About Domino
Domino Data LabKnowledge BaseData Science BlogTraining

Provision Terraform infrastructure for Azure

Use this topic to provision infrastructure with Microsoft Azure. After the infrastructure is in place, you can deploy Domino on Azure Kubernetes Service (AKS).

Important

  • A Domino install can’t be hosted on a subdomain of another Domino install. For example, if you have Domino deployed at data-science.example.com, you can’t deploy another instance of Domino at acme.data-science.example.com.

  • Do not run commands using AZ Command Line Interface (CLI) version 2.33.0. This includes shells that run AZ CLI version 2.33.0, such as Azure Cloud Shell. That version of AZ CLI contains a bug that prevents vm create from working.

Orchestrate the installation

  1. To start a VM in your Azure environment before you have a dedicated bastion or Azure VM, use Azure Portal or Azure CLI to run the following:

    az vm create \
--resource-group $RG_NAME \
--name bastion \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys

  2. Sign in to the VM.

  3. Install the packages:

    apt update
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
mv kubectl /usr/local/bin
chmod +x /usr/local/bin/kubectl
apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
apt-get update && sudo apt-get install terraform
apt install -y containerd docker.io

  4. Add azureuser to the Docker group:

    +usermod -a -G docker azureuser

  5. Sign out to apply the group change:

    logout

  6. Sign in to the VM again.

  7. Sign in to Azure:

    az login

Provision your infrastructure with Domino’s Terraform module

Domino recommends that you use our public-facing Azure-specific Reference Terraform module. You can also reference this module to manually provision the environment and infrastructure.

  1. Create a resource group in your Azure subscription.

  2. Open the main.tf file and edit the following attributes:

    • domino-aks.api_server_authorized_ip_ranges: The IP ranges to allow incoming traffic into the server nodes. Enter null to allow all traffic.

    • domino-aks.resource_group: The name of the resource group that you created in the previous step.

    • domino-aks.deploy_id: The name of the AKS cluster to create.

    • domino-aks.kubernetes_version: The Kubernetes version.

    • Optional: domino-aks.namespaces: Update if you don’t want to use domino-platform and domino-compute.

    • Optional: domino-aks.node_pools.compute.vm_size: Update if you don’t want to use DS8_v2 SKU.

    • Optional: domino-aks.node_pools.compute.gpu: Update if you don’t want to use the NC6s_v3 SKU.

    • Optional: domino-aks.node_pools.compute.platform: Update if you don’t want to use the DS8_v2 SKU.

  3. To initialize the modules, run the following command in the same folder as main.tf:

    terraform init

  4. To start the infrastructure deployment, run the following commands:

    terraform plan -out=terraform.plan
terraform apply terraform.plan
Tip

  • You can ignore any deprecation warnings.

  • If you receive resource quota errors, check that the vCPU quotas in your Azure subscription are large enough to fulfill the node_pools values.