Hi all. Does Prefect support isolated workers? Mea...
# ask-communitym
Matt Juszczak
03/23/2020, 4:32 PMHi all. Does Prefect support isolated workers? Meaning, a single master for all pipelines, but then separate physical workers (EC2 instances that are in different securitygroups, etc.) that only have access to the databases, etc. that they need access to? Part of our business requirements is single tenant for data pipelines.
d
Dylan
03/23/2020, 5:24 PM
Hi @Matt Juszczak, I believe you can accomplish this task with some smart permissions, multiple agents, and flow affinity. Essentially:
1. Prefect Cloud can orchestrate all flows in all security groups
2. For each security-group / isolated place you want to run flows, create an agent with a particular label
3. Flows registered with that label can only be run by agents with that label
https://docs.prefect.io/cloud/agents/overview.html#flow-affinity-labels
upvote 1
Dylan
03/23/2020, 5:25 PM
Let me know if I can provide more detail 😄
m
Matt Juszczak
03/23/2020, 5:54 PMThanks!
Matt Juszczak
03/23/2020, 5:55 PMSo the Preflect Cloud ("master"?) wouldn't pass a job to an agent unless it had that label?
d
Dylan
03/23/2020, 5:55 PM
Correct
Dylan
03/23/2020, 5:57 PM
This is what I do for our data warehousing work internally (I’m actually working on a blog post about this)
m
Matt Juszczak
03/23/2020, 5:57 PMThanks! I think that blog post could be valuable!
marvin 2
Matt Juszczak
03/23/2020, 5:58 PMHow to replicate Jenkins "labels" in Prefect
d
Dylan
03/23/2020, 5:59 PM
Haha the post is about our whole data warehousing setup using Prefect but this is definitely an important part! Maybe I’ll add more detail about this than I was originally planning
m
Matt Juszczak
03/23/2020, 6:21 PMThanks! Sounds good, and makes sense!