domino logo
About DominoArchitecture
Kubernetes
Cluster RequirementsDomino on EKSDomino Kubernetes Version CompatibilityDomino on GKEDomino on AKSDomino on OpenShiftNVIDIA DGX in DominoDomino in Multi-Tenant Kubernetes ClusterEncryption in Transit
Installation
Installation ProcessConfiguration ReferenceInstaller Configuration ExamplesPrivate or Offline Installationfleetcommand-agent Release NotesInstall Script Downloads
Azure Deployments
Prepare to InstallProvision Infrastructure and Runtime EnvironmentDeploy DominoKubernetes Upgrade Guide
Google Cloud Deployments
Prepare to InstallProvision Infrastructure and Runtime EnvironmentDeploy DominoKubernetes Upgrade Guide
Amazon Web Services Deployments
Prepare to InstallProvision Infrastructure and Runtime EnvironmentDeploy DominoKubernetes Upgrade Guide
Configuration
Central ConfigurationNotificationsChange The Default Project For New UsersProject Stage ConfigurationDomino Integration With Atlassian Jira
Compute
Manage Domino Compute ResourcesHardware Tier Best PracticesModel Resource QuotasPersistent Volume ManagementAdding a Node Pool to your Domino ClusterRemove a Node from Service
Keycloak Authentication Service
Operations
Domino Application LoggingDomino MonitoringSizing Infrastructure for Domino
Data Management
Data in DominoData Flow In DominoExternal Data VolumesDatasets AdministrationSubmit GDPR Requests
User Management
RolesView User InformationRun a User Activity ReportSchedule a User Activity Report
Environments
Environment Management Best PracticesCache Environment Images in EKS
Backup and Restore
Backup StructureBackup LocationCustomize BackupsRun a Manual, On-Demand BackupRestore backups
Control Center
Control Center OverviewExport Control Center Data with The API
Troubleshooting
domino logo
About Domino
Domino Data LabKnowledge BaseData Science BlogTraining
Admin Guide
>
Installation
>
Google Cloud Deployments
>
Deploy Domino

Deploy Domino

This topic describes how to deploy Domino components on Google Kubernetes Engine (GKE). GKE is hosted on Google Cloud Platform (GCP).

Configure the cluster

  1. Use environment variables to set the values of IDs, names, and labels. This simplifies the commands you’ll run while installing Domino components:

    export DOMINO_VER=<The Domino version to deploy>
    export QUAY_USERNAME=<`quay.io` username provided by Domino>
    export QUAY_PASSWORD=<`quay.io` password provided by Domino>
  2. To retrieve the credentials for your Kubernetes cluster, check your local kubeconfig with export KUBECONFIG=$(pwd)/kubeconfig.

  3. Run kubectl create namespace domino-platform to create the domino-platform namespace.

  4. To make your application available through HTTPS, use the certificate for the project’s domain name to create a secret:

    kubectl -n domino-platform create secret tls my-cert --key=<path to your private key> --cert=<path to your cert>

Prepare the installation template and run the installer

Domino components are installed and configured with a component called fleetcommand-agent. The agent runs as a container. It uses an installation template to gather the required parameters for the environment and sets them when installing Domino components.

Generate a blank installation template with fleetcommand-agent
  1. If you aren’t already logged into quay.io, run docker login -u $QUAY_USERNAME -p $QUAY_PASSWORD quay.io.

  2. Generate a template configuration file named domino.yml in your working directory:

Caution
docker run --rm -it \
-v $(pwd):/install \
quay.io/domino/fleetcommand-agent:{fleetcommand-agent-version} \
init --file /install/domino.yml --full --version $DOMINO_VER
Important
Enter your environment parameters in the configuration template

You’ll need to reference the Terraform output from the infrastructure deployment described in Provision infrastructure and runtime environment to complete the configuration template. If you don’t have the output saved, run terraform output to retrieve it.

  1. Open the domino.yml file and edit the following attributes:

    • name: The name of the deployment. This can’t be changed post-deployment.

    • hostname: The hostname for the Domino install (for example, domino.example.com).

    • pod_cidr: The default network range is 10.0.0.0/8, but this must match the full IP range that your cluster uses.

    • ingress_controller.gke_cluster_uuid: The google_cluster_uuid from the Terraform output produced during infrastructure setup.

    • storage_class.block.type: gce

    • storage_class.shared.type: nfs

    • storage_class.shared.nfs.server: The google_filestore_ip_address from the Terraform output.

    • storage_class.shared.nfs.mount_path: /share1 (This must match the google_filestore_file_share Terraform output).

    • blob_storage.projects.type: shared

    • blob_storage.logs.type: shared

    • blob_storage.backups.type: gcs

    • blob_storage.backups.gcs.bucket: The google_bucket_name from the Terraform output.

    • blob_storage.backups.gcs.service_account_name: The google_platform_service_account from the Terraform output.

    • blob_storage.backups.gcs.project_name: The google_project from the Terraform output.

    • helm.cache_path: /app/charts

    • private_docker_registry.username: Your quay.io username.

    • private_docker_registry.password: Your quay.io password.

    • internal_docker_registry.enabled: false

    • external_docker_registry: The google_artifact_registry from the Terraform output.

  2. Replace the services.nginx_ingress.chart_values section:

        chart_values:
          controller:
            kind: Deployment
            hostNetwork: false
            service:
              enabled: true
              type: LoadBalancer
              annotations:
                cloud.google.com/backend-config: '{"ports": {"80":"nginx-ingress-controller","443":"nginx-ingress-controller"}}'
            extraArgs:
              default-ssl-certificate: domino-platform/my-cert
  3. Replace the forge.chart_values section with the following code and update the iam.gke.io/gcp-service-account value:

        chart_values:
          config:
            fullPrivilege: true
          serviceAccount:
            annotations:
              iam.gke.io/gcp-service-account: <google_gcr_service_account from terraform output>
Tip
Install Domino with fleetcommand-agent

Download fleetcommand-agent-install.sh. See Install Script Downloads if you need another version of the install script for your Domino release. Run the fleetcommand-agent-install.sh script from the same folder where the domino.yml file is located.

Tip
Setup DNS

Run kubectl -n domino-platform get svc nginx-ingress-controller to get the external IP to access your instance’s Domino management plane. You can use this to update your DNS records accordingly.

Validate your installation

  1. Go to https://<YOUR DOMAIN>/auth/

  2. Login with the username keycloak and the password from the keycloak-http secret in the domino-platform namespace. Use the following command to get the password: echo -e "\nyour password is: $(kubectl get secret keycloak-http -n domino-platform --template={{.data.password}} | base64 -d)\n"

  3. Go to Users in the navigation pane, and click Add User.

  4. Enter the username, first name, last name, and email address, and then click Save

  5. Go to the Credentials tab and add a password.

  6. Optional: Disable Temporary.

  7. Go to Role Mappings > Client Roles, and select domino-play.

  8. Select the User role and add it to your user.

  9. Go to the main page for your Domino deployment (for example, https://\<YOUR DOMAIN\>) and sign in with your new Domino user.

  10. Go to Environments > Domino Standard Environment Py3.8 R4.1 > Revisions and make sure the revision is active. If not, use Build Logs to try to solve the problem.

  11. Go to Projects > Quick-start > Workspaces and launch a new workspace using Jupyter (this can take a while).

  12. When the new workspace is created open main.ipynb and confirm that you can execute the script without errors.

Enable user registration

Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.

  1. Sign in to Keycloak on your Domino instance.

  2. In the Keycloak sidebar menu, select Realm Settings.

  3. Select the Login tab, and toggle User registration to On.

  4. Click Save to confirm your changes.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.