This topic describes how to deploy Domino components on Amazon Elastic Kubernetes Service (EKS). EKS is hosted on Amazon Web Services (AWS).
Amazon Web Services Command Line Interface (AWS CLI) doesn’t support SOCKS5 proxies, so you must run the commands directly from a machine that has network access to the Kubernetes cluster.
|
Note
| Before installing the following binaries, check for existing versions. |
-
Get a public bastion IP so you can connect to EKS:
aws cloudformation describe-stacks --stack-name $DEPLOY_NAME --region $AWS_REGION --query "Stacks[0].Outputs[?OutputKey=='bastionpublicip']".OutputValue --output text -
To connect to the bastion host, run:
ssh -i <your ssh key path> ec2-user@<bastion public ip>
-
Verify that the following binaries are installed:
# kubectl kubectl version --client=true --short=true #aws-cli aws --version #docker daemon is installed and running. docker --version docker psOtherwise follow these steps to install those missing:
-
Install Docker and exit the terminal. When you log in again, the modifications that you just made will become active:
sudo yum install -y docker sudo systemctl start docker sudo usermod -a -G docker ec2-user exit -
Install kubectl:
curl -LO https://dl.k8s.io/release/v1.21.11/bin/linux/amd64/kubectl chmod +x kubectl sudo mv kubectl /usr/local/bin/ImportantThe kubectlversion you install must be within one minor version difference of your EKS control plane. For example, if your EKS clusters are on Kubernetes version 1.21, install a version 1.20, 1.21, or 1.22kubectlclient.
-
-
Use environment variables to set the values of IDs, names, and labels. This simplifies the commands you’ll run while installing Domino components:
unset HISTFILE export DOMINO_VER=<The Domino version to deploy> export FLEET_COMMAND_TAG=<Tag that corresponds to the version of Domino deployed> export DEPLOY_NAME=<Name of deployment> export AWS_REGION=<The region to deploy the resources> export AWS_ACCESS_KEY_ID=<Your AWS access key ID> export AWS_SECRET_ACCESS_KEY=<Your AWS secret key> export QUAY_USERNAME=<`quay.io` username provided by Domino> export QUAY_PASSWORD=<`quay.io` password provided by Domino>TipYou can get the deployment tag from the fleetcommand-agent release notes. -
To retrieve the credentials for your Kubernetes cluster, check your local kubeconfig with:
export KUBECONFIG=$(pwd)/kubeconfig -
Update the kubeconfig:
aws cloudformation describe-stacks --stack-name $DEPLOY_NAME --region $AWS_REGION --query "Stacks[0].Outputs[?OutputKey=='ekskubeconfigcmd']".OutputValue --output text | bash -
CloudFormation is an AWS cloud provisioning tool. At the end of the Cloud Development Kit (CDK) deployment process, CloudFormation outputs a template file. You must have this template for Domino deployment.
Create the template file
-
Generate the CloudFormation template output as a YAML file:
aws cloudformation describe-stacks --stack-name $DEPLOY_NAME --region $AWS_REGION --query "Stacks[0].Outputs[?OutputKey=='agentconfig']".OutputValue --output text > domino.yml.template -
If you aren’t already logged into
quay.io, run the following:docker login -u $QUAY_USERNAME -p $QUAY_PASSWORD quay.io -
Generate a configuration file named
domino.ymlin your working directory:docker run --rm -it -v $(pwd):/install quay.io/domino/fleetcommand-agent:$FLEET_COMMAND_TAG init --file /install/domino.yml --version $DOMINO_VER --template /install/domino.yml.templateCaution-
This overwrites existing
domino.ymlfiles. -
Changing the defaults in
domino.ymlcan affect the deployment. If you must adjust its parameters, contact a Domino representative.
-
Install Domino with fleetcommand-agent
fleetcommand-agent installs and configures Domino components.
It uses the installation template to gather the required parameters for the environment and sets them when installing Domino components.
To install Domino on the infrastructure you prepared, run the following:
curl -o fleetcommand-agent-install.sh https://docs.dominodatalab.com/attachments/fleetcommand-agent-install.sh
bash fleetcommand-agent-install.sh $DOMINO_VERSee fleetcommand-agent-install.sh Downloads for more information.
|
Tip
|
If you encounter errors, investigate and resolve the root cause before you run fleetcommand-agent-sh again.
Failures are often related to resource quotas and limits.
Contact a Domino representative for assistance.
|
-
Go to
https://<YOUR-DOMAIN>/auth/. -
Login with the username
keycloakand the password from thekeycloak-httpsecret in thedomino-platformnamespace. -
Use the following command to get the password:
echo -e " your password is: $(kubectl get secret keycloak-http -n domino-platform --template={{.data.password}} | base64 -d) " -
Go to Users in the navigation pane and click Add User.
-
Enter the username, first name, last name, and email address, and then click Save.
-
Go to the Credentials tab and add a password.
-
Optional: Disable Temporary.
-
Click Set Password.
-
Go to Role Mappings.
-
From Client Roles, select domino-play.
-
Select the User role and add it to your user.
-
Go to the main page for your Domino deployment (for example,
https://<YOUR-DOMAIN>) and sign in with your new Domino user. -
Go to Environments > Domino Standard Environment Py3.8 R4.1 > Revisions and make sure the revision is active. If not, use Build Logs to try to solve the problem.
-
Go to Projects > Quick-start > Workspaces and launch a new workspace using Jupyter (this can take a while).
-
When the new workspace is created open
main.ipynband confirm that you can execute the script without errors.
Use Keycloak to enable user registration, so users can access your fresh Domino install. Keycloak is a user authentication service that runs on a pod in your cluster.
|
Important
| Create a canonical name (CNAME) to this host in your DNS, not an address record (A record). |