https://prefect.io logo
Title
i

Ian Fridge

09/15/2020, 6:45 PM
Hi. Is there a recommended git ops workflow best practice for teams which don't want developers to directly submit flows with an agent?
j

Jenny

09/15/2020, 9:45 PM
Hi @Ian Fridge - Thanks for the question! Let me check I understand - Are you wanting a way to prevent developers from running a flow without approval?
i

Ian Fridge

09/15/2020, 10:19 PM
Yeah, The goal is to have a jenkins workflow which submits the job after automated tests have been run. We would like developers to be able to log in to the UI and view the status of flows. We would like the only way to submit tasks to the scheduler to be done via jenkins.
c

Chris White

09/15/2020, 10:39 PM
Hey Ian - Prefect Server does not have any concept of permissions or authorization, so you’d likely need to craft a custom configuration of some kind. My recommendation would be to use Prefect Cloud (which has role based access): you could configure your CICD pipeline to register your Flows with an appropriately scoped token, and you only give your developers READ ONLY roles
i

Ian Fridge

09/15/2020, 10:51 PM
Thanks!
👍 1
Could my flows still be executed in my local kubernetes cluster with the dask kubernetes metacontroller?
c

Chris White

09/15/2020, 10:56 PM
Absolutely! A big feature of Prefect Cloud is that your code and execution environment are entirely in your control. For more (high level) details, check out this blog post: https://medium.com/the-prefect-blog/the-prefect-hybrid-model-1b70c7fd296
i

Ian Fridge

09/15/2020, 11:14 PM
Thanks! That sounds like it will work perfectly for our needs.
💯 3