19913d85-f662-4518-a9a1-7adc1793dfd4.png){kind=small}
Channels
#dagster-support
Title
# dagster-support
s
Simon Szalai
05/24/2022, 10:10 PMHey,
I deployed Dagster to AWS EKS, and now I am trying to enable TLS for Dagit, so I can set up user authentication (which requires an HTTPS connection). I found this PR (https://github.com/dagster-io/dagster/pull/4772) that enables this, but it’s not clear how to use that feature. In
values.yamlopenssl req -x509 -newkey rsa:1024 -keyout privateKey.pem -out certificateChain.pem -days 365 -nodes -subj ...kubectl get svc Copy code
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dagster-dagit LoadBalancer 10.100.***.** ******************************************.<http://ca-central-1.elb.amazonaws.com|ca-central-1.elb.amazonaws.com> 80:32169/TCP 4s
kubernetes ClusterIP 10.100.*.* <none> 443/TCP 79s
*********-user-code ClusterIP 10.100.***.*** <none> 3030/TCP 11s🤖 1
r
rex
05/24/2022, 10:16 PMDo you have an ingress controller setup? I suggest reading https://devopscube.com/configure-ingress-tls-kubernetes/. Your ingress controller will ensure that TLS/SSL is respected using the configuration from the ingress resource
s
Simon Szalai
05/25/2022, 6:14 PMThanks a lot, this article pointed me to the right direction, problem seems to be solved. The trick was adding annotations to `values.yaml`:
Copy code
annotations:
<http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: alb
<http://alb.ingress.kubernetes.io/scheme|alb.ingress.kubernetes.io/scheme>: internet-facing
<http://alb.ingress.kubernetes.io/listen-ports|alb.ingress.kubernetes.io/listen-ports>: '[{"HTTP": 80}, {"HTTPS": 443}]'
<http://alb.ingress.kubernetes.io/certificate-arn|alb.ingress.kubernetes.io/certificate-arn>: arn:aws:acm:ca-central-1:**********:certificate/*******
<http://alb.ingress.kubernetes.io/ssl-redirect|alb.ingress.kubernetes.io/ssl-redirect>: '443'❤️ 1
r
rex
05/25/2022, 6:15 PMsweet, glad it worked out for you