Enabling https for helm deployed dremio

#1

I’m using EKS and the helm chart in https://github.com/dremio/dremio-cloud-tools. It deploys and works fine but I want to use https to access the app and I can’t get that to work. I read the docs and modified the dremio-cloud-tools/charts/dremio/config/dremio.conf as indicated below with no success.

It seems that the helm templates are setup to copy all files in the config dir into a the dremio-configmap and mounts a volume in each node with that content. After deploying a vanilla deploy, those mounts are always empty!

What am I missing?

...
services: {
  # The services running are controlled via command line options passed in
  # while starting the services via kubernetes. Updating the three values
  # below will not impact what services are running.
  #   coordinator.enabled: true,
  #   coordinator.master.enabled: true,
  #   executor.enabled: true
  #
  # Other service parameters can be customized via this file.
  coordinator: {
   web: {
      enabled: true,
      port: 9047,
      ssl: {
        # If SSL for communication path between browsers (or REST clients) and Dremio should be enabled.
        enabled: true,

        # Allow for auto-generated certificates if keyStore option is not set
        # Auto-generated self-signed certificates are considered insecure, and this
        # option should be set to false in production environment
        auto-certificate.enabled: true
      }
    }
  }
}
#2

Hey @Jeff_Gerber,

When you say “it deploys and works fine”, at that time – before adding SSL config – were the mounts empty? If you use the straight out of the box config you should see them /opt/dremio/conf on the pod.

#3

yes, they are empty without touching anything and doing a deploy.

I’m having luck just reconfiguring the ELB the to use ssl and redirecting to the internal port. That’s actually better as I can use the certificate I’ve already got up in AWS.

#4

@Jeff_Gerber,

Did you mean node or pod in there? The mount should be in the pod and should show up like

dremio@dremio-master-0:/opt/dremio/conf$ ls -l
total 0
lrwxrwxrwx 1 root root 20 May 14 17:47 core-site.xml -> ..data/core-site.xml
lrwxrwxrwx 1 root root 17 May 14 17:47 dremio-env -> ..data/dremio-env
lrwxrwxrwx 1 root root 18 May 14 17:47 dremio.conf -> ..data/dremio.conf
lrwxrwxrwx 1 root root 25 May 14 17:47 logback-access.xml -> ..data/logback-access.xml
lrwxrwxrwx 1 root root 24 May 14 17:47 logback-admin.xml -> ..data/logback-admin.xml
lrwxrwxrwx 1 root root 18 May 14 17:47 logback.xml -> ..data/logback.xml

Can you say what is it you are seeing when you say you can’t get https to work? Your steps and configuration seems to be right.

#5

Yes, I meant pod. I was editing the dremio.conf file with the changes I mentioned and then did a helm delete, then a helm install --wait dremio.

Everything worked but only the http endpoints were available.

I have since solved this problem by modifying the ELB created by k8 to use map https traffic to the internal service port for dremio. This is actually a better solution for me than configuring the jks in dremio anyway.