I've installed Seldon on a K8s cluster with Istio enabled. I want to use Istio to secure the REST APIs using security protocols from GCP (such as IAP or JWT using a service account). What is the configuration needed to enforce both authentication and authorization for APIs deployed using Seldon Core? Would really appreciate it if there were some examples or boilerplate YAML files I could follow.
Seldon: How to enable authentication using GCP IAP or JWT?
478 views Asked by Riley Hun At
1
There are 1 answers
Related Questions in SECURITY
- HTTPS configuration in Spring Boot, server returning timeout
- HSM ZKA control mask values
- OWASP Amass Subcommands
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- When sanitize/encode while implementing tags system like on SO
- spring security version in spring-boot-starter-security
- I am currently trying to implement a rudimentary firewall from a video I watched but the nimda worm detection is not working and i do not know why?
- Is it possible for `sudo` to fail temporarily with the correct password? Hacking suspected
- Is it viable proxying all my mobile apps requests, to some kind knowing that a request is coming from a secure source
- What abilities should I concentrate on while bug hunting, and how can I improve the quality of my bug bounty reports?
- System.ArgumentOutOfRangeException: I passed this error in every single program
- How to prevent users from creating custom client apps?
- Does server-side content security policy exist for youtube video player API, app, mod apks and website?
- Can we pass a hostname/IP address as a query string in a GET request in REST API
Related Questions in KUBERNETES
- Golang == Error: OCI runtime create failed: unable to start container process: exec: "./bin": stat ./bin: no such file or directory: unknown
- I can't create a pod in minikube on windows
- Oracle setting up on k8s cluster using helm charts enterprise edition
- Retrieve the Dockerfile configuration from the Kubernetes and also change container Java parameter?
- Summarize pods not running, by Namespace and Reason - I'm having trouble finding the reason
- How to get Java running parameters from Spring Boot running inside container in pod where no ps exist
- How do we configure prometheus server to scrape metrics from a pod with Istio sidecar proxy?
- In rke kube-proxy pod is not present
- problem with edge server registration in Eureka
- Unable to Access Kubernetes LoadBalancer Service from Local Device Outside Cluster
- Kubernetes cluster on GCE connection refused error
- Based on my experience, I've outlined the Kubernetes request flow. Could someone please add or highlight any points I might have overlooked?
- how to define StackGres helm chart "restapi" values to use internal LoadBalancer - AWS EKS
- Python3.11 can't open file [Errno 2] No such file or directory
- Cannot find remote pod service - SERVICE_UNAVAILABLE
Related Questions in GOOGLE-CLOUD-PLATFORM
- Why do I need to wait to reaccess to Firestore database even though it has already done before?
- Unable to call datastore using GCP service account key json
- Troubleshooting Airflow Task Failures: Slack Notification Timeout
- GoogleCloud Error: Not Found The requested URL was not found on this server
- Kubernetes cluster on GCE connection refused error
- Best way to upload images to Google Cloud Storage?
- Permission 'storage.buckets.get' denied on resource (or it may not exist)
- Google Datastream errors on larger MySQL tables
- Can anyone explain the output of apache-beam streaming pipeline with Fixed Window of 60 seconds?
- Parametrizing backend in terraform on gcp
- Nonsense error using a Python Google Cloud Function
- Unable to deploy to GAE from Github Actions
- Assigned A record for Subdomain in Cloud DNS to Compute Engine VM instance but not propagated/resolved yet
- Task failure in DataprocCreateClusterOperator when i add metadata
- How can I get the long running operation with google.api_core.operations_v1.AbstractOperationsClient
Related Questions in ISTIO
- Implementing Multi-Tenant Access Restriction with Keycloak and Istio
- "make -f ../tools/certs/Makefile.selfsigned.mk cluster1-cacerts" not working on my windows
- Istio Egress Gateway Configuration
- istio gateway: getting Warning [IST0162] but can't finde what is wrong
- How to route requests from a gateway resource in k8s that takes in UDP traffic?
- How to deploy airflow in kubernetes cluster that uses istio
- Expose service on k8 Infrastructure
- ImagePullBackOff with Istio/X when attempting to create a new Istio Ingress Gateway in 2024
- istio request validation succed only after few times of retrial
- Traffic from Google L7 cloud load balancer to istio-gateway
- Curl from App Container failing with Istio
- can anyone advise on how to get the test coverage for istio/proxy?
- Kubeflow ssl: none from centraldashboard to profiles which cause rbac access denied
- Istio Authorization Policy for peer authorization
- Route traffic with consistent hashing on low-load pods with Istio
Related Questions in SELDON
- V2 Inference Protocol - PyTorch flavour datatype error
- Autoscaling Seldon Deployments based on GPU metric
- SeldonAPI error for mlserver model deployed on seldon
- How to pass init parameters to Predictor class via seldon-core-microservice?
- seldon-code tfserver grpc requests returns `StatusCode.UNIMPLEMENTED`
- How to integrate MLpack C++ based Machine learning model with seldon core
- can configurable declarative Horizontal Pod AutoScaler (HPA) in seldon deployment (CRD) for multiple deployment environment is possible?
- Bypass Dex in KubeFlow for accessing a seldon model via curl
- SeldonDeployment stucks in creating / Pods stucks in pending with Kubeflow installed via manifest
- How to convert a Pandas DataFrame into a valid MLserver Predict V2-encoded payload?
- Attribute Error : pickle.load() Seldon Deployment
- How to seldon-core quick-start on kind with port-forward?
- Seldon Core Loading sklearn/irir failed
- Istio Virtual Service is not working very well
- Can I deploy PyTorch trained models on Seldon?
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
You can use IAP on your backend if you have an HTTPS load balancer. So, configure your cluster to use external HTTPS load balancer. Because you use ISTIO, with an TLS terminaison, I recommend to have a look on this part of the documentation.
Then, you can go to the IAP menu and activate it on the backend of your choice.