See also the fleetcommand-agent Release Notes.
The following versions have been validated with Domino 5.10.0. Other versions might be compatible but are not guaranteed.
-
Kubernetes - see the Kubernetes compatibility chart
-
Ray - 2.9.0
-
Spark - 3.5.0
-
Dask - 2024.1.0
-
MPI - 4.1.4
AI Hub (GA)
Explore and deploy AI solutions efficiently with the new AI Hub. The AI Hub offers a repository of prebuilt, enterprise-ready solutions and templates for various ML use cases, empowering you to innovate and rapidly implement industry-specific solutions.
AI Gateway (GA)
Leverage the power of Large Language Model providers like OpenAI and AWS bedrock safely with the AI Gateway. The AI Gateway lets users enjoy the benefits of provider-hosted models while ensuring that they follow security best practices.
Pinecone vector database support (GA)
The new Pinecone vector database Data Source connector enables easy, secure access to vectorized content stored in Pinecone. Domino Data Sources provide enhanced security and governance capabilities while supporting cutting-edge Generative AI use cases.
Domino Service Accounts (preview)
Introducing Domino Service Accounts for secure, token-based API access from outside of the Domino cluster, enhancing automation and integration capabilities.
Project goal stage templates (GA)
Standardize and streamline project management with Project goal stage templates, allowing for efficient goal setting and tracking.
Project size estimates (GA)
The Admin UI for Projects now includes Project size estimates for the Domino File System. Project sizing can be used as an auditing mechanism or to estimate volume sizes for Jobs and Workspaces.
Model Monitoring tags (GA)
Categorize and manage your monitored models effectively with Model Monitoring tags, facilitating easier discovery and sharing.
Improved and streamlined Git tooling (GA)
-
Create Git branches directly in the UI from the Code page or when creating a new Workspace.
-
Git-based Projects now support file viewing from the Code page.
-
Mandatory commit messages can be enabled to enforce internal documentation best practices.
-
Type-ahead search for file names when configuring your Job (parity with DFS projects).
-
Palantir Foundry Data Sources now support OAuth token authentication.
-
Fully automated cost reporting setup process for users without an existing Athena cost report. For users with an existing Athena cost report, Domino can now easily import it to provide accurate cost information.
-
Upload files to subdirectories within Datasets using the optional
--targetRelativePath
optional flag in the Domino CLI.
-
Restrict Amazon S3 and Generic S3 Data Sources to only write and list data in a specific folder using the optional
Subdirectory Path
input field.
-
Some pages, including the Jobs table, now display dates based on local time format.
-
Grafana now supports Single Sign-On (SSO) with Domino credentials for easy login. SysAdmins receive automatic admin privileges in Grafana. A link to the Grafana UI has been added to the Advanced menu in the Domino Admin UI.
-
If the
ShortLived.iFrameRequired
feature flag is enabled, new Apps will be published with additional restrictions, limiting them to load only within an iFrame. Attempting to access an App URL directly will result in a400 Bad Request
error for users.
-
Performance improvements for the admin External Data Volumes page.
-
Performance improvements for all Data Source tabs, including in the admin panel.
-
Programmatically access file contents with the new Get Project Files Content endpoint. This new endpoint deprecates the Beta and Legacy API endpoints, which will be sunsetted in future releases.
-
Updates to the python-domino library:
-
New:
blobs_get_v2()
- Get contents of a file in a Domino project. -
New:
datasets_upload_files()
- Upload a file or entire directory to a dataset. -
Deprecated:
blobs_get()
- Deprecated in favor of blobs_get_v2.
-
-
Downloading single files from Datasets with filenames containing special characters like
+
and&
now download successfully.
-
Improved handling of the Advanced section in Environment revisions. All fields from the Advanced section are now consistently included in new revisions of the Environment.
-
Data Source audit logs now log access events from SAS executions.
-
Updated XL sizing docs for increased memory requirements in rabbit and train services.
-
You can now use spaces in Azure blob store filenames when getting and putting objects in Azure data Sources with DominoDataR.
-
A small number of Domino executions will fail due to a transient issue in the underlying Kubernetes API version 1.28.3. If an execution fails with the error
MountVolume.SetUp failed for volume 'execution-secrets-vol': failed to sync secret cache
, retry the execution.
-
S3 buckets must have CORS enabled to use the View Latest Raw File button in the code file browser if the file is > 5 MB (
com.cerebro.domino.frontend.defaultMaxFileSizeToRenderInBytes
). As a workaround, use the Download button to download larger files and view them on your computer.
-
In Azure Blob Store deployments, Projects with many files may fail to sync through the Domino CLI. To work around this issue, do not disable file locking when prompted by Domino.
-
You cannot view the latest raw file if you click View Latest Raw File. In the navigation pane, go to Files and click a file to view its details.
-
When uploading a large file to the Azure blob store by syncing a Workspace, you may encounter a Java Out of Memory error from Azure if the file/blob already exists. To work around this issue, use the Domino CLI to upload the file to the Project.
-
Model Monitoring data sources aren’t validated. If you enter an invalid bucket name and attempt to save, the entry will go through. However, you won’t be able to see metrics for that entry because the name points to an invalid bucket.
-
Domino instances that make use of Azure Blob Storage may experience stalled Jobs within Projects with many large files.
-
If you attach a Git repository to a DFS Project that points to a tagged release, the tag won’t be honored when building a model API in that Project. The build log will show an error similar to the following, and the model will be built using the default branch of your Git repository instead of the tagged branch:
Jul 05 2023 14:36:27 -0500 #10 6.481 WARN [d.r.d.GitRepoUpdater] could not parse ref: v1.3.0 checking out default branch correlationId="iA2qWrYSLQ" thread="main"
To work around this issue, use the branch name when building model APIs instead of the release tag.
-
If an admin resets a user’s password, it invalidates all the user’s authentication tokens, including tokens used for long-running tasks like Jobs, Workspaces, or Apps. The user must create a new password, log back into Domino, and restart all executions. This also applies to CLI authentication; the user must re-login to their Domino CLI.
-
In Domino 5.6, the cost analyzer pod (inactive unless Kubecost is enabled) defaults to a different
storageClass
compared to Domino 5.7. As a result, the pod won’t run after upgrading to 5.7, breaking Kubecost functionality. However, data will continue to persist in Prometheus (or custom storage if using Kubecost Enterprise).To prevent this issue while still in Domino 5.6, override the default storageClass
gp2
with the one expected in 5.7,dominodisk
, during Kubecost installation by settingrelease_overrides.cost-analyzer.chart_values.persistentVolume.storageClass
todominodisk
in the agent YAML before installing Kubecost.If you’ve already installed Kubecost on Domino 5.6, avoid the upgrade error by setting
release_overrides.cost-analyzer.chart_values.persistentVolume.storageClass
togp2
in the agent YAML configuration file before upgrading to 5.7.
-
The Rename dataset’s file button is unavailable from the global Dataset page. To rename a file, access the Dataset from the Project’s page.
-
The sample script for making asynchronous Model API requests contains an extra
/
at the end of theDOMINO_URL
variable. As a result, running the script will show an error similar to the following.{'requestId': 'key not found: HandlerDef', 'errors': ['java.util.NoSuchElementException: key not found: HandlerDef']}
To work around this issue, remove the trailing
/
at the end of theDOMINO_URL
variable.
-
The Jobs REST API uses
GitRefV1
to reference Git objects (commits, branches, and tags). Not all examples in the API spec worked, so they’ve been updated to reflect the actual valid values. This change doesn’t affect API functionality; it’s just a fix to the documentation.
-
Links to Stack Trace and CPU Flame Graph in the Ray Cluster UI’s Cluster tab are broken due to an issue in Ray 2.4 not supporting links when hosted behind a reverse proxy. This problem is specific to the Cluster tab; links correctly function in other tabs. The issue is fixed in Ray 2.7 and will be updated in future Domino Ray image releases.
-
The section, Account Settings > Login Profile, has been temporarily disabled for all users, resulting in users not being able to edit their username, name, email, etc. This section will be rebuilt in a future Domino release.
-
Cost-analyzer provisions a new default blob storage on S3 that will be used as default storage for AWS users who use Domino-automated infrastructure install and upgrades. This storage is created with a 15-day retention period. As a result, data that was stored in Prometheus during the upgrade may not be available on S3 but still accessible on Prometheus. Additionally, data stored in S3 will only be available for 15 days. To increase the retention period, update the S3 lifecycle.
-
Cost-analyzer provides up to 15 days of data for users without an Enterprise license. As a result, no notification will be sent after 15 days if the budget threshold has been reached. To receive notifications after 15 days, please reach out to your Domino representative.
-
Azure AKS Hybrid with Istio, sets wrong
vault
port. As a workaround users need to update the kubernetes resourcePeerAuthentication
namedvault-external
usingkubectl
and set the port from8200
to8443
post Domino installation. This issue is fixed in Domino 5.10.1.
-
Azure AKS Hybrid with Istio, sets wrong
rabbitmq-ha
port. As a workaround users need to update the kubernetes resourcePeerAuthentication
namedrabbitmq-ha-external
PeerAuthentication
and set the port from5672/5552
to5671/555
post Domino installation. This issue is fixed in Domino 5.10.1.
-
If a user is a collaborator on a project that contains some registered models in a model registry, and some of these models have a deployed model API, but the user doesn’t have permission to access them, then the user won’t be able to view the project’s model registry page. This issue is fixed in Domino 5.11.0.
-
Uploading a large amount of files in the UI gives a 502 Gateway error even though all files are successfully uploaded. This issue is fixed in Domino 5.11.0.
-
New Relic Open Metrics requires more memory than the default configuration in large-sized deployments. For detailed information and guidance on optimizing your deployment, please refer to our XL-sized deployment sizing guide.
-
Viewing dataset files in an Azure-based Domino cluster may lock files, preventing them from being deleted or modified. Restarting Nucleus frontend pods will release the lock. This issue is fixed in Domino 5.11.1.
-
Workspace auto-deletion notifications and the deletion itself may not complete successfully. The error
"Cannot apply $addToSet to non-array field"
may be observed in nucleus-workspace-volume-snapshot-cleaner or nucleus-develop pods. This issue may prevent idle workspaces from being automatically deleted. Contact Domino Support if you need help. This is fixed in Domino 6.0.0.
-
GKE users that provisioned their infrastructure with Domino’s terraform-gcp-gke module must apply the changes introduced for
5.7.0
as of terraform-gcp-gke v2.5.0 when upgrading to ensure firewall rules work properly. -
VPN support from within executions was updated to be disabled by default. Support can be enabled by setting the global config value
com.cerebro.domino.computegrid.executions.allowVpn = true
.
-
MongoDB is no longer the authoritative source of truth for User Roles. Keycloak has taken over the role. User Groups in Keycloak now correspond to Domino Global Roles, and a user’s membership status in these groups defines their Domino roles. The Central Config key
authentication.oidc.externalRolesEnabled
has been retired and no longer has any effect. Any edits made to roles in MongoDB will be overridden by the data from Keycloak.
-
EKS users are recommended to update the AWS VPC CNI settings to enable
ANNOTATE_POD_IP
to prevent execution timeout errors when an image pull takes longer than 10 minutes. To bypass the validation check during an upgrade, pass--warn-only
as a command line option to the installer.
-
EKS users who provisioned their infrastructure with Domino’s terraform-aws-eks module must validate whether they want the new costs blob storage to be provisioned by default.
-
For customers with an XL-sized deployment that are upgrading to 5.9.0, RabbitMQ and New Relic resource requirements have increased.