https://dagster.io/ logo
#dagster-cloud
Title
# dagster-cloud
m

Max Wong

11/12/2022, 11:13 AM
ran into an interesting issue while trying to set up docker env in hybrid mode I'm trying to inject [gcp service account key as base 64] as env var, since it's a secret I use
sed
to modify
dagster_cloud.yaml
during github actions. A dummy gh actions step to print out the dagster_cloud.yaml shows desired results then when
dagster-io/dagster-cloud-action/actions/hybrid_branch_deploy
executes, apparently the [original dagster_cloud.yaml] is being supplied instead, as in the [edited file via sed] isn't what is supplied during this step
message has been deleted
d

daniel

11/12/2022, 1:30 PM
Hey max, this doesn’t directly answer your question but might help - would you have any interest in getting access to this new secrets UI for setting environment variables in your dagster cloud jobs? It lets you set different values for branch deployments: https://dagster.slack.com/archives/C03SMUY0SFQ/p1668129323199809
m

Max Wong

11/12/2022, 1:31 PM
that would be cool! it would simplify a lot of our workflows actually. allo love
d

daniel

11/12/2022, 3:18 PM
Great! I just added you, if you go to Deployment => Environment variables there's a place where you can add them. Note that your agent and your code will need to be on 1.0.17 or later for the environment variables to be automatically added to your code.
o

Oren Lederman

11/14/2022, 10:22 PM
Since you are using GCP, an alternative way to set the service account is using workload identity - https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity . Using this method, you basically map a Kubernetes Service account (ksa) to a Google Service account (gsa). Once you configure them correctly, you only need to set the kubernetes service account for your pods (can be done at the dagster location level, or even at the namespace level), and GKE will setup everything for you. It’s considered safer than injecting the service account as a k8s secret or env variables. It’s also a pain to setup the first time and configure correctly 🙂
blob hearteyes 1
18 Views