About Domino
Domino Data LabKnowledge BaseData Science BlogTraining

Deploy Domino

Use the information in this section to deploy Domino components in the Azure infrastructure.

  1. Use the environment variables to set the values of IDs, names, and labels in your Azure environment. This simplifies the commands that you will use when installing the Domino components.

    export SUB_ID=<ID of the subscription where AKS was deployed>
export RG_NAME=<Name of the resource group where AKS was deployed>
export CLUSTER_NAME=<AKS cluster name>
export DOMINO_VER=<Domino version to deploy>
export QUAY_USERNAME=<quay.io username provided by Domino>
export QUAY_PASSWORD=<quay.io password provided by Domino>
    Note

  2. To retrieve credentials for the Kubernetes cluster, run the following command to add the AKS credentials to your kubectl config file:

    az aks get-credentials --subscription $SUB_ID --resource-group $RG_NAME --name $CLUSTER_NAME

  3. To create the domino-platform namespace, run:

    kubectl create namespace domino-platform

  4. To set up your HTTPS certificate, run the following command to create a secret that uses the certificate for the domain name. This domain name allows the Domino management plane to be accessible through HTTPS:

    kubectl -n domino-platform create secret tls my-cert --key=<path to your private key> --cert=<path to your cert>

The fleetcommand-agent runs as a container. It installs and configures Domino components. The fleetcommand-agent uses an installation template to gather the required parameters for the environment and sets them when installing Domino components.

The installation process with fleetcommand-agent generates a blank installation template where you enter your environment parameters and then provide them to fleetcommand-agent to perform the installation tasks.

Generate a blank installation template with fleetcommand-agent:

  1. If you aren’t logged into quay.io, execute: docker login -u $QUAY_USERNAME -p $QUAY_PASSWORD quay.io

  2. Run the following command to generate a domino.yml template configuration file in the current working directory.

    Note
    docker run --rm -it \
  -v $(pwd):/install \
  quay.io/domino/fleetcommand-agent:v50.2 \
  init --file /install/domino.yml --version $DOMINO_VER
    Note
Enter your environment parameters into the configuration template

  1. Open the domino.yml file and edit the attributes as follows:

    • name: The name of the deployment. This can’t be changed post-deployment.

    • hostname: The hostname for the Domino install (for example, domino.example.com).

    • pod_cidr: The default network range is 10.0.0.0/8, but this must match the full IP range that your cluster uses.

    • storage_classes.block.type: azure-disk

    • storage_classes.shared.type: azure-file

    • blob_storage.projects.type: shared

    • blob_storage.logs.type: shared

    • blob_storage.backups.type: shared

    • blob_storage.backups.azure.account_name: STORAGE_ACCOUNT_NAME value

    • blob_storage.backups.azure.account_key: STORAGE_ACCOUNT_KEY value

    • blob_storage.backups.azure.container: STORAGE_ACCOUNT_CONTAINER_NAME value

    • helm.cache_path: /app/charts

    • private_docker_registry.username: Your quay.io username.

    • private_docker_registry.password: Your quay.io password.

    • internal_docker_registry.enabled: false

    • external_docker_registry: The container registry DNS name.

    Note

  2. Add the following code to the end of the file.

    Replace <TENANT_ID value> and <AAD_CLIENT_ID value> with the values for your Azure account and cluster.

Kubernetes v1.23 and earlier
services:
  nginx_ingress:
    version: 1.30.0-0.5.3
    chart_values:
      controller:
        kind: Deployment
        hostNetwork: false
        service:
          enabled: true
          type: LoadBalancer
        extraArgs:
          default-ssl-certificate: domino-platform/my-cert
  forge:
    version: 0.19.4
    install_timeout: 300
    chart_values:
      config:
        azure:
          tenantId: <TENANT_ID value>
          aadClientId: <AAD_CLIENT_ID value>

+

Kubernetes v1.24
services:
  nginx_ingress:
    version: 1.30.0-0.5.3
    chart_values:
      controller:
        kind: Deployment
        hostNetwork: false
        service:
          enabled: true
          type: LoadBalancer
          annotations:
            service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/healthz"
        extraArgs:
          default-ssl-certificate: domino-platform/my-cert
  forge:
    version: 0.19.4
    install_timeout: 300
    chart_values:
      config:
        azure:
          tenantId: <TENANT_ID value>
          aadClientId: <AAD_CLIENT_ID value>

+ NOTE: Domino recommends that you back up your final configuration file for future reference. To do this, use the following command: cp domino.yml{,.backup-$( date %s )}

Install Domino with fleetcommand-agent

fleetcommand-agent installs and configures Domino components. It uses the installation template to gather the required parameters for the environment and sets them when installing Domino components.

To install Domino on the infrastructure you prepared, run the following:

curl -o fleetcommand-agent-install.sh https://docs.dominodatalab.com/attachments/fleetcommand-agent-install.sh
bash fleetcommand-agent-install.sh $DOMINO_VER

See fleetcommand-agent-install.sh Downloads for more information.

Tip
Set up DNS

Run the following to get the external IP to access your instance’s Domino management plane:

kubectl -n domino-platform get svc nginx-ingress-controller

You can use this to update your DNS records accordingly.

Note

+ If you use Azure Front Door or a similar CDN that doesn’t support WebSockets, you must route incoming traffic so that it skips the CDN.

+ As an alternative, Application Gateway has native WebSocket support.

Validate your installation

  1. Go to https://<YOUR-DOMAIN>/auth/

  2. Login with the username keycloak and the password from the keycloak-http secret in the domino-platform namespace.

  3. Use the following command to get the password:

    echo -e "\nyour password is: $(kubectl get secret keycloak-http  -n domino-platform --template={{.data.password}} | base64 -d)\n"

  4. Go to Users in the navigation pane and click Add User.

  5. Enter the username, first name, last name, and email address, and then click Save.

  6. Go to the Credentials tab and add a password.

  7. Optional: Disable Temporary.

  8. Click Set Password.

  9. Go to Role Mappings.

  10. From Client Roles, select domino-play.

  11. Select the User role and add it to your user.

  12. Go to the main page for your Domino deployment (for example, https://\<YOUR-DOMAIN\>) and sign in with your new Domino user.

  13. Go to Environments > Domino Standard Environment Py3.8 R4.1 > Revisions and make sure the revision is active. If not, use Build Logs to try to solve the problem.

  14. Go to Projects > Quick-start > Workspaces and launch a new workspace using Jupyter (this can take a while).

  15. When the new workspace is created open main.ipynb and confirm that you can execute the script without errors.

Enable user registration

Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.