Looking to see how anyone else implemented this: We have prefect up and running in our kubernetes cluster just fine in a VPC which can be accessed internally or externally (if we allow the service to) -- the problem I have, is that our CI pipeline is a hosted service. My question is, how can I register the flow without exposing the apollo endpoint to everyone who uses the CI service (I can whitelist the IP range of the CI provider, but then anyone who uses that provider could in theory access apollo) I can set auth on the ingress controller, but then how do I get

python my_flow.py

with the register method to respect that?

Hi Ben - I don't think we have any Prefect answer for that but interested to see if others can chip in with suggestions!

Hi @Ben Davison could you share your approach of Kubernetes deployment or any other reference document, we are trying to deploy it on AWS ECS and facing challenges

Hi Nazeer, for Kubernetes deployment I just used helm (https://github.com/szelenka/prefect-server-k8) as a starting point. For my problem with deployment --I worked out an easy way to deal with it, I use basic auth + SSL + ingress ip ranges in the kubernetes layer and add this environment variable on the CI side:

PREFECT__SERVER__HOST='<http://baz>:<mailto:bar@apollo.com|bar@apollo.com>

The

baz:bar@

is the basic auth part.