Hi there, I have a question about how data is communicated between the various pods that run on flyte. Do pods spawned to process tasks ever directly communicate to flyteadmin/flytepropeller and in those communications would the output data (simple literal types) be potentially transmitted? Or is it more indirect via say updating the flyteworkflow CR contents and then flytepropeller communicating to flyteadmin?

Ok so if I read this correctly task pods write to storage (eg. s3) and propeller reads from there. Propeller communicates directly to admin. So there wouldn't be any benefit to adding mTLS to task pods to try to encrypt traffic between them and the various flyte services, since it doesn't communicate directly with them?

Yup, propeller does not send data to admin as well

you mean just the path to metadata?

Yup

and communication between any of the flyte pods in control plane does not include passing of metadata as well? just metadata’s reference?

And ideally flytepropeller does not have access to raw data so no escalation of privileges

data between flytepropeller and task pods is only metadata

How do flytepropeller and task pods share this metadata? Is it via api call or indirectly via

FlyteWorkflow

Custom Resource?

Through pod entrypoint