Open achtsnits opened 2 hours ago
questions/considerations still TBD
eoecpa uam integration for v2, concept unclear
exposing credentials for bucket and harbor access through custom api (even if restricted to internal cluster use) is - lets say -controversial, mitigations could be that other BB directly go to the bucket resp. harbor-user k8s secrets via k8s api allowing the IAM BB or the operator to apply k8s native concepts to restrict access (note: this would change endpoints and response payload structure e.g. for Processing BB so breaking change), other/additional option could be to not use long lived credentials but short lived credentials (e.g. AWS Session Tokens and similar), can keep current state but needs alignment if changes are desired
the ML BB has similar requirements as the Processing BB to put generated output on the workspace (e.g. with the Workspace BB acting as DVC remote), the Processing BB gets the workspace name passed during invocation (so it can subsequently retrieve the corresponding credentials - see above), needs concept for ML BB if desired
v1 workspace provisioning triggers "static python codified workflow" creating
during workspace provisioning also endpoints are registered at eoepca uam
the following capabilities are exposed via api
v2 goals
components