Kubeflow
- Kubeflow Charmers | bundle
- Cloud
| Channel | Revision | Published |
|---|---|---|
| latest/candidate | 294 | 24 Jan 2022 |
| latest/beta | 430 | 30 Aug 2024 |
| latest/edge | 423 | 26 Jul 2024 |
| 1.10/stable | 436 | 07 Apr 2025 |
| 1.10/candidate | 434 | 02 Apr 2025 |
| 1.10/beta | 433 | 24 Mar 2025 |
| 1.9/stable | 432 | 03 Dec 2024 |
| 1.9/beta | 420 | 19 Jul 2024 |
| 1.9/edge | 431 | 03 Dec 2024 |
| 1.8/stable | 414 | 22 Nov 2023 |
| 1.8/beta | 411 | 22 Nov 2023 |
| 1.8/edge | 413 | 22 Nov 2023 |
| 1.7/stable | 409 | 27 Oct 2023 |
| 1.7/beta | 408 | 27 Oct 2023 |
| 1.7/edge | 407 | 27 Oct 2023 |
juju deploy kubeflow --channel 1.10/stable
Deploy Kubernetes operators easily with Juju, the Universal Operator Lifecycle Manager. Need a Kubernetes cluster? Install MicroK8s to create a full CNCF-certified Kubernetes system in under 60 seconds.
Platform:
This guide describes how authorisation works in Charmed Kubeflow (CKF).
Authorisation is provided through the integration between Kubeflow and Kubernetes (K8s) role-based access control (RBAC), as well as Istio Authorization Policy.
Kubeflow’s authorisation is designed to allow users to access resources within their own namespaces, either via the Kubernetes API (using kubectl) or through network requests (GET dashboard.io/pipeline or in-cluster requests to other user namespace resources).
Components
The components involved are the following:
- Kubeflow Profiles: a K8s Custom Resource Definition (CRD) that provides namespace isolation based on K8s RBAC. Profiles are owned by single users, but can have multiple contributors with view and/or edit access.
- Profiles are managed by the Kubeflow profiles controller, implemented by the
kubeflow-profilescharm. - Contributors are managed by the Kubeflow Access Management API (KFAM), also implemented by the
kubeflow-profilescharm.
- Profiles are managed by the Kubeflow profiles controller, implemented by the
- K8s RBAC.
- K8s
SubjectAccessReviewAPI, see Authorization for more information. - Istio Authorization Policies.
Kubeflow profiles
When a new profile is created, each resource gets the following:
- A
Namespace, matching the profile name. RoleBindingsfor the profile owners toClusterRole/kubeflow-admin, created by default by thekubeflow-rolescharm. SimilarRoleBindingsare set for theServiceAccountlevel.RoleBindingsfor the profile contributors toClusterRole/kubeflow-{ROLE}.- Istio
AuthorizationPoliciesfor the profile owner and for the contributor(s).
See Profile resources for more details. Refer to Manage profiles to learn how to administer profiles in CKF.
Authorisation flows
There are two main use cases for authorisation flows.
Managing resources via the UI
The most common use case for authorization occurs when users navigate CKF through the central dashboard User Interface (UI) in their browser.
CKF is composed of multiple web app microservices for managing different resources, such as Notebooks, Pipelines, Katib experiments, all accessible through the dashboard. The backends of these microservices follow the same authorization logic and operate on user resources in various namespaces on the users’ behalf.
Specifically, when a user clicks on the Notebooks page and views the list of Notebooks, the following steps occur under the hood:
- The browser makes a request to the API of the Notebooks web app:
- This API endpoint is exposed via the central Ingress.
- The browser includes the login cookie in the request.
- The endpoint is
/jupyter/api/namespaces/ml-engineers/notebooks.
- The request reaches the Ingress Gateway, where authentication checks are performed.
- Once authenticated, a
kubeflow-useridheader is added to the request.
- The request is forwarded to the Notebooks web app backend inside the cluster.
- The backend receives a request indicating that a certain user, defined in the
kubeflow-useridheader, wants to list Notebooks in theml-engineersnamespace. - The backend performs a
SubjectAccessReviewto verify that the user is authorized to list Notebooks in that namespace, according to K8s RBAC. - If authorized, the backend performs a list request to K8s for the Notebooks in the
ml-engineersnamespace and returns the result.
Users could forge a request from their browser to access the Notebooks web app, attempting to retrieve Notebooks from a different namespace. In such cases, if the user does not have RBAC permissions for the target namespace, the SubjectAccessReview catches this, and the Notebooks web app will return a 403 Forbidden response.
All backends are super-privileged and can manipulate resources in any namespace. However, they use SubjectAccessReviews to ensure they do not escalate permissions or allow users to perform actions in namespaces for which they lack authorization.
In-cluster user workloads
While interacting with Kubeflow’s UIs, users can create workload Pods that run inside the Kubeflow cluster. From within those workloads, users can interact with the K8s API using tools such as kubectl.
All user workloads running in namespaces associated with a Profile are Pods whose identity is defined by a ServiceAccount. Most workloads in user namespaces use the default-editor ServiceAccount.
As a result, when kubectl is used from within those workloads, the credentials used are those of the ServiceAccount token. This means RBAC policies are enforced for every request made from these workloads, and users cannot arbitrarily perform Create-Read-Update-Delete (CRUD) operations on K8s resources in other namespaces.
The default-editor ServiceAccount has permission to modify all Kubeflow resources and many common K8s resources, such as Pods and Services, within its own namespace.