manifests icon indicating copy to clipboard operation
manifests copied to clipboard

Published 20 hours ago verified publisher icon kubeflow

Add Kubeflow Model Registry Network Policies

Open lampajr opened this issue 10 months ago • 2 comments

As discussed in the last Manifests WG (2nd May, 2024) we need to setup Network Policies for the new Kubeflow Model Registry, this seems required to make the pod accessible from namespaces other than the kubeflow one.

The new network policy should be added here: https://github.com/kubeflow/manifests/blob/master/common/networkpolicies/base/

A good starting point, as suggested in the meeting is: https://github.com/kubeflow/manifests/blob/master/common/networkpolicies/base/ml-pipeline.yaml

Open question:

Do we need to apply network policy for both ports (8080, the REST interface and 9090, the gRPC interface) ?

NOTE: This is a non-blocker for Kubeflow 1.9 release as KFMR won't be deployed by default

lampajr avatar May 02 '24 16:05 lampajr

fyi @tarilabs @rimolive

lampajr avatar May 02 '24 16:05 lampajr

"Do we need to apply network policy for both ports (8080, the REST interface and 9090, the gRPC interface) ?" everything that sould be reachable outside of the Kubeflow namespace must be exposed.

juliusvonkohout avatar May 16 '24 15:05 juliusvonkohout

/assign @tarilabs

(data mgt)

tarilabs avatar Jun 03 '24 14:06 tarilabs