I've installed Seldon on a K8s cluster with Istio enabled. I want to use Istio to secure the REST APIs using security protocols from GCP (such as IAP or JWT using a service account). What is the configuration needed to enforce both authentication and authorization for APIs deployed using Seldon Core? Would really appreciate it if there were some examples or boilerplate YAML files I could follow.
Asked
Active
Viewed 377 times
0
-
What do you mean by autorisation? Do you want to auth only some user on your API? – guillaume blaquiere Jan 21 '21 at 08:31
-
Yes basically only some users should have access to certain data science models i.e. (https://stevenreitsma.github.io/blog/secure-ml-model-apis-with-seldon-and-bentoml) – Riley Hun Jan 21 '21 at 16:48
1 Answers
1
You can use IAP on your backend if you have an HTTPS load balancer. So, configure your cluster to use external HTTPS load balancer. Because you use ISTIO, with an TLS terminaison, I recommend to have a look on this part of the documentation.
Then, you can go to the IAP menu and activate it on the backend of your choice.
guillaume blaquiere
- 66,369
- 2
- 47
- 76
-
Interesting. Thanks Guillaume. Is it similar to what this person is doing right here? https://github.com/SeldonIO/seldon-core/issues/1719 – Riley Hun Jan 21 '21 at 22:12