https://prefect.io logo
Title
b

Ben Davison

06/12/2020, 4:19 PM
Looking to see how anyone else implemented this: We have prefect up and running in our kubernetes cluster just fine in a VPC which can be accessed internally or externally (if we allow the service to) -- the problem I have, is that our CI pipeline is a hosted service. My question is, how can I register the flow without exposing the apollo endpoint to everyone who uses the CI service (I can whitelist the IP range of the CI provider, but then anyone who uses that provider could in theory access apollo) I can set auth on the ingress controller, but then how do I get
python my_flow.py
with the register method to respect that?
👀 1
I could create a tiny service which accepts the flow serialised and then sends that to the graphql layer and have just that service able use basic auth. But there must be a better way
j

Jenny

06/12/2020, 4:47 PM
Hi Ben - I don't think we have any Prefect answer for that but interested to see if others can chip in with suggestions!
n

Nazeer Hussain

06/14/2020, 3:07 AM
Hi @Ben Davison could you share your approach of Kubernetes deployment or any other reference document, we are trying to deploy it on AWS ECS and facing challenges
b

Ben Davison

06/15/2020, 10:22 AM
Hi Nazeer, for Kubernetes deployment I just used helm (https://github.com/szelenka/prefect-server-k8) as a starting point. For my problem with deployment --I worked out an easy way to deal with it, I use basic auth + SSL + ingress ip ranges in the kubernetes layer and add this environment variable on the CI side:
PREFECT__SERVER__HOST='<http://baz>:<mailto:bar@apollo.com|bar@apollo.com>
The
baz:bar@
is the basic auth part.