Hi all Looking for some clarification with respect to using dagster #deployment-kubernetes

Hi all! Looking for some clarification with respec...

raaid

10/17/2021, 7:21 AM

Hi all! Looking for some clarification with respect to using the Helm chart, an external Postgres instance, and Kubernetes secrets. I have read through this, and understand that there needs to be (either generated by the Helm chart or not) a secret for the Postgres password. I have been generating the secret using the Helm chart, but now I don't want to do that. I believe that means I set:

Copy code

generatePostgresqlPasswordSecret: false

So, do I still need to set these? Because the secret only stores the password. I don't want to set these here, I want all of this to be pulled from Kubernetes secrets.

Copy code

postgresql:
  enabled: false
  postgresqlHost: "postgresqlHost"
  postgresqlUsername: "postgresqlUsername"
  postgresqlPassword: "postgresqlPassword"
  postgresqlDatabase: "postgresqlDatabase"
  service:
    port: 5432

If I don't set these, I don't see how the pieces that need to talk to Postgres would be able to. Is there any way to point to postgres without writing this all in the Helm chart?

raaid

10/17/2021, 7:46 AM

So it looks like the

dagster-instance

configmap uses the

postgresql

values here

raaid

10/18/2021, 10:52 AM

Would defining my own dagster.yaml help? Where I can name expected env vars for the postgres creds, like so: https://docs.dagster.io/deployment/dagster-instance#postgresrunstorage

raaid

10/18/2021, 11:00 AM

Hmm I'm guessing that won't help since the Helm chart simply passes along the values in the postgres section to the various storage controllers

raaid

10/18/2021, 3:56 PM

@max I hope it is okay to at-mention you here since I see you replying in the support channel (if that isn't okay, please lmk and I'll refrain from doing so in the future): any chance my question makes sense and y'all have run into this before? If not, that's okay, I'm near a workaround anyway 🙂

max

10/18/2021, 4:03 PM

i'm not expert in the helm chart but @rex @johann will probably know the right answer here

rex

10/18/2021, 6:24 PM

Hey @raaid, unfortunately we don’t provide support for this out of the box. As you’ve seen, we only provide configuration to optionally source the postgresql password from a Kubernetes secret, but the other configuration (host, username, database, service) has to be specified in the values.yaml.

max

10/18/2021, 6:39 PM

you can use env variables though right?

rex

10/18/2021, 6:45 PM

In the Helm chart’s

dagster.yaml

, only the postgres password is sourced from env variable (which is in turn sourced by the kubernetes secret). The other configuration is directly templated from the

values.yaml

raaid

10/18/2021, 6:59 PM

Dang okay that's what I was circling, thank you for the confirmation. That's all good, I've got a workaround one level up using Pulumi and Helm haha. Thanks for the responses, love using this tool and appreciate this Slack space a whole lot 🙂

🎉 1

5 Views

Open in Slack

Previous Next