This topic is a basic outline of the Domino installation process.
If you need platform-specific instructions, see the following:
Use fleetcommand-agent
to install Domino.
fleetcommand-agent
is a Python-based automation tool that runs inside a Docker container.
Since Domino runs on Kubernetes, fleetcommand-agent
uses Helm to deploy Domino into a compatible cluster.
You can run fleetcommand-agent
locally or as a job in the target cluster.
Domino recommends that you use the streamlined domino.yaml files to complete your Domino install.
These are configuration files that ease the Domino deployment process.
domino.yaml
provides a streamlined experience, while domino-full.yaml
includes the default fields for advanced configuration.
See Streamlined domino.yaml Downloads for more information and a complete list of downloads for supported Kubernetes distributions and cloud platforms.
The install automation tools are delivered as a Docker image, and must run on an installation workstation that meets the following requirements:
-
Docker installed.
-
Access to download and install Helm through package manager or GitHub.
-
Access to quay.io and credentials for an installation service account with access to the Domino installer image and upstream image repositories. Throughout these instructions, these credentials will be referred to as
$QUAY_USERNAME
and$QUAY_PASSWORD
. Contact your Domino account team if you need new credentials.
-
Confirm that your workstation fulfills the installation requirements.
-
If you haven’t done so already, pull the
fleetcommand-agent
image. -
Access the default entrypoint for
fleetcommand-agent
:"Entrypoint": [ "python", "-m", "fleetcommand_agent"]
This command launches
fleetcommand-agent
inside the container at/app/fleetcommand_agent
. You can accessfleetcommand-agent
and run commands throughdocker run
:docker run --rm quay.io/domino/fleetcommand-agent:v60.1 $COMMAND $ARGUMENTS
The fleetcommand-agent
supports the following commands:
Arguments:
--file
or-f
-
File system path to write the template to. This must be a host volume mounted to the container to persist the output.
--full
or-F
-
Includes optional and advanced portions of the template. Should only be used when advanced options are needed, as configurations with these fields are more complex to maintain.
--version
-
Domino version to generate a configuration template for.
--image-registry
-
Provides an alternative registry to retrieve images for all Domino components. The value will be stored under
helm.image_registries
in your configuration file. --template
or-t
-
Specifies a configuration file to use as an override for the new configuration file. This must be a host volume mounted to the container, otheriwse the output will not be saved.
--preset
-
Specifies the appropriate cloud (
eks
,aks
,gke
oropenshift
) for cloud-specific configuration.
run
Installs Domino into a cluster specified by a Kubernetes configuration from the KUBECONFIG
environment variable. A valid configuration file must be passed in to this command.
Arguments:
--file
or-f
-
File system path to the complete and valid configuration file.
--kubeconfig
-
Path to Kubernetes configuration file containing cluster and authentication information to use.
--dry
-
Use this mode to not make any permanent changes to the target cluster. A dry run checks service account permissions and generates detailed logs about the charts to be deployed with the given configuration. The output is written to
\'/app/logs
and/app/.appr_chart_cache
inside the container.See the fleetcommand-agent Command Reference for more details.
Arguments:
--file
or-f
-
File system path to the complete and valid configuration file.
--kubeconfig
-
Path to Kubernetes configuration file containing cluster and authentication information to use.
--dry
-
Use this mode to not make any permanent changes to the target cluster. A dry run checks service account permissions and generates detailed logs about the charts to be deployed with the given configuration.
-
Connect to a workstation that meets the installation automation requirements listed previously. You do not have to use an account with root privileges to run the installer.
-
Log in to
quay.io
with the credentials described in the previous requirements section.docker login quay.io
-
Retrieve the Domino installer image from
quay.io
.docker pull quay.io/domino/fleetcommand-agent:v60.1
-
To generate a template configuration file named
domino.yml
, initialize the installer.docker run --rm -it -v $(pwd):/install quay.io/domino/fleetcommand-agent:v60.1 \ init --file /install/domino.yml
-
Edit the configuration file with details about the target cluster, storage systems, and host domain. Read the configuration reference for more information about available keys, and consult the configuration examples for guidance about how to get started.
Update
name
fromdomino-deployment
to something that identifies the purpose of your installation and contains the name of your organization. -
To install Domino, run the following code from the same directory as the configuration file. Fill in your
quay.io
credentials ($QUAY_USERNAME
and$QUAY_PASSWORD
) where indicated.#!/bin/bash set -ex kubectl delete po --ignore-not-found=true fleetcommand-agent-install kubectl create secret \ docker-registry \ -o yaml --dry-run=client \ --docker-server=quay.io \ --docker-username=$QUAY_USERNAME \ --docker-password=$QUAY_PASSWORD \ --docker-email=. domino-quay-repos | kubectl apply -f - kubectl create configmap \ fleetcommand-agent-config \ -o yaml --dry-run=client \ --from-file=domino.yml | kubectl apply -f - cat <<EOF | kubectl apply -f - apiVersion: v1 kind: ServiceAccount metadata: name: admin --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin namespace: default --- apiVersion: v1 kind: Pod metadata: name: fleetcommand-agent-install spec: serviceAccountName: admin imagePullSecrets: - name: domino-quay-repos restartPolicy: Never containers: - name: fleetcommand-agent image: quay.io/domino/fleetcommand-agent:v60.1 args: ["run", "-f", "/app/install/domino.yml", "-v"] imagePullPolicy: Always volumeMounts: - name: install-config mountPath: /app/install/ volumes: - name: install-config configMap: name: fleetcommand-agent-config EOF set +e while true; do sleep 5 if kubectl logs -f fleetcommand-agent-install; then break fi done
-
Installation can take up to 30 minutes to fully complete. The installer will output verbose logs and surface any errors it encounters, but it can also be useful to follow along in another terminal tab by running:
kubectl get pods --all-namespaces
This will show the status of all pods created by the installer. If you see a pod enter a crash loop or hang in a non-ready state, you can view the pod’s log:
kubectl logs $POD_NAME --namespace $NAMESPACE_NAME
Upon successful installation, the following message appears:
<timestamp> INFO - fleetcommand_agent.Application - Deployment complete. Domino is accessible at $YOUR_FQDN
You can now access the application through HTTPS if you configure DNS for your fully-qualified domain name (FQDN) to point to an Ingress load balancer with the appropriate SSL certificates. The load balancer forwards traffic to your platform nodes.
Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.