OpenShift
Dagger provides a Helm chart to create a Dagger Engine DaemonSet on an OpenShift cluster. A DaemonSet ensures that all matching nodes run an instance of Dagger Engine.
First, create a values.yaml file to configure the Dagger Helm deployment. This includes a set of labels for the pod affinity and the taints and tolerations for the nodes.
nameOverride: ""
fullnameOverride: ""
engine:
image:
repository: registry.dagger.io/engine
tag: latest
tolerations:
- effect: NoSchedule
key: dagger-node
operator: Exists
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: dagger-node
operator: Exists
This configuration uses the label dagger-node=true to taint the nodes on which the Dagger Engine should be deployed.
Next, execute the following command for each node that is intended to host a Dagger Engine (replace the NODE-NAME placeholder with each node name):
oc adm taint nodes NODE-NAME dagger-node=true:NoSchedule
Install the Dagger Engine using the Dagger Helm chart and the configuration above:
helm upgrade --create-namespace --install --namespace dagger dagger oci://registry.dagger.io/dagger-helm -f values.yaml
The Dagger Engine DaemonSet configuration is designed to:
- best utilize local Non-Volatile Memory Express (NVMe) hard drives of the worker nodes
- reduce the amount of network latency and bandwidth requirements
- simplify routing of Dagger SDK and CLI requests
Finally, grant the necessary permissions for the default service account in the dagger namespace:
Without this step, pod creation will fail due to insufficient permissions to execute privileged containers with fixed user IDs and host path volume mounts.
oc adm policy add-scc-to-user privileged -z default -n dagger