Hi Guys - I have a few questions on prefect cloud ...
# ask-communityb
Bihag Kashikar
03/07/2022, 12:55 AMHi Guys - I have a few questions on prefect cloud - the questions are after viewing the architecture picture on this https://docs.prefect.io/orchestration/ under section architecture overview
authentication question -
can prefect use auth0 for authentication of users ( real people not service accounts/users ) - any reference diagrams will be helpful
network and traffic filtering related questions on prefect cloud hosted on GCP -
1) how does prefect cloud connect to gcp, looking at the picture on https://docs.prefect.io/orchestration/ under architecture section
the agent 1,2 on gcp and connection to cloud api - is it over internet? any references on prefect cloud documentation stating this
2) on the same connection question, is traffic filtering possible using GCPs private access point option https://cloud.google.com/vpc/docs/private-service-connect, if yes,
please any references of this prefect cloud documentation?
This is just for my knowledge, and this is more of a documentation question than actual architecture involved here :-) as similar hosted solutions like snowflake and elasticsearch, these two hosted solutions do have all the documentation of above 🙂 thank you in advance.
k
Kevin Kho
03/07/2022, 1:02 AM
The connection question is easier to answer, the agent just needs HTTPS out and it polls Prefect Cloud every 10 seconds. As long as it can do that, your agent can deploy flows. You don’t need any inbound rules.
For auth0, we do support SSO for enterprise customers so I am positive we support this.
Kevin Kho
03/07/2022, 1:03 AM
For Orion (Prefect 2.0), you will be able to host it but that is still in the near future
b
Bihag Kashikar
03/07/2022, 1:05 AMOkay so if its api call - if its deployed in australia-southeast1 gcp region then is there a specific CIDR range - for example, elasticsearch has similar concept tand they do it like this -> https://www.elastic.co/guide/en/cloud/current/ec-traffic-filtering-through-the-api.html
k
Kevin Kho
03/07/2022, 1:06 AM
This is a filter on ingress but you won’t need any ingress open for the agent because it’s just an egress call
Kevin Kho
03/07/2022, 1:07 AM
The agent is purely outbound API calls and then we never send a request to it. When it finds a Flow to run, it executes it but within your environment, which is how we don’t see your data or code
👍🏽 1
b
Bihag Kashikar
03/07/2022, 1:10 AMso the calls are asynch ? on your note above, you mentioned its polls and in order for it to get response from polling, first it needs to gain access to agent service in confined in gcp vpc (ingress) and then to receive response (egress) hence its it a two way comms request/response . i might have got this wrong.
k
Kevin Kho
03/07/2022, 1:12 AM
I think the calls are async, but I don’t think it matters so much?
You are thinking the other way around I think. You are thinking Prefect Cloud pushes down work to the agent. It’s the agent that pulls work from Prefect Cloud (which is why HTTPS outbound i enough).
👍🏽 1
b
Bihag Kashikar
03/07/2022, 1:12 AMthanks
Bihag Kashikar
03/07/2022, 1:13 AMim assuming the outbound calls are standard https port 443
k
Kevin Kho
03/07/2022, 1:13 AM
Yes exactly. It “pulls” every 10 seconds and then finds something to run and then takes care of running it
b
Bihag Kashikar
03/07/2022, 1:13 AMthanks
Bihag Kashikar
03/07/2022, 1:14 AMmay be i should raise a documentation request 🙂 all good getting the required information through this way too. thanks again
Bihag Kashikar
03/07/2022, 1:15 AMaha, i see it is already documented...all good
Bihag Kashikar
03/07/2022, 1:15 AMignore that
k
Kevin Kho
03/07/2022, 1:15 AM
Ah what page did you see? Cuz I was about to give one also
b
Bihag Kashikar
03/07/2022, 1:16 AMBihag Kashikar
03/07/2022, 1:17 AMits on medium blog not on prefect documentation page - give me what you too 🙂
k
Kevin Kho
03/07/2022, 1:18 AM
Ah ok I was gonna give this, which is kind of the same
👍🏽 1
51 Views