Hi Guys - I have a few questions on prefect cloud - the questions are after viewing the architecture picture on this https://docs.prefect.io/orchestration/ under section architecture overviewauthentication question -
can prefect use auth0 for authentication of users ( real people not service accounts/users ) - any reference diagrams will be helpful
network and traffic filtering related questions on prefect cloud hosted on GCP -
1) how does prefect cloud connect to gcp, looking at the picture on https://docs.prefect.io/orchestration/ under architecture section
the agent 1,2 on gcp and connection to cloud api - is it over internet? any references on prefect cloud documentation stating this
2) on the same connection question, is traffic filtering possible using GCPs private access point option https://cloud.google.com/vpc/docs/private-service-connect, if yes,
please any references of this prefect cloud documentation?This is just for my knowledge, and this is more of a documentation question than actual architecture involved here 😃 as similar hosted solutions like snowflake and elasticsearch, these two hosted solutions do have all the documentation of above 🙂 thank you in advance.
6 months ago
The connection question is easier to answer, the agent just needs HTTPS out and it polls Prefect Cloud every 10 seconds. As long as it can do that, your agent can deploy flows. You don’t need any inbound rules.For auth0, we do support SSO for enterprise customers so I am positive we support this.
For Orion (Prefect 2.0), you will be able to host it but that is still in the near future
so the calls are asynch ? on your note above, you mentioned its polls and in order for it to get response from polling, first it needs to gain access to agent service in confined in gcp vpc (ingress) and then to receive response (egress) hence its it a two way comms request/response . i might have got this wrong.
6 months ago
I think the calls are async, but I don’t think it matters so much?You are thinking the other way around I think. You are thinking Prefect Cloud pushes down work to the agent. It’s the agent that pulls work from Prefect Cloud (which is why HTTPS outbound i enough).