id_filters

Only allow updates to specific Route53 hosted zones

Email notifications

Domino supports SMTP for sending email notifications in response to user actions and run results.

KeyDescriptionRequiredValues

email_notifications.enabled

Whether Domino must send email notifications

  • true

  • false

email_notifications.server

SMTP server hostname or IP

email_notifications.port

SMTP server port

email_notifications.encryption

Whether the SMTP server uses SSL encryption

email_notifications.from_address

Email address to send emails from Domino with

for example, domino @example.com

email_notifications.authentication.username

If using SMTP authentication, the username

email_notifications.authentication.password

If using SMTP authentication, the password

Monitoring

Domino supports in-cluster monitoring with Prometheus as well as more detailed, external monitoring through NewRelic APM and Infrastructure.

KeyDescriptionRequiredValues

monitoring.prometheus_metrics

Install Prometheus monitoring

  • true

  • false

monitoring.newrelic.apm

Enable NewRelic APM

  • true

  • false

monitoring.newrelic.infrastructure

Enable NewRelic Infrastructure

  • true

  • false

monitoring.newrelic.license_key

NewRelic account license key

Helm

Configuration for the Helm repository that stores Domino’s charts.

KeyDescriptionRequiredValues

helm.version

Which version of Helm to use.

2 or 3

helm.host

Hostname of the chart repository

For Helm 2 this must be quay.io or the address of your private appr server. For Helm 3 it must be gcr.io.

helm.namespace

Namespace to find charts in the repository.

Helm repo namespace. When using official Domino repositories this must be domino. For Helm 3 with gcr.io or mirrors.domino.tech, use domino-eng-service-artifacts.

helm.prefix

Prefix for the chart repository.

Application registry prefix. When using official Domino repositories this must be helm-. For Helm 3 with gcr.io or mirrors.domino.tech, this must be an empty string.

helm.username

Username for chart repository if authentication is required. When using Helm 3 with charts hosted in GCR this must be _json_key.

Username

helm.password

Password for chart repository if authentication is required.

For Helm 3 this is the base64 encoded JSON key that was provided by Domino.

helm.tiller_image

URI of the Docker image for the Tiller service to use when running Helm 2.

This must point to a version 2.16.1 Tiller image at gcr.io/kubernetes-helm/tiller:v2.16.1 or in your private registry.

helm.cache_path

Path to cached Helm 3 chart files.

Set to empty string ('') to use online chart data.

Private Docker registry

Configuration for the Docker repository that stores Domino’s images.

KeyDescriptionRequiredValues

private_docker_registry.server

Docker registry host

  • quay.io

  • mirrors.domino.tech

private_docker_registry.username

Docker registry username

private_docker_registry.password

Docker registry password

Internal Docker registry

The recommended configuration for the internal Docker registry deployed with Domino. Override values are to allow the registry to use S3, GCS, or Azure blob store as a backend store. GCS requires a service account already be bound into the Kubernetes cluster with configuration to ensure the docker-registry service account is properly mapped.

KeyDescriptionRequiredValues

internal_docker_registry.s3_override.region

AWS region of the S3 bucket store

for example, us-west-2

internal_docker_registry.s3_override.bucket

S3 bucket name

for example, domino-bucket-1

internal_docker_registry.gcs_override.bucket

GCS bucket name

for example, domino-bucket-1

internal_docker_registry.gcs_override.service_account_name

GCS service account with access to the bucket

internal_docker_registry.gcs_override.project_name

GCP project name that Domino is deployed into

internal_docker_registry.azure_blobs_override.account_name

Azure blobstore account name

internal_docker_registry.azure_blobs_override.account_key

Azure blobstore account key

internal_docker_registry.azure_blobs_override.container

Azure blobstore container name

Telemetry

Domino supports user telemetry data to help improve the product.

KeyDescriptionRequiredValues

intercom.enabled

Enable Intercom onboarding

  • true

  • false

mixpanel.enabled mixpanel.token

Enable MixPanel MixPanel API token

GPU

If using GPU compute nodes, enable the following configuration setting to install the required components.

KeyDescriptionRequiredValues

gpu.enabled

Enable GPU support

  • true

  • false

Fleetcommand

Domino supports upgrading minor patches through an internal tool named Fleetcommand.

KeyDescriptionRequiredValues

fleetcommand.enabled

Enable ability for Domino staff to apply minor patches

  • true

  • false

fleetcommand.api_token

Deployment-specific API token (Domino staff will provide this)

Node selectors

Domino will by default deploy some DaemonSets on all available nodes in the hosting cluster. When running in a multi-tenant Kubernetes cluster, where some nodes are available that must not be used by Domino, you can label nodes for Domino with a single, consistent label, then provide that label to the fleetcommand-agent with the below configuration to apply a selector to all Domino resources for that label.

KeyDescriptionRequiredValues

global_node_selectors

List of key/value pairs to use as the label for the selector.

Optional

See the following example

Example

global_node_selectors:
  domino-owned: "true"

This example would apply a selector for domino-owned=true to all Domino deployment resources.

Ingress controller class

The name of the Domino Ingress class can be changed with this setting. This should generally not need to change.

KeyDescriptionRequiredValues

ingress_controller.class_name

Name for the Domino Ingress class

nginx

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.