By default daskhub helm chart sets a public proxy service in LoadBalancer mode.
f that is installed in a regular kubernetes cloud service, it exposes a jupyterhub interface to any user without password and therefore allows running arbitrary code in that instance.
To prevent that this change is added in the values.yaml file within the helm chart.
jupyterhub:
proxy:
service:
type: ClusterIP
However, if the helm chart is updated (dev-scripts/update-helm-charts.sh) this change will be overwritten.
By default daskhub helm chart sets a public proxy service in
LoadBalancermode. f that is installed in a regular kubernetes cloud service, it exposes a jupyterhub interface to any user without password and therefore allows running arbitrary code in that instance.To prevent that this change is added in the
values.yamlfile within the helm chart.However, if the helm chart is updated (dev-scripts/update-helm-charts.sh) this change will be overwritten.