Hey, How does your development process in Flyte lo...
# ask-the-community
Hey, How does your development process in Flyte look like? I mean, do you manage a separation between environments - dev and prod for example? If so, how? Thanks everyone!
In more details: We are new to Flyte and we’re currently migrating our existing data pipelines which exist in Argo Workflows. Right now we have 2 environments: non-prod and prod. But since Flyte does NOT support RBAC (so all developers will have access for both envs) this is NOT best-practice. 1. Did you set a separation between non-prod and prod? 2. How do you use the domains feature in Flyte? 3. How do you set permissions for developers? per project? per domain? for all resources in Flyte’s deployment? Thanks in advance!
For public reference: https://docs.flyte.org/projects/cookbook/en/latest/auto/core/containerization/use_secrets.html#using-secrets-in-a-task 1, Domains (prod, dev, etc) map to K8s namespaces. In that sense, secrets will be local to each environment as well as env vars, providing both logical and authentication-level separation 2. You'd specify the domain (
) when you register the workflow using
pyflyte register
. cc @Samhita Alla for more details on the usage of
3. Per user permissions (as in RBAC) is currently not available in Flyte, mainly due to the lack of formal, open and widely accepted standards for RBAC, which would cause a significant engineering effort to adapt to the many ways to implement it . The idea of a SIG-auth has been circulating for a while, to gather all the interested parties in the community and set out a subproject (s) to extend the current auth mechanisms. Union Cloud offers an RBAC implementation.
Ok, thank you! that’s good to know. I will check into sig auth as you said. Really appreciate your help!
How do you use the domains feature in Flyte?
Adding to what David said, development, staging, production are examples of Flyte domains. You can have multiple domains within a Flyte project. https://docs.flyte.org/en/latest/concepts/domains.html#divedeep-domains