domino logo
Latest (5.5)
  • About Domino
  • Architecture
  • Security and Compliance
  • Domino Infrastructure
  • Kubernetes Infrastructure
  • Installation
  • Data Planes
  • Execution Resources
  • Users
  • Keycloak Authentication Service
  • Data
  • Projects
  • Environments
  • Model Monitoring
  • Control Center
  • Logs and Monitoring
  • Backup and Restore
  • Disaster Recovery
  • Configuration Reference
  • Run the Admin Toolkit
  • MongoDB Console
  • Get Help
domino logo
About Domino
Domino Data LabKnowledge BaseData Science BlogTraining
Admin Guide
>
Installation
>
Installation Overview

Installation Overview

Note

This topic is a basic outline of the Domino installation process.

If you need platform-specific instructions, see the following:

  • Amazon Web Services (AWS) Deployments

  • Azure Deployments

  • Google Cloud Platform (GCP) Deployments

  • Private or Offline Installation

Use fleetcommand-agent to install Domino. fleetcommand-agent is a Python-based automation tool that runs inside a Docker container. Since Domino runs on Kubernetes, fleetcommand-agent uses Helm to deploy Domino into a compatible cluster. You can run fleetcommand-agent locally or as a job in the target cluster.

install diagram

Domino recommends that you use the streamlined domino.yaml files to complete your Domino install. These are configuration files that ease the Domino deployment process. domino.yaml provides a streamlined experience, while domino-full.yaml includes the default fields for advanced configuration. See Streamlined domino.yaml Downloads for more information and a complete list of downloads for supported Kubernetes distributions and cloud platforms.

Requirements

The install automation tools are delivered as a Docker image, and must run on an installation workstation that meets the following requirements:

  • Docker installed.

  • Kubectl service account access to the cluster.

  • Access to download and install Helm through package manager or GitHub.

  • Access to quay.io and credentials for an installation service account with access to the Domino installer image and upstream image repositories. Throughout these instructions, these credentials will be referred to as $QUAY_USERNAME and $QUAY_PASSWORD. Contact your Domino account team if you need new credentials.

Install Domino

  1. Confirm that your workstation fulfills the installation requirements.

  2. If you haven’t done so already, pull the fleetcommand-agent image.

  3. Access the default entrypoint for fleetcommand-agent:

    "Entrypoint": [ "python", "-m", "fleetcommand_agent"]

    This command launches fleetcommand-agent inside the container at /app/fleetcommand_agent. You can access fleetcommand-agent and run commands through docker run:

    docker run --rm quay.io/domino/fleetcommand-agent:v60.1 $COMMAND $ARGUMENTS

The fleetcommand-agent supports the following commands:

init

Generates a configuration file.

Arguments:

--file or -f

File system path to write the template to. This must be a host volume mounted to the container to persist the output.

--full or -F

Includes optional and advanced portions of the template. Should only be used when advanced options are needed, as configurations with these fields are more complex to maintain.

--version

Domino version to generate a configuration template for.

--image-registry

Provides an alternative registry to retrieve images for all Domino components. The value will be stored under helm.image_registries in your configuration file.

--template or -t

Specifies a configuration file to use as an override for the new configuration file. This must be a host volume mounted to the container, otheriwse the output will not be saved.

--preset

Specifies the appropriate cloud (eks, aks, gke or openshift) for cloud-specific configuration.

Example

docker run --rm -v $(pwd):/install quay.io/domino/fleetcommand-agent:v60.1 \
init --file /install/domino.yml

run

Installs Domino into a cluster specified by a Kubernetes configuration from the KUBECONFIG environment variable. A valid configuration file must be passed in to this command.

Note

Arguments:

--file or -f

File system path to the complete and valid configuration file.

--kubeconfig

Path to Kubernetes configuration file containing cluster and authentication information to use.

--dry

Use this mode to not make any permanent changes to the target cluster. A dry run checks service account permissions and generates detailed logs about the charts to be deployed with the given configuration. The output is written to \'/app/logs and /app/.appr_chart_cache inside the container.

See the fleetcommand-agent Command Reference for more details.

Example:

docker run --rm -v $(pwd):/install quay.io/domino/fleetcommand-agent:v60.1 run --file /install/domino.yml

Example dry run:

docker run --rm -v $(pwd):/install -v $(pwd)/logs:/app/logs \
-v $(pwd)/cache:/app/.appr_chart_cache quay.io/domino/fleetcommand-agent:v60.1 \
run --dry --file /install/domino.yml

destroy

Removes all resources from the target cluster for a given configuration file.

Note

Arguments:

--file or -f

File system path to the complete and valid configuration file.

--kubeconfig

Path to Kubernetes configuration file containing cluster and authentication information to use.

--dry

Use this mode to not make any permanent changes to the target cluster. A dry run checks service account permissions and generates detailed logs about the charts to be deployed with the given configuration.

Example:

docker run --rm -v $(pwd):/install quay.io/domino/fleetcommand-agent:v60.1 \
destroy --file /install/domino.yml

config schema

Generates the JSON schema for the configuration file.

Arguments:

--file or -f

File system path to write the schema to. This must be a host volume mounted to the container, otherwise the output will not be saved.

Example:

docker run --rm -v $(pwd):/install quay.io/domino/fleetcommand-agent:v60.1 \
config schema --file /install/domino.schema.json

config lint

Checks if your configuration file has any validation errors.

Arguments:

--file or -f

File system path to a configuration file.

Example:

docker run --rm -v $(pwd):/install quay.io/domino/fleetcommand-agent:v60.1 \
config lint --file /install/domino.yml

Install process

Important
  1. Connect to a workstation that meets the installation automation requirements listed previously. You do not have to use an account with root privileges to run the installer.

  2. Log in to quay.io with the credentials described in the previous requirements section.

    docker login quay.io
  3. Retrieve the Domino installer image from quay.io.

    docker pull quay.io/domino/fleetcommand-agent:v60.1
  4. To generate a template configuration file named domino.yml, initialize the installer.

    docker run --rm -it -v $(pwd):/install quay.io/domino/fleetcommand-agent:v60.1 \
    init --file /install/domino.yml
  5. Edit the configuration file with details about the target cluster, storage systems, and host domain. Read the configuration reference for more information about available keys, and consult the configuration examples for guidance about how to get started.

    Update name from domino-deployment to something that identifies the purpose of your installation and contains the name of your organization.

  6. To install Domino, run the following code from the same directory as the configuration file. Fill in your quay.io credentials ($QUAY_USERNAME and $QUAY_PASSWORD) where indicated.

    #!/bin/bash
    
    set -ex
    
    kubectl delete po --ignore-not-found=true fleetcommand-agent-install
    
    kubectl create secret \
      docker-registry \
      -o yaml --dry-run=client \
      --docker-server=quay.io \
      --docker-username=$QUAY_USERNAME \
      --docker-password=$QUAY_PASSWORD \
      --docker-email=. domino-quay-repos | kubectl apply -f -
    
    kubectl create configmap \
      fleetcommand-agent-config \
      -o yaml --dry-run=client \
      --from-file=domino.yml | kubectl apply -f -
    
    cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: admin
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: admin-default
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: admin
      namespace: default
    ---
    apiVersion: v1
    kind: Pod
    metadata:
      name: fleetcommand-agent-install
    spec:
      serviceAccountName: admin
      imagePullSecrets:
        - name: domino-quay-repos
      restartPolicy: Never
      containers:
      - name: fleetcommand-agent
        image: quay.io/domino/fleetcommand-agent:v60.1
        args: ["run", "-f", "/app/install/domino.yml", "-v"]
        imagePullPolicy: Always
        volumeMounts:
        - name: install-config
          mountPath: /app/install/
      volumes:
      - name: install-config
        configMap:
          name: fleetcommand-agent-config
    EOF
    
    set +e
    while true; do
      sleep 5
      if kubectl logs -f fleetcommand-agent-install; then
        break
      fi
    done
  7. Installation can take up to 30 minutes to fully complete. The installer will output verbose logs and surface any errors it encounters, but it can also be useful to follow along in another terminal tab by running:

    kubectl get pods --all-namespaces

    This will show the status of all pods created by the installer. If you see a pod enter a crash loop or hang in a non-ready state, you can view the pod’s log:

    kubectl logs $POD_NAME --namespace $NAMESPACE_NAME

    Upon successful installation, the following message appears:

    <timestamp> INFO - fleetcommand_agent.Application - Deployment complete.
    Domino is accessible at $YOUR_FQDN

You can now access the application through HTTPS if you configure DNS for your fully-qualified domain name (FQDN) to point to an Ingress load balancer with the appropriate SSL certificates. The load balancer forwards traffic to your platform nodes.

Enable user registration

Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.