You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In my team, we have self-hosted prefect v 3.2.13 in a Zero Trust Network using Cloudflare, and we are trying to automatically deploy flows using GitHub CI/CD.
We actually have two instances deployed. The first one has Prefect v2 and is not behind the ZTN, so we just pass user:password@prefect_api_url and it works perfectly.
However, this approach doesn't work with Cloudflare and therefore we need to authenticate by passing CF_ACCESS_CLIENT_ID and CF_ACCESS_CLIENT_SECRET to the headers of the client/API calls.
I have created this discussion as suggested by @zzstoatzz in this thread. You can there two different approaches that we are looking at in our company:
Extending the PrefectClient and SyncPrefectClient classes to add the custom headers, creating a new get_client function that uses our custom clients, then extending the Flow class to override the deploy method so it uses this new get_client function and not the original one.
Wrapping the .deploy function with a new get_client function that includes the headers and performs a sort of custom deployment.
I like better the first solution, but the easiest way for us would be to allow the .deploy method to accept a parameter called headers, of course.
Please reach out to me if you want further clarifications.
Best,
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
In my team, we have self-hosted prefect v 3.2.13 in a Zero Trust Network using Cloudflare, and we are trying to automatically deploy flows using GitHub CI/CD.
We actually have two instances deployed. The first one has Prefect v2 and is not behind the ZTN, so we just pass user:password@prefect_api_url and it works perfectly.
However, this approach doesn't work with Cloudflare and therefore we need to authenticate by passing CF_ACCESS_CLIENT_ID and CF_ACCESS_CLIENT_SECRET to the headers of the client/API calls.
I have created this discussion as suggested by @zzstoatzz in this thread. You can there two different approaches that we are looking at in our company:
I like better the first solution, but the easiest way for us would be to allow the .deploy method to accept a parameter called headers, of course.
Please reach out to me if you want further clarifications.
Best,
Beta Was this translation helpful? Give feedback.
All reactions