Hi there, I have a question about how data is comm...
# ask-the-community
a
Hi there, I have a question about how data is communicated between the various pods that run on flyte. Do pods spawned to process tasks ever directly communicate to flyteadmin/flytepropeller and in those communications would the output data (simple literal types) be potentially transmitted? Or is it more indirect via say updating the flyteworkflow CR contents and then flytepropeller communicating to flyteadmin?
a
Ok so if I read this correctly task pods write to storage (eg. s3) and propeller reads from there. Propeller communicates directly to admin. So there wouldn't be any benefit to adding mTLS to task pods to try to encrypt traffic between them and the various flyte services, since it doesn't communicate directly with them?
k
Yup, propeller does not send data to admin as well
It’s just links
There is SSL with s3
And data between flytepropeller and task pods is only metadata
n
you mean just the path to metadata?
k
Yup
You are right
n
and communication between any of the flyte pods in control plane does not include passing of metadata as well? just metadata’s reference?
k
And ideally flytepropeller does not have access to raw data so no escalation of privileges
Yup
Exactly
You folks have the most security questions 😍
I would love if you would share your journey with the community and talk in depth about security and ways we can improve
a
data between flytepropeller and task pods is only metadata
How do flytepropeller and task pods share this metadata? Is it via api call or indirectly via
FlyteWorkflow
Custom Resource?
k
Through pod entrypoint