Looking to see how anyone else implemented this: W...
# ask-communityb
Ben Davison
06/12/2020, 4:19 PMLooking to see how anyone else implemented this: We have prefect up and running in our kubernetes cluster just fine in a VPC which can be accessed internally or externally (if we allow the service to) -- the problem I have, is that our CI pipeline is a hosted service. My question is, how can I register the flow without exposing the apollo endpoint to everyone who uses the CI service (I can whitelist the IP range of the CI provider, but then anyone who uses that provider could in theory access apollo) I can set auth on the ingress controller, but then how do I get
python my_flow.py👀 1
Ben Davison
06/12/2020, 4:21 PMI could create a tiny service which accepts the flow serialised and then sends that to the graphql layer and have just that service able use basic auth.
But there must be a better way
j
Jenny
06/12/2020, 4:47 PMHi Ben - I don't think we have any Prefect answer for that but interested to see if others can chip in with suggestions!
n
Nazeer Hussain
06/14/2020, 3:07 AMHi @Ben Davison could you share your approach of Kubernetes deployment or any other reference document, we are trying to deploy it on AWS ECS and facing challenges
b
Ben Davison
06/15/2020, 10:22 AMHi Nazeer, for Kubernetes deployment I just used helm (https://github.com/szelenka/prefect-server-k8) as a starting point.
For my problem with deployment --I worked out an easy way to deal with it, I use basic auth + SSL + ingress ip ranges in the kubernetes layer and add this environment variable on the CI side:
PREFECT__SERVER__HOST='<http://baz>:<mailto:bar@apollo.com|bar@apollo.com>baz:bar@