Channels
#ask-the-community
Title
# ask-the-community
a
Andrew Achkar
04/18/2023, 8:36 PMHi there, I have a question about how data is communicated between the various pods that run on flyte. Do pods spawned to process tasks ever directly communicate to flyteadmin/flytepropeller and in those communications would the output data (simple literal types) be potentially transmitted? Or is it more indirect via say updating the flyteworkflow CR contents and then flytepropeller communicating to flyteadmin?
k
Ketan (kumare3)
04/18/2023, 11:28 PM
a
Andrew Achkar
04/19/2023, 12:22 AMOk so if I read this correctly task pods write to storage (eg. s3) and propeller reads from there. Propeller communicates directly to admin. So there wouldn't be any benefit to adding mTLS to task pods to try to encrypt traffic between them and the various flyte services, since it doesn't communicate directly with them?
k
Ketan (kumare3)
04/19/2023, 1:31 AM
Yup, propeller does not send data to admin as well
It’s just links
There is SSL with s3
And data between flytepropeller and task pods is only metadata
n
Nada Saiyed
04/19/2023, 1:37 AMyou mean just the path to metadata?
k
Ketan (kumare3)
04/19/2023, 1:39 AM
Yup
You are right
n
Nada Saiyed
04/19/2023, 1:39 AMand communication between any of the flyte pods in control plane does not include passing of metadata as well? just metadata’s reference?
k
Ketan (kumare3)
04/19/2023, 1:39 AM
And ideally flytepropeller does not have access to raw data so no escalation of privileges
Yup
Exactly
You folks have the most security questions 😍
I would love if you would share your journey with the community and talk in depth about security and ways we can improve
a
Andrew Achkar
04/19/2023, 1:06 PMdata between flytepropeller and task pods is only metadataHow do flytepropeller and task pods share this metadata? Is it via api call or indirectly via
FlyteWorkflowk
Ketan (kumare3)
04/19/2023, 9:37 PM
Through pod entrypoint
2 Views