Prefect Deployment
GitOps deployment for Prefect workflow orchestration with Tailscale HTTPS access via Komodo.
Prerequisites
PostgreSQL Database
Connect to your PostgreSQL server and create the database:
CREATE DATABASE prefect;
CREATE USER prefect WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE prefect TO prefect;
\c prefect
CREATE EXTENSION IF NOT EXISTS pg_trgm;
GRANT ALL ON SCHEMA public TO prefect;
Tailscale Auth Key
Generate a reusable auth key from https://login.tailscale.com/admin/settings/keys
Deployment with Komodo
1. Add Git Provider (if using private repo)
In Komodo UI: Settings → Git Providers → Add your Gitea instance credentials.
2. Create Stack
- Navigate to Stacks → New Stack
- Configure:
- Name:
prefect - Server: Select your target server
- Source: Git Repo
- Git Provider:
gitea.arnodo.fr(or your provider) - Repo:
Damien/prefect-deployment - Branch:
main - File Paths:
docker-compose.yml
- Name:
3. Configure Environment Variables
In the stack configuration, add the following environment variables:
| Variable | Description | Example |
|---|---|---|
TS_AUTHKEY |
Tailscale auth key (reusable) | tskey-auth-xxx |
DB_HOST |
PostgreSQL host | postgresql.taila5ad8.ts.net |
DB_PORT |
PostgreSQL port | 5432 |
DB_USER |
Database user | prefect |
DB_PASSWORD |
Database password | secret |
Tip
: Use Komodo's secret variables (marked with 🔒) for sensitive values.
4. Deploy
Click Deploy in Komodo. The stack will clone the repository and start all services.
GitOps Workflow
Auto-deploy on Git Push
- In Komodo, go to your stack settings
- Enable Auto Deploy on push
- Copy the webhook URL
- Add it to your Gitea repository: Settings → Webhooks
Access
Once deployed: https://prefect.taila5ad8.ts.net
Services
| Service | Description | Image |
|---|---|---|
tailscale |
HTTPS ingress via Tailscale | tailscale/tailscale |
redis |
Messaging broker | redis:7-alpine |
prefect-server |
API + UI | prefecthq/prefect:3-latest |
prefect-services |
Background services | prefecthq/prefect:3-latest |
prefect-worker-pg-backup |
Worker for PostgreSQL backups | gitea.arnodo.fr/damien/prefect-worker-pg-backup |
Work Pools
The prefect-worker-pg-backup service automatically creates and listens to the pg-backup-pool work pool (type: process).
Secrets Management
Flow-specific secrets (S3 credentials, database passwords, API keys, etc.) should be managed via Prefect Blocks, not environment variables in the compose file.
Creating a Block (example with S3/Garage)
from prefect_aws import AwsCredentials
creds = AwsCredentials(
aws_access_key_id="xxx",
aws_secret_access_key="xxx",
aws_endpoint_url="https://s3.taila5ad8.ts.net"
)
creds.save("garage-credentials")
Using in a flow
from prefect import flow
from prefect_aws import AwsCredentials
@flow
def my_backup_flow():
creds = AwsCredentials.load("garage-credentials")
# use creds...
my_backup_flow.deploy(
name="my-backup",
work_pool_name="pg-backup-pool"
)
Repository Structure
prefect-deployment/
├── docker-compose.yml # Stack definition (relative paths)
├── serve-config.json # Tailscale HTTPS serve config
└── README.md