Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use ISTIO to restrict access to Jupyter Notebooks #1994

Closed
jlewi opened this issue Nov 26, 2018 · 4 comments
Closed

Use ISTIO to restrict access to Jupyter Notebooks #1994

jlewi opened this issue Nov 26, 2018 · 4 comments
Labels
area/jupyter Issues related to Jupyter cuj/multi-user priority/p1
Projects
0.5.0

Comments

@jlewi
Copy link
Contributor

jlewi commented Nov 26, 2018

Background: #1630

We would like to use ISTIO to secure access to Jupyter notebooks. This is part of the larger effort (#1630) to replace JupyterHub with a set of Cloud Native microservices to manage notebooks.

I think what we want to do is be able to spawn notebooks for each user in their own namespace. We can then rely on RBAC to restrict access to the K8s resources.

However, we still need a way to restrict access to the Jupyter web servers. For this I think we'd like to use ISTIO.

A strawman would be to use ISTIO and JWT's to restrict access to specific notebooks. So we would use ISTIO to enforce policies restricting access to specific notebooks to specific users.

ISTIO would use the JWT in the request to determine the identity of the user making the request.
@jlewi jlewi added priority/p1 area/jupyter Issues related to Jupyter labels Nov 26, 2018
@jlewi jlewi mentioned this issue Nov 26, 2018
Closed
@lluunn
Copy link
Contributor

lluunn commented Nov 26, 2018

cc

@lluunn
Copy link
Contributor

lluunn commented Nov 26, 2018

related: #1907

@lluunn lluunn mentioned this issue Nov 26, 2018
Closed
@jlewi
Copy link
Contributor Author

jlewi commented Dec 26, 2018

Should we close this as a duplicate of #2173 ?

@jlewi jlewi added this to Multi-user kubeflow in 0.5.0 Jan 6, 2019
@jlewi jlewi moved this from Multi-user kubeflow to Namespace demo 03/01 sprint in 0.5.0 Feb 19, 2019
@lluunn
Copy link
Contributor

lluunn commented Feb 20, 2019

dup of #2173

@lluunn lluunn closed this as completed Feb 20, 2019
0.5.0 automation moved this from Demo Jupyter Notebooks In their Own Namespace to Done Feb 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/jupyter Issues related to Jupyter cuj/multi-user priority/p1
Projects
No open projects
0.5.0
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlewi @lluunn