Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No network separation of user notebooks #1115

Open
kimwnasptd opened this issue Oct 14, 2024 · 1 comment
Open

No network separation of user notebooks #1115

kimwnasptd opened this issue Oct 14, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@kimwnasptd
Copy link
Contributor

kimwnasptd commented Oct 14, 2024
edited
Loading

Bug Description

Right now in CKF user-a can connect to the url of notebook that is deployed in a Profile that belongs touser-b, where UserA should not have any access.

This is not the case for upstream Kubeflow.

The reason this is the case for CKF is because of this issue we initially encountered in KFP canonical/kfp-operators#355. Specifically, in CKF we now have an extra AuthorizationPolicy that allows any user (any value of kubeflow-userid) header to talk to the workloads of a Profile.

The root cause of this is as explained in canonical/kfp-operators#355 (comment), that KFP API pod does not have any sidecar. So the default upstream AuthorizationPolicy doesn't allow KFP to talk to pods in user's namespaces. More on this can be found in canonical/kfp-operators#355 (comment)

To Reproduce

  1. Install CKF 1.9
  2. Login and create the default admin profile
  3. Manually apply the following Profile 
    apiVersion: kubeflow.org/v1
kind: Profile
metadata:
  name: kimonas
spec:
  owner:
    kind: User
    name: kimonas
  resourceQuotaSpec: {}
  4. Deploy the following notebook in the kimonas namespace
  5. Access the URL of the kimonas notebook, while logged in as admin

Environment

CKF 1.9

Relevant Log Output

<none>

Additional Context

A temporary workaround is to update the following AuthorizationPolicy from allowing all requests to just the namespace owner, and not *.
https://github.com/canonical/kfp-operators/blob/track/2.2/charms/kfp-profile-controller/files/upstream/sync.py#L480

This will block users to access other notebooks from their browsers.

The following though would still mean that users from their Pods (notebooks) could curl K8s svc urls of other notebooks, explicitly set the kubeflow-userid header, and reach workloads in other user namespaces.
@kimwnasptd kimwnasptd added the bug Something isn't working label Oct 14, 2024
@syncronize-issues-to-jira Syncronize issues to Jira
Copy link

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/KF-6432.

This message was autogenerated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kimwnasptd