Enabling https for helm deployed dremio

I’m using EKS and the helm chart in https://github.com/dremio/dremio-cloud-tools. It deploys and works fine but I want to use https to access the app and I can’t get that to work. I read the docs and modified the dremio-cloud-tools/charts/dremio/config/dremio.conf as indicated below with no success.

It seems that the helm templates are setup to copy all files in the config dir into a the dremio-configmap and mounts a volume in each node with that content. After deploying a vanilla deploy, those mounts are always empty!

What am I missing?

services: {
  # The services running are controlled via command line options passed in
  # while starting the services via kubernetes. Updating the three values
  # below will not impact what services are running.
  #   coordinator.enabled: true,
  #   coordinator.master.enabled: true,
  #   executor.enabled: true
  # Other service parameters can be customized via this file.
  coordinator: {
   web: {
      enabled: true,
      port: 9047,
      ssl: {
        # If SSL for communication path between browsers (or REST clients) and Dremio should be enabled.
        enabled: true,

        # Allow for auto-generated certificates if keyStore option is not set
        # Auto-generated self-signed certificates are considered insecure, and this
        # option should be set to false in production environment
        auto-certificate.enabled: true

Hey @Jeff_Gerber,

When you say “it deploys and works fine”, at that time – before adding SSL config – were the mounts empty? If you use the straight out of the box config you should see them /opt/dremio/conf on the pod.

yes, they are empty without touching anything and doing a deploy.

I’m having luck just reconfiguring the ELB the to use ssl and redirecting to the internal port. That’s actually better as I can use the certificate I’ve already got up in AWS.


Did you mean node or pod in there? The mount should be in the pod and should show up like

dremio@dremio-master-0:/opt/dremio/conf$ ls -l
total 0
lrwxrwxrwx 1 root root 20 May 14 17:47 core-site.xml -> ..data/core-site.xml
lrwxrwxrwx 1 root root 17 May 14 17:47 dremio-env -> ..data/dremio-env
lrwxrwxrwx 1 root root 18 May 14 17:47 dremio.conf -> ..data/dremio.conf
lrwxrwxrwx 1 root root 25 May 14 17:47 logback-access.xml -> ..data/logback-access.xml
lrwxrwxrwx 1 root root 24 May 14 17:47 logback-admin.xml -> ..data/logback-admin.xml
lrwxrwxrwx 1 root root 18 May 14 17:47 logback.xml -> ..data/logback.xml

Can you say what is it you are seeing when you say you can’t get https to work? Your steps and configuration seems to be right.

Yes, I meant pod. I was editing the dremio.conf file with the changes I mentioned and then did a helm delete, then a helm install --wait dremio.

Everything worked but only the http endpoints were available.

I have since solved this problem by modifying the ELB created by k8 to use map https traffic to the internal service port for dremio. This is actually a better solution for me than configuring the jks in dremio anyway.