About Domino
Domino Data LabKnowledge BaseData Science BlogTraining

Deploy Domino

This topic describes how to deploy Domino components on Google Kubernetes Engine (GKE). GKE is hosted on Google Cloud Platform (GCP).

Configure the cluster

  1. Use environment variables to set the values of IDs, names, and labels. This simplifies the commands you’ll run while installing Domino components:

    export DOMINO_VER=<The Domino version to deploy>
export QUAY_USERNAME=<`quay.io` username provided by Domino>
export QUAY_PASSWORD=<`quay.io` password provided by Domino>

  2. To retrieve the credentials for your Kubernetes cluster, check your local kubeconfig with:

    export KUBECONFIG=$(pwd)/kubeconfig

  3. Run the following to create the domino-platform namespace:

    kubectl create namespace domino-platform

  4. To make your application available through HTTPS, use the certificate for the project’s domain name to create a secret:

    kubectl -n domino-platform create secret tls my-cert --key=<path to your private key> --cert=<path to your cert>

Prepare the installation template and run the installer

fleetcommand-agent installs and configures Domino components. It uses an installation template to gather the required parameters for the environment and sets them when installing Domino components.

Generate a blank installation template with fleetcommand-agent

  1. If you aren’t already logged into quay.io, run:

    docker login -u $QUAY_USERNAME -p $QUAY_PASSWORD quay.io

  2. Generate a template configuration file named domino.yml in your working directory:

    Caution
    docker run --rm -it \
  -v $(pwd):/install \
  quay.io/domino/fleetcommand-agent:{fleetcommand-agent-version} \
  init --file /install/domino.yml --version $DOMINO_VER
Important
Enter your environment parameters in the configuration template

You must reference the Terraform output from the infrastructure deployment described in Provision infrastructure and runtime environment to complete the configuration template. If you don’t have the output saved, run terraform output to retrieve it.

  1. Open the domino.yml file and edit the following attributes:

    • name: The name of the deployment. This can’t be changed post-deployment.

    • hostname: The hostname for the Domino install (for example, domino.example.com).

    • pod_cidr: The default network range is 10.0.0.0/8, but this must match the full IP range that your cluster uses.

    • ingress_controller.gke_cluster_uuid: The google_cluster_uuid from the Terraform output produced during infrastructure setup.

    • storage_class.block.type: gce

    • storage_class.shared.type: nfs

    • storage_class.shared.nfs.server: The google_filestore_ip_address from the Terraform output.

    • storage_class.shared.nfs.mount_path: /share1 (This must match the google_filestore_file_share Terraform output).

    • blob_storage.projects.type: shared

    • blob_storage.logs.type: shared

    • blob_storage.backups.type: gcs

    • blob_storage.backups.gcs.bucket: The google_bucket_name from the Terraform output.

    • blob_storage.backups.gcs.service_account_name: The google_platform_service_account from the Terraform output.

    • blob_storage.backups.gcs.project_name: The google_project from the Terraform output.

    • helm.cache_path: /app/charts

    • private_docker_registry.username: Your quay.io username.

    • private_docker_registry.password: Your quay.io password.

    • internal_docker_registry.enabled: false

    • external_docker_registry: The google_artifact_registry from the Terraform output.

  2. Replace the services.nginx_ingress.chart_values section:

        chart_values:
      controller:
        kind: Deployment
        hostNetwork: false
        service:
          enabled: true
          type: LoadBalancer
          annotations:
            cloud.google.com/backend-config: '{"ports": {"80":"nginx-ingress-controller","443":"nginx-ingress-controller"}}'
        extraArgs:
          default-ssl-certificate: domino-platform/my-cert
Tip
Install Domino with fleetcommand-agent

Download fleetcommand-agent-install.sh. See fleetcommand-agent-install.sh Downloads if you need another version of the install script for your Domino release. Run the fleetcommand-agent-install.sh script from the same folder where the domino.yml file is located.

Tip
Setup DNS

Run the following to get the external IP to access your instance’s Domino management plane.

kubectl -n domino-platform get svc nginx-ingress-controller

You can use this to update your DNS records accordingly.

Validate your installation

  1. Go to https://<YOUR-DOMAIN>/auth/

  2. Login with the username keycloak and the password from the keycloak-http secret in the domino-platform namespace.

  3. Use the following command to get the password:

    echo -e "\nyour password is: $(kubectl get secret keycloak-http  -n domino-platform --template={{.data.password}} | base64 -d)\n"

  4. In the navigation pane, go to Users > Add User.

  5. Enter the username, first name, last name, and email address, and then click Save

  6. Go to the Credentials tab and add a password.

  7. Optional: Disable Temporary.

  8. Go to Role Mappings > Client Roles, and select domino-play.

  9. Select the User role and add it to your user.

  10. Go to the main page for your Domino deployment (for example, https://\<YOUR-DOMAIN\>) and sign in with your new Domino user.

  11. Go to Environments > Domino Standard Environment Py3.8 R4.1 > Revisions and make sure the revision is active. If not, use Build Logs to try to solve the problem.

  12. Go to Projects > Quick-start > Workspaces and launch a new workspace using Jupyter (this can take a while).

  13. When the new workspace is created open main.ipynb and confirm that you can execute the script without errors.

Enable user registration

Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.