[Docs] Update Security Guidance on Dashboard Ingress #1413
Conversation
ijrsvt
force-pushed
the
limit-exposure-of-dashbaord
branch
from
e7a8885
to
55125e8
Compare
| @@ -5,6 +5,9 @@ Here we provide some examples to show how to use ingress to access your Ray clus | |||
| * [Example: AWS Application Load Balancer (ALB) Ingress support on AWS EKS](#example-aws-application-load-balancer-alb-ingress-support-on-aws-eks) | |||
| * [Example: Manually setting up NGINX Ingress on KinD](#example-manually-setting-up-nginx-ingress-on-kind) | |||
|
|
|||
|
|
|||
| > :warning: **Only expose Ingresses to authorized users.** The Ray Dashboard provides read and write access to the Ray Cluster. Anyone with access to this Ingress can execute arbitrary code on the Ray Cluster. | |||
There was a problem hiding this comment.
Would you mind updating the documentation at this link? We have already transferred most of the documents to the Ray repository. The documents here will be removed to maintain a single, authoritative source of information.
There was a problem hiding this comment.
Working on a PR with this as well!
| # WARNING: Do not expose this ALB publicly without additional authentication/authorization. | ||
| # The Ray Dashboard provides read and write access to the cluster. Anyone with access to the | ||
| # ALB can launch arbitrary code execution on the Ray Cluster. | ||
| alb.ingress.kubernetes.io/scheme: internal |
There was a problem hiding this comment.
Does this doc still work after the change? In addition, would you mind explaining what's the difference from security perspective between internal and internal-facing?
There was a problem hiding this comment.
The difference between internal and **internet**-facing is that internal requires access from within the VPC, whereas internet-facing is exposed on the public internet. It is unsafe to publicly expose the Ray Dashboard on the internet because that allows anyone to submit Ray Jobs (and thus execute arbitrary code) on the cluster.
internal requires a VPC or similar technology to reach, but is more safe by default.
There was a problem hiding this comment.
Thanks for the explanation! Based on the explanation, this doc seems to no longer work without modification.
There was a problem hiding this comment.
I'm going to update that as well. It will technically get the ALB up and running, but will not give immediate access.
There was a problem hiding this comment.
Can we cherry-pick the doc update to Ray 2.7.0? I guess the doc uses the YAML file in the KubeRay master branch. If we merge this PR at this moment, users may have issues when they try the doc on the Ray website.
Why are these changes needed? The Ray Dashboard is a Read/Write service into the cluster and thus should not be publicly exposed. I'll be mirroring these over in the Ray docs in a follow up PR!
Why are these changes needed?
The Ray Dashboard is a Read/Write service into the cluster and thus should not be publicly exposed.
I'll be mirroring these over in the Ray docs in a follow up PR!
Related issue number
Checks