https://dagster.io/ logo
#ask-community
Title
# ask-community
a

Abhishek Agrawal

03/01/2023, 11:06 PM
Hello, for the OSS deployment, the last step is this - https://docs.dagster.io/deployment/guides/kubernetes/deploying-with-helm#step-8-run-a-job-in-your-deployment. After running the command
kubectl --namespace default port-forward $DAGIT_POD_NAME 8080:80
, I see this in the cloud shell. Screenshot below. Should I just leave it here? If I quit this, I am not able to access the UI.. Can I run it in the background?
I see i can add
&
to make it run in background. From a deployment perspective, is this all? Can I release to my team now?
Update - even adding
&
is not working as I still see the above messages in the shell..
Also, once I close the cloud shell, the app stops working..
If there's someone who can jump on a call to sort this, it would be great. The dagit pod is also giving some gRPC related error..
e

Expoze Dummy

03/02/2023, 3:16 PM
I don't think you're supposed to deploy an application inside Cloud Shell. It's only for testing, experimentations, interacting with your Google Cloud services but not deployment. Use a virtual machine (GCE) or Kubernetes (GKE) for deployment and that's where you should expose your port
a

Abhishek Agrawal

03/02/2023, 3:22 PM
Sorry for confusion, it's deployed in GKE, but I am running the commands via Cloud Shell. I am running the last command given in the docs which is doing port forwarding. I think since am doing port forwarding via Cloud Shell, it does it temporarily. I wasn't sure what other ways there are to do this. I want to make sure that the application is not exposed to the internet, only internal folks.
d

daniel

03/02/2023, 4:42 PM
I don't think that command was intended for permanent use - that exposes it to you on your local machine, not anybody else in your organization. How to expose your Dagit service internally is going to depend a lot on your internal networking/cloud setup and is a bit outside of the scope of Dagster support. There's some general guidance for how to expose GKE apps in Google Cloud here: https://cloud.google.com/kubernetes-engine/docs/how-to/exposing-apps
e

Expoze Dummy

03/02/2023, 5:14 PM
@Abhishek Agrawal Ahh, yeah, it would depend on your networking for GKE. That command only exposes dagit on your local machine. Refer to daniel's comment ^^
a

Abhishek Agrawal

03/03/2023, 5:34 AM
Ah thanks @daniel and @Expoze Dummy!!
I did this and it's working now. Now the last part, the UI as of now, is accessible by everyone on internet. I need to put Google SSO on it so only the internal employees can use it. 🙂 Is it called setting IAP? Have you guys done this before?
e

Expoze Dummy

03/03/2023, 4:15 PM
I have minimal knowledge on k8s so, I'll just give an answer for setting it up in GCE: Yes. Setup the iap then you should be able to use something like this:
Copy code
gcloud compute start-iap-tunnel <your_vm_instance_name_here> 3000--local-host-port=localhost:3000
5 Views