Install configuration reference

KeyDescriptionRequiredValues

schema

Manifest schema version.

“1.0”

name

Unique deployment name.

[a-zA-Z0-9_-]+

version

Domino version to install.

Supported versions: 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6 4.1.7.

hostname

Hostname Domino will be accessible at.

Valid FQDN

pod_cidr

If network policies are enabled, allow external access from this CIDR.

Valid CIDR range, for example, 10.0.0.0/8

ssl_enabled

Should Domino only be accessible with HTTPS.

true, false

ssl_redirect

Should Domino automatically redirect to HTTPS on HTTP requests.

true, false

create_ingress_controller

Create an NGINX ingress controller.

true, false

request_resources

Create Kubernetes resource requests and limits for services.

true, false

enable_network_policies

Use network policies for fine-grained service access.

true, false

Note
 requires a compatible CNI plugin for example, Calico.

enable_pod_security_policies

Enables pod security policies for locked down system capabilities.

true, false

create_restricted_pod_security_policy

Creates pod security policies for locked down system capabilities.

true, false

Ingress controller

KeyDescriptionRequiredValues

ingress_controller.create

true, false

ingress_controller.gke_cluster_uuid

Namespaces

Use Namespaces to virtually segment Kubernetes executions. Domino creates namespaces according to the specifications in this section. The installer requires that these namespaces do not exist at installation.

KeyDescriptionRequiredValues

namespaces.platform.name

Namespace to place Domino services.

Kubernetes Names

namespaces.compute.name

Namespace for user executions.

Kubernetes Names

Note
 Might be the same as the platform namespace.

namespaces.system.name

Namespace for deployment metadata.

Kubernetes Names

namespaces.*.annotations

Optional annotations to apply to each namespace

Kubernetes Annotation

namespaces.*.labels

Optional labels to apply to each namespace

Kubernetes Labels and Selectors

Storage classes

Storage Classes are a way to abstract the dynamic provisioning of volumes in Kubernetes.

Domino requires the following storage classes:

  1. block storage for Domino services and user executions that need fast I/O.

  2. shared storage that can be shared between multiple executions.

Domino supports pre-created storage classes, although the installer can create a shared storage class backed by NFS or a cloud NFS analog as long as the cluster can access the NFS system for read and write, and the installer can create several types of block storage classes backed cloud block storage systems like Amazon EBS.

Block

KeyDescriptionRequiredValues

storage_classes.block.create

Whether to create the block storage class.

true, false

storage_classes.block.name

The block storage class name.

Kubernetes Name

Note
 Always required due to platform limitations. Cannot be "" which indicates the default storage class.

storage_classes.block.type

Type of the block storage class to use.

  • ebs

  • hostpath

  • gce

  • azure-disk

storage_classes.block.base_path

Base path to use on nodes with hostpath volumes.

storage_classes.block.default

Whether to set this storage class as the default.

true, false

Shared

KeyDescriptionRequiredValues

storage_classes.shared.create

Whether to create the shared storage class.

true, false

storage_classes.shared.name

The shared storage class name.

Kubernetes Name

storage_classes.shared.type

Type of the shared storage class to use.

  • efs

  • nfs

  • azure-file Azure File requires outbound port 445 to be open from your Azure cluster.

storage_classes.shared.efs.region

EFS store AWS region.

For example, us-west-2

storage_classes.shared.efs.filesystem_id

EFS filesystem ID.

For example, fs-7a535bd1

storage_classes.shared.nfs.server

NFS server IP or hostname.

storage_classes.shared.nfs.mount_path

Base path to use on the server when you create shared storage volumes

storage_classes.shared.nfs.mount_options

YAML List of additional NFS mount options.

For example, - mfsymlinks

storage_classes.shared.azure_file.storage_account

Azure storage account to create file stores.

Blob storage

Domino can store long-term, unstructured data in blob storage buckets. Only the shared storage class described previously, NFS and S3, are supported.

To apply a default S3 bucket or shared storage type to all use-cases of blob storage, you must only enter the default setting and make sure enabled is true. Otherwise, all other blob storage uses (projects, logs, and backups) must be filled out.

KeyDescriptionRequiredValues

blob_storage.default.enabled

Whether the default configuration must take precedence over individual config keys.

true, false

blob_storage.*.type

The type of blob storage to use.

  • shared

  • s3

blob_storage.*.s3.region

AWS region of the S3 bucket store.

For example, us-west-2

blob_storage.*.s3.bucket

S3 bucket name.

For example, domino-bucket-1

Autoscaler

For Kubernetes clusters without native cluster scaling in response to new user executions, Domino supports the use of the cluster autoscaler.

KeyDescriptionRequiredValues

autoscaler.enabled

Enable cluster autoscaling.

true, false

autoscaler.cloud_provider

Cloud provider Domino is deployed with.

  • aws

autoscaler.aws.region

AWS region Domino is deployed into.

For example, us-west-2

autoscaler.azure.resource_group

Azure resource group Domino is deployed into.

Azure resource group

autoscaler.azure.subscription_id

Azure subscription ID Domino is deployed with.

Azure subscription ID

Groups

Autoscaling groups are not dynamically discovered. Each autoscaling group must be individually specified, along with the minimum and maximum scaling size.

KeyDescriptionRequiredValues

autoscaler.groups.*.name

Autoscaling group name.

Must exactly match the name in the cloud provider

autoscaler.groups.*.min_size

Minimum scaling size.

For example, 0

autoscaler.groups.*.max_size

Maximum scaling size.

For example, 10

External DNS

Domino can automatically configure your cloud DNS provider. See external-dns for more information.

KeyDescriptionRequiredValues

external_dns.enabled

Whether Domino must configure cloud DNS.

true, false

external_dns.provider

Cloud DNS provider.

For example, aws

external_dns.domain_filters

Only allow access to domains that match this filter.

For example, my-domain.example.com

external_dns.zone_id_filters

Only allow updates to specific hosted zones.

txt_owner_id

The owner ID in the TXT record.

Email notifications

Domino supports SMTP to send email notifications in response to user actions and run results.

KeyDescriptionRequiredValues

email_notifications.enabled

Whether Domino must send email notifications.

true, false

email_notifications.server

SMTP server hostname or IP.

email_notifications.port

SMTP server port.

email_notifications.encryption

Whether the SMTP server uses SSL encryption.

email_notifications.from_address

Email address to send emails from Domino with.

For example, domino @example.com

email_notifications.authentication.username

If you use SMTP authentication, the username.

email_notifications.authentication.password

If you use SMTP authentication, the password.

Monitoring

Domino supports in-cluster monitoring with Prometheus as well as more detailed, external monitoring through New Relic APM and Infrastructure.

KeyDescriptionRequiredValues

monitoring.prometheus_metrics

Install Prometheus monitoring.

true, false

monitoring.newrelic.apm

Enable New Relic APM.

true, false

monitoring.newrelic.infrastructure

Enable New Relic Infrastructure.

true, false

monitoring.newrelic.license_key

New Relic account license key.

Configuration for the Helm repository that stores Domino’s charts.

KeyDescriptionRequiredValues

helm.tiller_image

Unversioned Tiller Docker image reference.

  • gcr.io/kubernetes-helm/tiller

  • mirrors.domino.tech/kubernetes-helm/tiller

helm.appr_registry

Quay Application Registry host.

  • quay.io

  • mirrors.domino.tech

helm.appr_insecure

Allow insecure application registry references.

true, false

helm.appr_username

Username for Quay AppR.

helm.appr_password

Password for Quay AppR.

Private Docker registry

Configuration for the Docker repository that stores Domino’s images.

KeyDescriptionRequiredValues

private_docker_registry.server

Docker registry host.

  • quay.io

  • mirrors.domino.tech

private_docker_registry.username

Docker registry username.

private_docker_registry.password

Docker registry password.

Internal Docker registry

The recommended configuration for the internal Docker registry deployed with Domino. Use override values to allow the registry to use S3, GCS, or Azure blob store as a backend store. GCS requires a service account already be bound into the Kubernetes cluster with configuration to ensure the docker-registry service account is properly mapped.

Note
 Either internal_docker_registry or external_docker_registry must be configured.
KeyDescriptionRequiredValues

internal_docker_registry.s3_override.region

AWS region of the S3 bucket store.

For example, us-west-2

internal_docker_registry.s3_override.bucket

S3 bucket name.

For example, domino-bucket-1

internal_docker_registry.s3_override.sse_kms_key_id

KMS Key ID.

For example, 00826efc-2e4b-573d-8d0e-a4ce90811865

internal_docker_registry.gcs_override.bucket

GCS bucket name.

For example, domino-bucket-1

internal_docker_registry.gcs_override.service_account_name

GCS service account with access to the bucket.

internal_docker_registry.gcs_override.project_name

GCP project name that Domino is deployed into.

internal_docker_registry.azure_blobs_override.account_name

Azure blobstore account name.

internal_docker_registry.azure_blobs_override.account_key

Azure blobstore account key.

internal_docker_registry.azure_blobs_override.container

Azure blobstore container name.

Telemetry

Domino supports user telemetry data to help improve the product.

KeyDescriptionRequiredValues

intercom.enabled

Enable Intercom onboarding.

true, false

mixpanel.enabled

Enable MixPanel.

true, false

mixpanel.token

MixPanel API token.

GPU

If using GPU compute nodes, enable the following configuration setting to install the required components.

KeyDescriptionRequiredValues

gpu.enabled

Enable GPU support.

true, false

Fleetcommand

Domino supports minor patches through an internal tool named Fleetcommand.

KeyDescriptionRequiredValues

fleetcommand.enabled

Enable ability for Domino staff to apply minor patches.

true, false

fleetcommand.api_token

Server API token

Full configuration

schema: '1.0'
name: domino-deployment
version: 4.1.7
hostname: domino.example.org
pod_cidr: ''
ssl_enabled: true
ssl_redirect: true
request_resources: true
enable_network_policies: true
enable_pod_security_policies: true
create_restricted_pod_security_policy: true
namespaces:
  platform:
    name: domino-platform
    annotations: {}
    labels:
      domino-platform: 'true'
  compute:
    name: domino-compute
    annotations: {}
    labels: {}
  system:
    name: domino-system
    annotations: {}
    labels: {}
ingress_controller:
  create: true
  gke_cluster_uuid: ''
storage_classes:
  block:
    create: true
    name: dominodisk
    type: ebs
    base_path: ''
    default: false
  shared:
    create: true
    name: dominoshared
    type: efs
    efs:
      region: ''
      filesystem_id: ''
    nfs:
      server: ''
      mount_path: ''
      mount_options: []
    azure_file:
      storage_account: ''
blob_storage:
  projects:
    type: s3
    s3:
      region: ''
      bucket: ''
      sse_kms_key_id: ''
    azure:
      account_name: ''
      account_key: ''
      container: ''
    gcs:
      bucket: ''
      service_account_name: ''
      project_name: ''
  logs:
    type: s3
    s3:
      region: ''
      bucket: ''
      sse_kms_key_id: ''
    azure:
      account_name: ''
      account_key: ''
      container: ''
    gcs:
      bucket: ''
      service_account_name: ''
      project_name: ''
  backups:
    type: s3
    s3:
      region: ''
      bucket: ''
      sse_kms_key_id: ''
    azure:
      account_name: ''
      account_key: ''
      container: ''
    gcs:
      bucket: ''
      service_account_name: ''
      project_name: ''
  default:
    type: s3
    s3:
      region: ''
      bucket: ''
      sse_kms_key_id: ''
    azure:
      account_name: ''
      account_key: ''
      container: ''
    gcs:
      bucket: ''
      service_account_name: ''
      project_name: ''
    enabled: false
autoscaler:
  enabled: false
  cloud_provider: aws
  groups:
  - name: ''
    min_size: 0
    max_size: 0
  aws:
    region: ''
  azure:
    resource_group: ''
    subscription_id: ''
spotinst_controller:
  enabled: false
  token: ''
  account: ''
external_dns:
  enabled: false
  provider: aws
  domain_filters: []
  zone_id_filters: []
email_notifications:
  enabled: false
  server: smtp.customer.org
  port: 465
  encryption: ssl
  from_address: domino@customer.org
  authentication:
    username: ''
    password: ''
monitoring:
  prometheus_metrics: true
  newrelic:
    apm: false
    infrastructure: false
    license_key: ''
helm:
  tiller_image: gcr.io/kubernetes-helm/tiller
  appr_registry: quay.io
  appr_insecure: false
  appr_username: ''
  appr_password: ''
private_docker_registry:
  server: quay.io
  username: ''
  password: ''
internal_docker_registry:
  s3_override:
    region: ''
    bucket: ''
    sse_kms_key_id: ''
  gcs_override:
    bucket: ''
    service_account_name: ''
    project_name: ''
  azure_blobs_override:
    account_name: ''
    account_key: ''
    container: ''
telemetry:
  intercom:
    enabled: false
  mixpanel:
    enabled: false
    token: ''
gpu:
  enabled: false
fleetcommand:
  enabled: false
  api_token: ''
teleport:
  acm_arn: arn:aws:acm:<region>:<account>:certificate/<id>
  enabled: false
  hostname: teleport-domino.example.org