About Domino
Domino Data LabKnowledge BaseData Science BlogTraining

Deploy Domino

Use the information in this section to deploy Domino components in the Azure infrastructure.

  1. Use the environment variables to set the values of IDs, names, and labels in your Azure environment. This simplifies the commands that you will use when installing the Domino components.

    export SUB_ID=<ID of the subscription where AKS was deployed>
export RG_NAME=<Name of the resource group where AKS was deployed>
export CLUSTER_NAME=<AKS cluster name>
export DOMINO_VER=<Domino version to deploy>
export QUAY_USERNAME=<quay.io username provided by Domino>
export QUAY_PASSWORD=<quay.io password provided by Domino>
    Note

  2. To retrieve credentials for the Kubernetes cluster, run the following command to add the AKS credentials to your kubectl config file:

    az aks get-credentials --subscription $SUB_ID --resource-group $RG_NAME --name $CLUSTER_NAME

  3. To create the domino-platform namespace, run:

    kubectl create namespace domino-platform

  4. To set up your HTTPS certificate, run the following command to create a secret that uses the certificate for the domain name. This domain name allows the Domino management plane to be accessible through HTTPS:

    kubectl -n domino-platform create secret tls my-cert --key=<path to your private key> --cert=<path to your cert>

The fleetcommand-agent runs as a container. It installs and configures Domino components. The fleetcommand-agent uses an installation template to gather the required parameters for the environment and sets them when installing Domino components.

The installation process with fleetcommand-agent generates a blank installation template where you enter your environment parameters and then provide them to fleetcommand-agent to perform the installation tasks.

Generate a blank installation template with fleetcommand-agent:

  1. If you aren’t logged into quay.io, execute: docker login -u $QUAY_USERNAME -p $QUAY_PASSWORD quay.io

  2. Run the following command to generate a domino.yml template configuration file in the current working directory.

    Note
    docker run --rm -it \
  -v $(pwd):/install \
  quay.io/domino/fleetcommand-agent:v61 \
  init --file /install/domino.yml --version $DOMINO_VER --preset aks
    Note
Enter your environment parameters into the configuration template

  1. Open the domino.yml file and edit the attributes as follows:

    • name: The name of the deployment. This can’t be changed post-deployment.

    • hostname: The hostname for the Domino install (for example, domino.example.com).

    • pod_cidr: The default network range is 10.0.0.0/8, but this must match the full IP range that your cluster uses.

    • storage_classes.block.type: azure-disk

    • storage_classes.shared.type: azure-file

    • blob_storage.projects.azure.account_name: STORAGE_ACCOUNT_NAME value

    • blob_storage.projects.azure.account_key: STORAGE_ACCOUNT_KEY value

    • blob_storage.projects.azure.container: STORAGE_ACCOUNT_CONTAINER_NAME value

    • blob_storage.logs.type: shared

    • blob_storage.backups.type: shared

    • blob_storage.backups.azure.account_name: STORAGE_ACCOUNT_NAME value

    • blob_storage.backups.azure.account_key: STORAGE_ACCOUNT_KEY value

    • blob_storage.backups.azure.container: STORAGE_ACCOUNT_CONTAINER_NAME value

    • helm.image_registries.*.username: Your quay.io username.

    • helm.image_registries.*.password: Your quay.io password.

    • image_building.cloud_registry_auth.azure.tenant_id: TENANT_ID value

    • image_building.cloud_registry_auth.azure.client_id: CLIENT_ID value

    • image_building.cloud_registry_auth.azure.client_secret: optional CLIENT_SECRET value

    • internal_docker_registry : null

    • external_docker_registry: The container registry DNS name.

  2. Add the following code to the end of the file. Replace <TENANT_ID value> and <AAD_CLIENT_ID value> with the values for your Azure account and cluster.

    release_overrides:
  nginx-ingress:
    chart_values:
      controller:
        kind: Deployment
        hostNetwork: false
        service:
          enabled: true
          type: LoadBalancer
          annotations:
            service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/healthz"
        extraArgs:
          default-ssl-certificate: domino-platform/my-cert
    Note
Install Domino with fleetcommand-agent

Download fleetcommand-agent-install.sh. See Install Script Downloads if you need another version of the install script for your Domino release. Run the fleetcommand-agent-install.sh script from the same folder where the domino.yml file is located.

Tip
Setup DNS:

Use kubectl -n domino-platform get svc nginx-ingress-controller to get the external IP to access your instance’s Domino management plane so that you can update your DNS records accordingly.

Note

+ If you use Azure Front Door or a similar CDN that doesn’t support WebSockets, you must route incoming traffic so that it skips the CDN.

+ As an alternative, Application Gateway has native WebSocket support.

Validate your installation:

  1. To perform basic validation, go to https://\<YOUR DOMAIN\>/auth/.

  2. Login with the username keycloak and the password from the keycloak-http secret in the domino-platform namespace.

  3. Use the following command to get the password:

    echo -e "\nyour password is: $(kubectl get secret keycloak-http  -n domino-platform --template={{.data.password}} | base64 -d)\n"

  4. Go to Users in the navigation pane and click Add User.

  5. Enter the username, first name, last name, email address, and then click Save.

  6. Go to the Credentials tab and add a password.

  7. Optional: Disable Temporary.

  8. Click Set Password.

  9. Go to Role Mappings.

  10. From Client Roles, select domino-play.

  11. Select the User role and add it to your user.

  12. Go to the main page for your Domino deployment (for example, https://\<YOUR DOMAIN\>) and sign in with your new Domino user.

  13. Go to Environments > Domino Standard Environment Py3.8 R4.1 > Revisions and make sure the revision is active. If not, use Build Logs to try to solve the problem.

  14. Go to Projects > Quick-start > Workspaces and launch a new workspace using Jupyter (this can take a while).

  15. When the new workspace is created open main.ipynb and confirm that you can execute the script without errors.

Enable user registration

Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.

Domino Data LabKnowledge BaseData Science BlogTraining
Copyright © 2022 Domino Data Lab. All rights reserved.