This topic describes how to deploy Domino components on Google Kubernetes Engine (GKE). GKE is hosted on Google Cloud Platform (GCP).
-
Run the following to create the
domino-platform
namespace:kubectl create namespace domino-platform
-
To make your application available through HTTPS, use the certificate for the project’s domain name to create a secret:
kubectl -n domino-platform create secret tls my-cert --key=<path to your private key> --cert=<path to your cert>
-
Get the
$FLEETCOMMAND_AGENT_TAG
for your target release from the releases page. -
Use environment variables to set some values used by the
ddlctl
CLI. This simplifies the commands you’ll run while installing Domino components:unset HISTFILE export QUAY_USERNAME=<`quay.io` username provided by Domino> export QUAY_PASSWORD=<`quay.io` password provided by Domino> export FLEETCOMMAND_AGENT_TAG=<Tag that corresponds to the version of Domino deployed>
-
Generate a GKE configuration file:
ddlctl create config --agent-version $FLEETCOMMAND_AGENT_TAG --preset gke
ImportantChanging the defaults in the generated configuration can affect the deployment. If you must adjust its parameters, contact a Domino representative. -
You must reference the Terraform output from the infrastructure deployment described in Provision infrastructure and runtime environment to complete the configuration. If you don’t have the output saved, run
terraform output
to retrieve it. -
Open the generated configuration file and edit the following attributes:
-
name
: The name of the deployment. This can’t be changed post-deployment. -
hostname
: The host name for the Domino install (for example,domino.example.com
). -
storage_class.block.type
:gce
-
storage_class.shared.type
:nfs
-
storage_class.shared.nfs.server
: Thegoogle_filestore_ip_address
from the Terraform output. -
storage_class.shared.nfs.mount_path
:/share1
(This must match thegoogle_filestore_file_share
Terraform output). -
blob_storage.projects.type
:shared
-
blob_storage.logs.type
:shared
-
blob_storage.backups.type
:gcs
-
blob_storage.backups.gcs.bucket
: Thegoogle_bucket_name
from the Terraform output. -
blob_storage.backups.gcs.service_account_name
: Thegoogle_platform_service_account
from the Terraform output. -
blob_storage.backups.gcs.project_name
: Thegoogle_project
from the Terraform output. -
helm.image_registries.*.username
: Yourquay.io
username. -
helm.image_registries.*.password
: Yourquay.io
password. -
image_building.cloud_registry_auth.gcp.service_account
: Thegoogle_gcr_service_account
from the Terraform output. -
internal_docker_registry
:null
-
external_docker_registry
: Thegoogle_artifact_registry
from the Terraform output.
-
-
Add the following code to the end of the file:
release_overrides:
nginx-ingress:
chart_values:
controller:
kind: Deployment
hostNetwork: false
service:
enabled: true
type: LoadBalancer
annotations:
cloud.google.com/backend-config: '{"ports": {"80":"nginx-ingress-controller","443":"nginx-ingress-controller"}}'
extraArgs:
default-ssl-certificate: domino-platform/my-cert
Domino recommends that you keep a backup copy of your final configuration file. To do this, use the following command:
cp domino.yml{,.backup-$( date +%s )}
With your configuration file ready, you can create a Domino
custom resource using ddlctl
:
$ ddlctl create domino --config {path-to-config-yaml} --agent-version $FLEETCOMMAND_AGENT_TAG
If you would prefer to just generate the Domino
custom resource YAML, you can supply the --export
flag and pipe the result to a file.
When the installation completes successfully, you should see a message that says:
2019-11-26 21:20:20,214 - INFO - fleetcommand_agent.Application - Deployment complete.
Domino is accessible at $YOUR_FQDN
Run the following to get the external IP to access your instance’s Domino management plane:
kubectl -n domino-platform get svc nginx-ingress-controller
You can use this to update your DNS records accordingly.
-
Go to
https://<YOUR-DOMAIN>/auth/
-
Login with the username
keycloak
and the password from thekeycloak-http
secret in thedomino-platform
namespace. -
Use the following command to get the password:
echo -e "\nyour password is: $(kubectl get secret keycloak-http -n domino-platform --template={{.data.password}} | base64 -d)\n"
-
Go to Users in the navigation pane and click Add User.
-
Enter the username, first name, last name, and email address, and then click Save.
-
Go to the Credentials tab and add a password.
-
Optional: Disable Temporary.
-
Click Set Password.
-
Go to Role Mappings.
-
From Client Roles, select domino-play.
-
Select the User role and add it to your user.
-
Go to the main page for your Domino deployment (for example,
https://\<YOUR-DOMAIN\>
) and sign in with your new Domino user. -
Go to Environments > Domino Standard Environment Py3.8 R4.1 > Revisions and make sure the revision is active. If not, use Build Logs to try to solve the problem.
-
Go to Projects > Quick-start > Workspaces and launch a new workspace using Jupyter (this can take a while).
-
When the new workspace is created open
main.ipynb
and confirm that you can execute the script without errors.