#Any known reason why using a service

@forest sleet the dagger helm chart doesn't currently create any k8s services AFAIK. How are you trying to do this?

Right now I'm adding port: 1234 to the dagger chart values and manually creating a service to connect to the dagger-engine pods that uses a local traffic policy. I'm integrating with gitlab, so in the gitlab-ci.yaml I just set:

_EXPERIMENTAL_DAGGER_RUNNER_HOST: tcp://<service>.<dagger-engine-namespace>.svc.cluster.local:1234

So, the idea would be, maybe, if a port is provided in the values.yaml to create a service that does local traffic routing. Could have additional switches if we wanted too

perfect. I don't see why the internalTrafficPolicy wouldn't work then since K8s should route your client's resolution to the engine pod running in the same node

we prefer not to add this capability in our helm chart since it's not secure by default. If a service is created with this config, this means that all the pods in the node will be able to access the Dagger engine service without authencation altogether. That's the main reason why we generally recommend using the socket mount approach since it follows the least privilege principle