Channels
announcements
ask-marvin
best-practices-coordination-plane
data-ecosystem
data-tricks-and-tips
events
find-a-prefect-job
geo-bay-area
geo-berlin
geo-boston
geo-chicago
geo-colorado
geo-dc
geo-israel
geo-japan
geo-london
geo-nyc
geo-seattle
geo-texas
gratitude
introductions
marvin-in-the-wild
pacc-clearcover-june-12-2023
pacc-may-31-2023
ppcc-may-16-2023
prefect-ai
prefect-aws
prefect-azure
prefect-cloud
prefect-community
prefect-contributors
prefect-dbt
prefect-docker
prefect-gcp
prefect-getting-started
prefect-integrations
prefect-kubernetes
prefect-recipes
prefect-server
prefect-ui
random
show-us-what-you-got
Title
a
Andrew Decker
05/12/2022, 8:37 PMHi all, I'm wondering if someone would be able to clarify how flow registration works in the case of
LocalStorageKubernetesRunThe flow does run successfully in Prefect, which is progress 🙂
To be more concrete, this is the flow in the
flows/ingest.py# This is flows/ingest.py
...
with Flow(
name=FLOW_NAME,
storage=Local(
add_default_labels=False,
stored_as_script=True,
path="flows/ingest.py",
),
run_config=KubernetesRun(
image=f"{ECR_REGISTRY}/{IMAGE}:{IMAGE_TAG}", labels=[IMAGE, ENV, FLOW_NAME]
),
executor=LocalExecutor(),
) as flow:
print("12345 we are running the flow")My coworker was trying to use a pattern that wraps the above code in a function
get()if __name__ == "__main__":
get().run()However, this yields an error (will post the specific error in a moment - going to rerun to grab it)
a
Anna Geller
05/12/2022, 9:00 PMis this script in the container image?
generally speaking, this is not a best-practice recipe, I only included it in the repo if you have no other options. What code repository do you use, do you use GitHub or GitLab or sth else?
a
Andrew Decker
05/12/2022, 9:03 PMAh, thanks for the feedback. Good to know! We're using GitHub, so I can take a look at the GitHub storage option
Yeah, the script is in the container image
I don't have full context because I didn't set up this pattern on our side, but from what I understand, there was some concern about leaking GitHub secrets. I'll follow up after I've read the GitHub storage doc, but I'm assuming there's a way to do this securely given Prefect's hybrid architecture. Thanks again!
a
Anna Geller
05/12/2022, 9:18 PMYup exactly! Check examples here with name: "github_kubernetes_run"
🙏 1
Secrets are stored securely in the Prefect Cloud backend - you can create the needed token here https://github.com/settings/tokens and store it as a Secret in Cloud UI with the name GITHUB_ACCESS_TOKEN and value of the token
a
Andrew Decker
05/12/2022, 9:22 PMI see, I think there was concern about storing it in Prefect's backend
a
Anna Geller
05/12/2022, 9:22 PMwhy?
a
Andrew Decker
05/12/2022, 9:22 PM...that's a good question
a
Anna Geller
05/12/2022, 9:22 PM😄
a
Andrew Decker
05/12/2022, 9:22 PMLet me circle back with an answer
👍 1
😄
a
Anna Geller
05/12/2022, 9:23 PMit's encrypted and stored in a secure manner
a
Andrew Decker
05/12/2022, 9:31 PMSo the answer I'm getting from DevOps is that ideally we don't want to be sharing our secrets outside of our infrastructure. We incur a bit of risk for every third party we share secrets with, and it's a best practice to limit this as much as possible
Ignoring GitHub vs Local storage for the moment, it looks like both files are set up in the same way, which makes me wonder if the flow will still be run when being registered
a
Anna Geller
05/13/2022, 1:47 AMI can understand that. In that case, you could leverage local secrets - this page shows how you can set it on your execution layer - ignore that it says how to set Secrets on Server, it works the same for Cloud if you use local secrets and set this variable:
export PREFECT__CLOUD__USE_LOCAL_SECRETS=true