You don’t have to configure namespaces prior to install. Domino will create three namespaces in the cluster during installation, according to the following specifications:
Durable Domino application, metadata, platform services required for platform operation.
Ephemeral Domino execution pods launched by user actions in the application.
Domino installation metadata and secrets.
The OpenShift cluster must have worker nodes with the following specifications and distinct node labels. It includes optional pools:
Openshift Container Storage(OCS). This pool runs the storage nodes as part of the OCS Operator which is part of the Openshift Data Foundation (ODF) Operator.
GPU. Nodes in this pool contain Nvidia GPUs.
platform worker nodes need an aggregate minimum of 24 CPUs and 96G of memory.
Domino recommends that you spread the resources across multiple nodes with proper failure isolation (for example, availability zones).
We recommend deploying to at least three availability zones (AZs) for high availability and tolerance. You must create a machineset per AZ per node pool, AWS MachineSet Example.
For clusters on top of an elastic cloud provider like AWS, you must create ClusterAutoscaler, MachineAutoscaler and MachineHealthCheck resources to achieve node autoscaling.
In order to run GPU workloads in Openshift, the following will need to be installed:
Node Feature Discovery (NFD) Operator
Nvidia GPU Operator
GPU Enabled MachineSet
You can use the GPU Operator on OpenShift guide.
To confirm that you are able to schedule GPU workloads, you can create a pod that requires a GPU node.
spec: resources: limits: nvidia.com/gpu: 1
See the storage requirements for your infrastructure.
We recommend using the Openshift Data Foundation (ODF) Operator to handle the storage.
In order to create a storage cluster for ODF, the following must be installed:
OCS Dedicated MachineSet(Optional but recommended)
You can use the ODF CLI Install guide.
Confirm the following
storageclasses are created:
Domino must be configured to serve from a specific FQDN. To serve Domino securely over HTTPS, you also need an SSL certificate that covers the chosen name.
Domino relies on Kubernetes network policies to manage secure communication between pods in the cluster. By default, OpenShift uses the Cluster Network Operator to deploy the OpenShift SDN default CNI network provider plugin, which support network policies and hence should just work.
Domino uses the NGNIX ingress controller maintained by the Kubernetes project instead of (but does not replace) the OpenShift implemented HAProxy-based ingress controller and deploys the ingress controller as a node port service.
By default, the ingress listens on node ports 443 (HTTPS) and 80 (HTTP).
A load balancer must be set up to use your DNS name. For example, in AWS, you must setup the DNS so it points a CNAME at an Elastic Load Balancer.
After you complete the installation process, you must configure the load balancer to balance across the platform nodes at the ports specified by your ingress.
Domino deploys its own container image registry instead of using the
OpenShift built in container image registry.
During installation, the OpenShift cluster image configuration is
modified to trust the Domino certificate authority (CA).
This is done to ensure that OpenShift can run pods using Domino’s custom built images.
images.config.openshift.io/cluster resource, you can find a reference to a ConfigMap that contains the Domino CA.
spec: additionalTrustedCA: name: domino-deployment-registry-config
To generate an agent config for OpenShift, you can run the following:
fleetcommand-agent init --cloud openshift
For more details, see the Installation Process topic.