Comments (3)
brianmoran
commented on September 21, 2024
In the interim, I added an AuthorizationPolicy to deny the add-contributor and remove-contributor paths. Still would be nice to have a feature flag to disable Multi User Isolation.
from kubeflow.
thesuperzapper
commented on September 21, 2024
@brianmoran for now, adding that authorization policy is the best approach because it also prevents people doing it with the KFAM API calls directly (even if the UI prevented it).
Do you want to share your AuthorizationPolicy resource YAML?
from kubeflow.
brianmoran
commented on September 21, 2024
@thesuperzapper here's the AuthorizationPolicy.
apiVersion: security.istio.io/v1
kind: AuthorizationPolicy
metadata:
name: central-dashboard-deny-manage-users
namespace: kubeflow
spec:
selector:
matchLabels:
app: centraldashboard
action: DENY
rules:
- to:
- operation:
paths:
- "/api/workgroup/add-contributor/*"
- "/api/workgroup/remove-contributor/*"from kubeflow.
Related Issues (20)
- ExitHandler with email/slack HOT 2
- Translation file messages.fr.xlf is identical to messages.xlf
- How can I login to the dashboard as a cluster admin HOT 1
- Stop using `gcr.io/kubebuilder/kube-rbac-proxy` in TensorBoards before `March 18, 2025` HOT 2
- Help Needed: Adding CPU/GPU Usage Monitoring to Kubeflow Dashboard 🌟
- Dex Microsoft connector gives me "Unregistered redirect_uri ("/oauth2/callback")." HOT 1
- Dex Microsoft connector gives me "Unregistered redirect_uri ("/oauth2/callback")." HOT 3
- [frontend] Kubeflow workflow runs are in "Pending Execution" state HOT 3
- SSH to Notebook Pod HOT 3
- OIDC authentication with SSO kubeflow page getting session timed out HOT 3
- Portable kubeflow installation on a running k8s platform HOT 3
- Add `kubeflow-katib` and `kserve` packages to default notebook images HOT 1
- Jupyter notebook doesn't got write permission for its home directory. HOT 2
- pvcviewer-controller-manager creates pvcviewer pod on different node from notebook server pod
- Perform proper logout for Oauth2-Proxy HOT 1
- ML
- Permission deny issue during executing Jupyter notebook "PermissionError: [Errno 13] Permission denied: '/home/jovyan/.jupyter'" HOT 2
- Notebook image for KF 1.7 vs 1.9 HOT 1
- MY FIRST PROJECT
- Prometheus metrics for CRUD backend apps
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubeflow.