Hello, when using the Helm to setup Dagster, what ...
# ask-community
r
Hello, when using the Helm to setup Dagster, what the recommended way to add secrets, such as GCP creds, and volumes to the existing user-deployments section of the values.yaml without modifying the base dagster-user-deployments charts and templates?
To be more specific if I have existing secrets in kubernetes, how can I easily mount those as env vars. I tried using the "valueFrom" under environment but it doesnt look like the existing dagster-user-deployments chart supports a list of env vars there. Getting the following error.
Copy code
dagster:
- dagster-user-deployments.deployments.0.env: Invalid type. Expected: object, given: array
dagster-user-deployments:
- deployments.0.env: Invalid type. Expected: object, given: array
I was able to get it working using a config-map for the env var, and a volume and volume mount specified in user-deployments. But is this the best way? Would this need to be done on the dagster-deamon and dagit pods as well for running jobs that use cloud resources?
d
using envConfigMaps / envSecrets / volumes / volumeMounts on the deployment in the helm chart is a good way to do this: https://github.com/dagster-io/dagster/blob/master/helm/dagster/values.yaml#L255-L262 Dagster system components like dagit and the daemon never load your code (instead they access metadata over a gRPC server), so they don't need access to your secrets or environment variables either. However, you may need to also list the same envConfigMaps/envSecrets/volumes/ etc. on your run launcher as well: https://github.com/dagster-io/dagster/blob/master/helm/dagster/values.yaml#L397 (that will ensure that the pods that are used to launch your run also have access to the secrets and volumes - we're working on making it so that you only need to specify this configuration in a single place)
r
Cool thanks for the response. Just wanted to make sure.