Add Protection to Ray Jobs/Client?

How severe does this issue affect your experience of using Ray?

  • Medium: It contributes to significant difficulty to complete my task, but I can work around it.

As per title, if I am setting up Ray to accept job submissions or remote client connections on the client port, is there anyway to restrict the ability to connect or run commands to authorised users only (e.g. a password?)

Would want to avoid a situation where anyone can submit jobs in production simply because they had access to the Ray dashboard.

@Andrea_Pisoni Unfortunately, this is not supported so far. Right now Ray is not very good for multi tenants , for example, no quota limit support per-user for now.

You might need to build your own ingress tier and allow certain traffic from certain users for certain path.

Hi, thanks for the reply!

I am not really concerned with multi tenancy, even in a single tenant set up, in an enterprise setting usually users would not be allowed to submit commands in production directly. I’d say this is quite standard. Are you saying Ray has no way to prevent users doing that?

We don’t have roles/users in ray.

Btw, if it’s for single tenant, why not just have a machine able to access this ray cluster and give the password to this user?

How would you limit the use of ray client from a single machine? Put a reverse proxy in front and acceot requests only from an hard-coded IP?

I think you can 1) login to the ray head node with password or something or 2) set firewall allow traffic from certain node for certain port