https://prefect.io logo
Title
m

Mohamed Alaa

09/05/2022, 8:18 AM
Hello guys, i am hosting prefect's orion server on my K8s cluster and im finding dificulties to connect prefect cli to the remote orion server. Also, how does the connection work? Does anyone with my domain name that is hosting my orion uri api have the ability to send request to it? as this would be a security concern for us. Any guiides/ tutorials or videos are highly appreciated. Thanks in advance.
:plus-one: 1
a

Anna Geller

09/05/2022, 12:50 PM
this might be interesting to you, this recipe has a separate CLI container to do exactly what you're asking for https://discourse.prefect.io/t/running-prefect-2-with-docker-compose/1516
🙌 1
m

Mohamed Alaa

09/06/2022, 2:05 PM
thanks a lot anna
🙌 1
A quick add on to the previous question, does the PREFECT_API_KEY configuration only work with prefect cloud or could I set it manually to authenticate requests coming remotely?
a

Anna Geller

09/06/2022, 2:57 PM
m

Mohamed Alaa

09/06/2022, 3:10 PM
great thanks again anna
sorry for the bother anna, but i do set my orion settings to have a PREFECT_API_KEY yet i can send requests to the API without actually setting the PREFECT_API_KEY at the remote settings. How can i make the the API_KEY required to actually execute the api request
a

Anna Geller

09/06/2022, 5:56 PM
Could you elaborate a bit more on what do you mean by making it required?
m

Mohamed Alaa

09/07/2022, 9:48 AM
of course We have an orion instance hosted on our kubernetes cluster through a domain (lets say "abc.bleed.com"). if i set the PREFECT_API_URL to "abc.bleed.com/api" on my local computer to send requests to the K8s hosted orion, the request is executed without the proper PREFECT_API_KEY set on my local prefect instance. So my question would be, is there a way to make the K8s hosted orion instance require my local computer prefect instance to have to have the PREFECT_API_KEY set to the correct value that is set in the K8s orion instance I just want to figure out how I can authenticate my requests to the self hosted orion server via API_KEY to prevent any one that knows my domain name to send requests to it and cause a workload for my k8s nodes (this our security concern)
a

Anna Geller

09/09/2022, 11:03 PM
this is hard because you would need to figure out some auth layer, which you get automatically when using Cloud - perhaps for PoC, you can start with Cloud and then figure that out if/when needed
m

Mohamed Alaa

09/20/2022, 12:35 PM
10 days late, but thanks a lot anna