Hi there! I installed prefect on an on-prem kubernetes cluster and have been trying to secure the services. I noticed that the apollo server has to be accessible from the UI browser, which exposes the apollo graphql endpoint so anyone with the endpoint and send queries and mutations to the server. Is there anyway to add an auth layer to protect the server? I was thinking about using Istio authorizationservice but that solution probably requires hardcoding some tokens and changes to the UI source code which is not ideal. Thanks for any tips shared!

Hey @Zhilong Li, unfortunately an auth layer for server is something we don’t support here as that would be one use case of Cloud. This question has come up though so there are some threads you could look at. Example thread.