Secure Kubeflow Ingress and Authentication with Istio External Auth, Dex, and OAuth2 Proxy
Publicly exposed insecure service endpoints on Kubernetes produce a major risk of malicious workloads being deployed on your clusters. We’ve seen reports of the Kubernetes Dashboard, the Kubeflow Central Dashboard, and the Kubeflow Pipelines all were compromised when publicly exposed to the Internet. Combined with wide RBAC permissions, a publicly exposed software with workload scheduling capabilities opens your clusters for malicious deployments to anybody knowing the endpoint URL.
This blog post focuses on building a secure ingress and authentication stack on Kubernetes with Istio targeting Kubeflow installations.