Domino 5.10.0 (March 2024)

Kubernetes - see the Kubernetes compatibility chart

Ray - 2.9.0

Spark - 3.5.0

Dask - 2024.1.0

MPI - 4.1.4

Palantir Foundry Data Sources now support OAuth token authentication.

Fully automated cost reporting setup process for users without an existing Athena cost report. For users with an existing Athena cost report, Domino can now easily import it to provide accurate cost information.

Upload files to subdirectories within Datasets using the optional --targetRelativePath optional flag in the Domino CLI.

Restrict Amazon S3 and Generic S3 Data Sources to only write and list data in a specific folder using the optional Subdirectory Path input field.

Some pages, including the Jobs table, now display dates based on local time format.

Grafana now supports Single Sign-On (SSO) with Domino credentials for easy login. SysAdmins receive automatic admin privileges in Grafana. A link to the Grafana UI has been added to the Advanced menu in the Domino Admin UI.

If the ShortLived.iFrameRequired feature flag is enabled, new Apps will be published with additional restrictions, limiting them to load only within an iFrame. Attempting to access an App URL directly will result in a 400 Bad Request error for users.

Performance improvements for the admin External Data Volumes page.

Performance improvements for all Data Source tabs, including in the admin panel.

Programmatically access file contents with the new Get Project Files Content endpoint. This new endpoint deprecates the Beta and Legacy API endpoints, which will be sunsetted in future releases.

Updates to the python-domino library:

Downloading single files from Datasets with filenames containing special characters like + and & now download successfully.

Improved handling of the Advanced section in Environment revisions. All fields from the Advanced section are now consistently included in new revisions of the Environment.

Data Source audit logs now log access events from SAS executions.

Updated XL sizing docs for increased memory requirements in rabbit and train services.

You can now use spaces in Azure blob store filenames when getting and putting objects in Azure data Sources with DominoDataR.

Users can see raw files whose size is ⇐ 5 MB (com.cerebro.domino.frontend.defaultMaxFileSizeToRenderInBytes) when they click on the "View Latest Raw File" button in the code file browser, even if their S3 buckets don’t have CORS enabled.

A small number of Domino executions will fail due to a transient issue in the underlying Kubernetes API version 1.28.3. If an execution fails with the error MountVolume.SetUp failed for volume 'execution-secrets-vol': failed to sync secret cache, retry the execution.

In Azure Blob Store deployments, Projects with many files may fail to sync through the Domino CLI. To work around this issue, do not disable file locking when prompted by Domino.

You cannot view the latest raw file if you click View Latest Raw File. In the navigation pane, go to Files and click a file to view its details.

When uploading a large file to the Azure blob store by syncing a Workspace, you may encounter a Java Out of Memory error from Azure if the file/blob already exists. To work around this issue, use the Domino CLI to upload the file to the Project.

Model Monitoring data sources aren’t validated. If you enter an invalid bucket name and attempt to save, the entry will go through. However, you won’t be able to see metrics for that entry because the name points to an invalid bucket.

Domino instances that make use of Azure Blob Storage may experience stalled Jobs within Projects with many large files.

If you attach a Git repository to a DFS Project that points to a tagged release, the tag won’t be honored when building a model API in that Project. The build log will show an error similar to the following, and the model will be built using the default branch of your Git repository instead of the tagged branch:

Jul 05 2023 14:36:27 -0500 #10 6.481 WARN [d.r.d.GitRepoUpdater] could not parse ref: v1.3.0 checking out default branch correlationId="iA2qWrYSLQ" thread="main"

If an admin resets a user’s password, it invalidates all the user’s authentication tokens, including tokens used for long-running tasks like Jobs, Workspaces, or Apps. The user must create a new password, log back into Domino, and restart all executions. This also applies to CLI authentication; the user must re-login to their Domino CLI.

In Domino 5.6, the cost analyzer pod (inactive unless Kubecost is enabled) defaults to a different storageClass compared to Domino 5.7. As a result, the pod won’t run after upgrading to 5.7, breaking Kubecost functionality. However, data will continue to persist in Prometheus (or custom storage if using Kubecost Enterprise).

The Rename dataset’s file button is unavailable from the global Dataset page. To rename a file, access the Dataset from the Project’s page.

The sample script for making asynchronous Model API requests contains an extra / at the end of the DOMINO_URL variable. As a result, running the script will show an error similar to the following.

{'requestId': 'key not found: HandlerDef', 'errors': ['java.util.NoSuchElementException: key not found: HandlerDef']}

The Jobs REST API uses GitRefV1 to reference Git objects (commits, branches, and tags). Not all examples in the API spec worked, so they’ve been updated to reflect the actual valid values. This change doesn’t affect API functionality; it’s just a fix to the documentation.

Links to Stack Trace and CPU Flame Graph in the Ray Cluster UI’s Cluster tab are broken due to an issue in Ray 2.4 not supporting links when hosted behind a reverse proxy. This problem is specific to the Cluster tab; links correctly function in other tabs. The issue is fixed in Ray 2.7 and will be updated in future Domino Ray image releases.

The section, Account Settings > Login Profile, has been temporarily disabled for all users, resulting in users not being able to edit their username, name, email, etc. This section will be rebuilt in a future Domino release.

Cost-analyzer provisions a new default blob storage on S3 that will be used as default storage for AWS users who use Domino-automated infrastructure install and upgrades. This storage is created with a 15-day retention period. As a result, data that was stored in Prometheus during the upgrade may not be available on S3 but still accessible on Prometheus. Additionally, data stored in S3 will only be available for 15 days. To increase the retention period, update the S3 lifecycle.

Cost-analyzer provides up to 15 days of data for users without an Enterprise license. As a result, no notification will be sent after 15 days if the budget threshold has been reached. To receive notifications after 15 days, please reach out to your Domino representative.

Azure AKS Hybrid with Istio, sets wrong vault port. As a workaround users need to update the kubernetes resource PeerAuthentication named vault-external using kubectl and set the port from 8200 to 8443 post Domino installation. This issue is fixed in Domino 5.10.1.

Azure AKS Hybrid with Istio, sets wrong rabbitmq-ha port. As a workaround users need to update the kubernetes resource PeerAuthentication named rabbitmq-ha-external PeerAuthentication and set the port from 5672/5552 to 5671/555 post Domino installation. This issue is fixed in Domino 5.10.1.

If a user is a collaborator on a project that contains some registered models in a model registry, and some of these models have a deployed model API, but the user doesn’t have permission to access them, then the user won’t be able to view the project’s model registry page. This issue is fixed in Domino 5.11.0.

Uploading a large amount of files in the UI gives a 502 Gateway error even though all files are successfully uploaded. This issue is fixed in Domino 5.11.0.

New Relic Open Metrics requires more memory than the default configuration in large-sized deployments. For detailed information and guidance on optimizing your deployment, please refer to our XL-sized deployment sizing guide.

Viewing dataset files in an Azure-based Domino cluster may lock files, preventing them from being deleted or modified. Restarting Nucleus frontend pods will release the lock. This issue is fixed in Domino 5.11.1.

Workspace auto-deletion notifications and the deletion itself may not complete successfully. The error "Cannot apply $addToSet to non-array field" may be observed in nucleus-workspace-volume-snapshot-cleaner or nucleus-develop pods. This issue may prevent idle workspaces from being automatically deleted. Contact Domino Support if you need help. This is fixed in Domino 6.0.0.

Uploading files to Datasets on Windows using the datasets_upload_files() function from the dominodatalab library may fail in versions earlier than 1.4.3. This issue is fixed in Domino 6.0.0.

Downloading a Dataset file with a space in its name using the Download Selected Items button can fail. As a workaround, you can download the file via the kebab icon next to the filename or rename the file before downloading. This issue is fixed in Domino 6.0.0.

GKE users that provisioned their infrastructure with Domino’s terraform-gcp-gke module must apply the changes introduced for 5.7.0 as of terraform-gcp-gke v2.5.0 when upgrading to ensure firewall rules work properly.

VPN support from within executions was updated to be disabled by default. Support can be enabled by setting the global config value com.cerebro.domino.computegrid.executions.allowVpn = true.

MongoDB is no longer the authoritative source of truth for User Roles. Keycloak has taken over the role. User Groups in Keycloak now correspond to Domino Global Roles, and a user’s membership status in these groups defines their Domino roles. The Central Config key authentication.oidc.externalRolesEnabled has been retired and no longer has any effect. Any edits made to roles in MongoDB will be overridden by the data from Keycloak.

EKS users are recommended to update the AWS VPC CNI settings to enable ANNOTATE_POD_IP to prevent execution timeout errors when an image pull takes longer than 10 minutes. To bypass the validation check during an upgrade, pass --warn-only as a command line option to the installer.

EKS users who provisioned their infrastructure with Domino’s terraform-aws-eks module must validate whether they want the new costs blob storage to be provisioned by default.

For customers with an XL-sized deployment that are upgrading to 5.9.0, RabbitMQ and New Relic resource requirements have increased.

Domino CLI clients version 1.x (released in 2017 or earlier) are no longer supported. It is recommended to upgrade to Domino CLI version 6.0.