diff --git a/catalogs/data/dagster/dagster.yaml b/catalogs/data/dagster/dagster.yaml
index ae5cf5a6..2359a58b 100644
--- a/catalogs/data/dagster/dagster.yaml
+++ b/catalogs/data/dagster/dagster.yaml
@@ -44,7 +44,7 @@ spec:
   imports:
   - stackRef:
       name: dagster-{{ context.cluster }}
-      namespace: infra
+      namespace: apps
   configuration:
     cluster: {{ context.cluster }}
     hostname: {{ context.hostname }}
diff --git a/catalogs/data/dagster/helm/oauth-proxy-config.yaml.liquid b/catalogs/data/dagster/helm/oauth-proxy-config.yaml.liquid
new file mode 100644
index 00000000..0722c60a
--- /dev/null
+++ b/catalogs/data/dagster/helm/oauth-proxy-config.yaml.liquid
@@ -0,0 +1,28 @@
+{% raw %}
+{% assign imports_dagster_key =  'dagster-' | append: configuration.cluster %}
+
+service:
+  name: dagster-oauth2-proxy
+  selector:
+    app.kubernetes.io/instance: dagster
+    app.kubernetes.io/name: webapp
+
+secret:
+  clientID: {{ imports[imports_dagster_key].oidc_client_id }}
+  clientSecret: {{ imports[imports_dagster_key].oidc_client_secret }}
+  cookieSecret: {{ imports[imports_dagster_key].oidc_cookie_secret }}
+  issuer: https://oidc.plural.sh/
+  upstream: http://localhost:8080
+  name: dagster-proxy-config
+  env:
+    OAUTH2_PROXY_UPSTREAM_TIMEOUT: '120s'
+
+{% if configuration["basicAuth"] %}
+{% assign basicAuth = configuration["basicAuth"] | from_json %}
+users:
+{% for user in basicAuth %}
+  {{ user[0] }}: {{ user[1] }}
+{% endfor %}
+{% endif %}
+
+{% endraw %}
diff --git a/catalogs/data/dagster/oauth-proxy-config.yaml b/catalogs/data/dagster/oauth-proxy-config.yaml
new file mode 100644
index 00000000..be247072
--- /dev/null
+++ b/catalogs/data/dagster/oauth-proxy-config.yaml
@@ -0,0 +1,31 @@
+apiVersion: deployments.plural.sh/v1alpha1
+kind: ServiceDeployment
+metadata:
+  name: dagster-oauth-proxy-config-{{ context.cluster }}
+  namespace: apps
+spec:
+  namespace: dagster
+  git:
+    folder: helm/dagster/{{ context.cluster }}
+    ref: main
+  repositoryRef:
+    kind: GitRepository
+    name: infra
+    namespace: infra
+  helm:
+    version: "x.x.x"
+    chart: oidc-config
+    url: https://pluralsh.github.io/module-library
+    valuesFiles:
+    - oauth-proxy-config.yaml.liquid
+  imports:
+  - stackRef:
+      name: dagster-{{ context.cluster }}
+      namespace: apps
+  configuration:
+    cluster: {{ context.cluster }}
+    hostname: {{ context.hostname }}
+  clusterRef:
+    kind: Cluster
+    name: {{ context.cluster }}
+    namespace: infra
diff --git a/catalogs/devops/grafana/grafana.yaml.liquid b/catalogs/devops/grafana/grafana.yaml.liquid
index c3f73196..192e3d08 100644
--- a/catalogs/devops/grafana/grafana.yaml.liquid
+++ b/catalogs/devops/grafana/grafana.yaml.liquid
@@ -10,7 +10,7 @@ ingress:
   tls:
     - hosts:
       - {{ context.hostname }}
-      secretName: monitoring-tls
+      secretName: grafana-{{ context.cluster }}-tls
 
 persistence:
   enabled: true
diff --git a/setup/catalogs/data/dagster.yaml b/setup/catalogs/data/dagster.yaml
index a3931c89..e09a6aea 100644
--- a/setup/catalogs/data/dagster.yaml
+++ b/setup/catalogs/data/dagster.yaml
@@ -23,6 +23,9 @@ spec:
       - source: "terraform/{{ context.cloud }}"
         destination: "terraform/apps/dagster/{{ context.cluster }}"
         external: true
+      - source: oauth-proxy-config.yaml
+        destination: "bootstrap/apps/dagster/{{ context.cluster }}/oauth-proxy-config.yaml"
+        external: true
   repositoryRef:
     name: scaffolds
   catalogRef: