kubeflow · ederign · Feb 8, 2025 · Feb 10, 2025 · Feb 12, 2025
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,12 +1,8 @@
 blank_issues_enabled: false
 contact_links:
-  - name: Join the CNCF Slack and access our meetings.
-    url: https://www.kubeflow.org/docs/about/community/
-    about: Join our CNCF Slack Channel and access Kubeflow community meetings.
-  - name: Our channel on the CNCF Slack is kubeflow-platform.
-    url: https://app.slack.com/client/T08PSQ7BQ/C073W572LA2
-    about: You can join our channel on the CNCF slack. 
-
-
-
-
+- name: Join the CNCF Slack and access our meetings.
+  url: https://www.kubeflow.org/docs/about/community/
+  about: Join our CNCF Slack Channel and access Kubeflow community meetings.
+- name: Our channel on the CNCF Slack is kubeflow-platform.
+  url: https://app.slack.com/client/T08PSQ7BQ/C073W572LA2
+  about: You can join our channel on the CNCF slack.
diff --git a/.github/ISSUE_TEMPLATE/issue-report.yml b/.github/ISSUE_TEMPLATE/issue-report.yml
@@ -4,27 +4,27 @@ body:
 - type: markdown
   attributes:
     value: |
-      Fill out the sections below to help everyone identify and fix the bug
+      Please provide the following details to help us diagnose and fix the issue effectively.
 - type: markdown
   attributes:
     value: |
-      Follow the [Kubeflow installation guidelines](https://github.com/kubeflow/manifests/blob/master/README.md).
+      Follow the [Kubeflow installation guidelines](https://github.com/kubeflow/manifests/blob/master/README.md) before submitting the report.
 - type: checkboxes
   id: Vaildation
   attributes:
     label: Validation Checklist
     options:
-    - label: Is this a Kubeflow issue?
+    - label: I confirm that this is a Kubeflow-related issue.
       required: true
-    - label: Are you posting in the right repository ?
+    - label: I am reporting this in the appropriate repository.
       required: true
-    - label: Did you follow the [Kubeflow installation guideline](https://github.com/kubeflow/manifests/blob/master/README.md) ?
+    - label: I have followed the [Kubeflow installation guidelines](https://github.com/kubeflow/manifests/blob/master/README.md).
       required: true
-    - label: Is the issue report properly structured and detailed with version numbers?
+    - label: The issue report is detailed and includes version numbers where applicable.
       required: true
-    - label: Is this for Kubeflow development ?
+    - label: This issue pertains to Kubeflow development.
       required: false
-    - label: Would you like to work on this issue?
+    - label: I am available to work on this issue.
       required: false
     - label: You can join the CNCF Slack and access our meetings at the [Kubeflow Community](https://www.kubeflow.org/docs/about/community/) website. Our channel on the CNCF Slack is here [**#kubeflow-platform**](https://app.slack.com/client/T08PSQ7BQ/C073W572LA2).
       required: false
@@ -41,27 +41,26 @@ body:
 - type: textarea
   id: description
   attributes:
-    label: Describe your issue
-    placeholder: When installing Kubeflow I got the following error message from ...
+    label: Detailed Description
+    placeholder: Provide a clear description of the issue and its impact.
   validations:
     required: true
 - type: textarea
   id: steps
   attributes:
-    label: Steps to reproduce the issue
+    label: Steps to Reproduce
     placeholder: |
-      1. Try this ...
-      2. Then do this ...
+      1. Describe the initial setup.
+      2. Detail the steps leading to the issue.
   validations:
     required: true
 - type: textarea
   id: screenshots
   attributes:
-    label: Put here any screenshots or videos (optional)
+    label: Screenshots or Videos (Optional)
 - type: markdown
   attributes:
     value: |
-      > **Note:** Please note that you have to fill required fields to post an issue.
-        If not please close or redo the issue and you can join the CNCF slack and access our meetings at the [Kubeflow Community](https://www.kubeflow.org/docs/about/community/) website.  Our channel on the CNCF Slack is here [**#kubeflow-platform**](https://app.slack.com/client/T08PSQ7BQ/C073W572LA2).
+      > **Note:** All required fields must be completed before submitting your report.
 
-      **Thanks for reporting this issue! We will get back to you as soon as possible.**
+      Thank you for your contribution.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,17 +1,17 @@
-# Pull Request Template for Kubeflow manifests Issues
+# Pull Request Template for Kubeflow Manifests
 
-## ✏️ A brief description of the changes
-> I changed ...
+## ✏️ Summary of Changes
+> Describe the changes you have made, including any refactoring or feature additions.
 
-## 📦 List any dependencies that are required for this change
-> My PR depends on #
+## 📦 Dependencies
+> List any dependencies or related PRs (e.g., "Depends on #123").
 
-## 🐛 If this PR is related to an issue, please put the link to the issue here.
-> The following issues are related, because ...
+## 🐛 Related Issues
+> Link any issues that are resolved or affected by this PR.
 
-## ✅ Contributor checklist
-  - Make sure you have tested with kustomize. See [Installation Prerequisites](https://github.com/kubeflow/manifests#prerequisites)
-  - All the commits have been [_signed-off_](https://github.com/kubeflow/community/tree/master/dco-signoff-hook#signing-off-commits)  (To pass the `DCO` check)
+## ✅ Contributor Checklist
+  - [ ] I have tested these changes with kustomize. See [Installation Prerequisites](https://github.com/kubeflow/manifests#prerequisites).
+  - [ ] All commits are [_signed-off_](https://github.com/kubeflow/community/tree/master/dco-signoff-hook#signing-off-commits) to satisfy the DCO check.
 
 ---     
 

diff --git a/.github/workflows/linting_bash_python_yaml_files.yaml b/.github/workflows/linting_bash_python_yaml_files.yaml
@@ -6,7 +6,7 @@ jobs:
   format_python_files:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Python Files Formatting Guidelines
       run: |
@@ -31,7 +31,7 @@ jobs:
   format_YAML_files:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
 
@@ -100,7 +100,7 @@ jobs:
   format_bash_files:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
 

diff --git a/.github/workflows/model_registry_test.yaml b/.github/workflows/model_registry_test.yaml
@@ -19,6 +19,12 @@ jobs:
     - name: Install KinD, Create KinD cluster and Install kustomize
       run: ./tests/gh-actions/install_KinD_create_KinD_cluster_install_kustomize.sh
 
+    - name: Remove AppArmor profile for mysql in KinD on GHA # https://github.com/kubeflow/manifests/issues/2507
+      run: |
+        set -x
+        sudo apt-get install apparmor-profiles
+        sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld
+
     - name: Install kubectl
       run: ./tests/gh-actions/install_kubectl.sh
 
@@ -45,7 +51,12 @@ jobs:
     - name: Test KF Model Registry deployment
       run: |
         echo "Waiting for all Model Registry Pods to become ready..."
-        kubectl wait --for=condition=available -n kubeflow deployment/model-registry-db --timeout=600s
+        if ! kubectl wait --for=condition=available -n kubeflow deployment/model-registry-db --timeout=600s ; then
+            kubectl events -A
+            kubectl describe deployment/model-registry-db -n kubeflow
+            kubectl logs deployment/model-registry-db -n kubeflow
+            exit 1
+        fi
         kubectl wait --for=condition=available -n kubeflow deployment/model-registry-deployment --timeout=600s
 
     - name: Dry-run KF Model Registry API directly

diff --git a/.github/workflows/pss_test.yaml b/.github/workflows/pss_test.yaml
@@ -18,6 +18,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 20
     steps:
     - name: Checkout
       uses: actions/checkout@v4

diff --git a/.github/workflows/ray_test.yaml b/.github/workflows/ray_test.yaml
@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
     - name: Checkout
       uses: actions/checkout@v4

diff --git a/.github/workflows/spark_test.yaml b/.github/workflows/spark_test.yaml
@@ -9,6 +9,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
     - name: Checkout
       uses: actions/checkout@v4

diff --git a/.github/workflows/tensorboard_controller_test.yaml b/.github/workflows/tensorboard_controller_test.yaml
@@ -11,6 +11,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
     - name: Checkout
       uses: actions/checkout@v4

diff --git a/.github/workflows/tensorboards_web_application_test.yaml b/.github/workflows/tensorboards_web_application_test.yaml
@@ -11,6 +11,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
     - name: Checkout
       uses: actions/checkout@v4

diff --git a/.github/workflows/triage_issues.yaml b/.github/workflows/triage_issues.yaml
@@ -9,6 +9,7 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
+    timeout-minutes: 10
     steps:
     - name: Update Kanban
       uses: kubeflow/code-intelligence/Issue_Triage/action@master

diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
 
     # Install kustomize
     - name: Install kustomize

diff --git a/.github/workflows/volumes_web_application_test.yaml b/.github/workflows/volumes_web_application_test.yaml
@@ -11,6 +11,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 15
     steps:
     - name: Checkout
       uses: actions/checkout@v4

diff --git a/.yamllint.yaml b/.yamllint.yaml
@@ -11,4 +11,4 @@ rules:
   line-length:
     max: 400
   truthy:
-    allowed-values: ['on', 'off']
+    allowed-values: ['on', 'off', 'true', 'false']
diff --git a/README.md b/README.md
@@ -4,13 +4,14 @@
 
 <!-- toc -->
 
-- [Overview of the Kubeflow Platform](#overview)
+- [Overview of the Kubeflow Platform](#overview-of-the-kubeflow-platform)
 - [Kubeflow components versions](#kubeflow-components-versions)
 - [Installation](#installation)
   * [Prerequisites](#prerequisites)
   * [Install with a single command](#install-with-a-single-command)
   * [Install individual components](#install-individual-components)
   * [Connect to your Kubeflow Cluster](#connect-to-your-kubeflow-cluster)
+  * [Change default user name](#change-default-user-name)
   * [Change default user password](#change-default-user-password)
 - [Upgrading and extending](#upgrading-and-extending)
 - [Release process](#release-process)
@@ -196,7 +197,7 @@ In case you get this error:
 ```
 Error from server (InternalError): error when creating "STDIN": Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s": dial tcp 10.96.202.64:443: connect: connection refused
 ```
-This is because the webhook is not yet ready to receive request. Wait a couple seconds and retry applying the manfiests.
+This is because the webhook is not yet ready to receive requests. Wait a couple of seconds and retry applying the manifests.
 
 For more troubleshooting info also check out https://cert-manager.io/docs/troubleshooting/webhook/
 
@@ -222,7 +223,7 @@ kubectl wait --for=condition=Ready pods --all -n istio-system --timeout 300s
 #### Oauth2-proxy
 
 The oauth2-proxy extends your Istio Ingress-Gateway capabilities, to be able to function as an OIDC client.
-It supports user sessions as well as proper token-based machine to machine authentication.
+It supports user sessions as well as proper token-based machine-to-machine authentication.
 
 ```sh
 echo "Installing oauth2-proxy..."
@@ -256,15 +257,15 @@ kubectl wait --for=condition=ready pod -l 'app.kubernetes.io/name=oauth2-proxy'
 #kubectl wait --for=condition=ready pod -l 'app.kubernetes.io/name=oauth2-proxy' --timeout=180s -n oauth2-proxy
 ```
 
-If and after you have finished the installation with Kubernetes serviceaccount token support you should be able to create and use the tokens:
+If and after you have finished the installation with Kubernetes service account token support you should be able to create and use the tokens:
 ```sh
 kubectl port-forward svc/istio-ingressgateway -n istio-system 8080:80
 TOKEN="$(kubectl -n $KF_PROFILE_NAMESPACE create token default-editor)"
 client = kfp.Client(host="http://localhost:8080/pipeline", existing_token=token)
 curl -v "localhost:8080/jupyter/api/namespaces/${$KF_PROFILE_NAMESPACE}/notebooks" -H "Authorization: Bearer ${TOKEN}"
 ```
 
-If you want to use OAuth2 Proxy without Dex and conenct it directly to your own IDP, you can refer to this [document](common/oauth2-proxy/README.md#change-default-authentication-from-dex--oauth2-proxy-to-oauth2-proxy-only). But you can also keep Dex and extend it with connectors to your own IDP as explained in the Dex section below.
+If you want to use OAuth2 Proxy without Dex and connect it directly to your own IDP, you can refer to this [document](common/oauth2-proxy/README.md#change-default-authentication-from-dex--oauth2-proxy-to-oauth2-proxy-only). But you can also keep Dex and extend it with connectors to your own IDP as explained in the Dex section below.
 
 
 #### Dex
@@ -544,9 +545,9 @@ After running the command, you can access the Kubeflow Central Dashboard by doin
 
 #### NodePort / LoadBalancer / Ingress
 
-In order to connect to Kubeflow using NodePort / LoadBalancer / Ingress, you need to setup HTTPS. The reason is that many of our web applications (e.g., Tensorboard Web Application, Jupyter Web Application, Katib UI) use [Secure Cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies), so accessing Kubeflow with HTTP over a non-localhost domain does not work.
+In order to connect to Kubeflow using NodePort / LoadBalancer / Ingress, you need to set up HTTPS. The reason is that many of our web applications (e.g., Tensorboard Web Application, Jupyter Web Application, Katib UI) use [Secure Cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies), so accessing Kubeflow with HTTP over a non-localhost domain does not work.
 
-Exposing your Kubeflow cluster with proper HTTPS is a simple proces, but dependent on your environment. 
+Exposing your Kubeflow cluster with proper HTTPS is a simple process, but dependent on your environment. You can just expose the `istio-ingressgateway` service in the `istio-system` namespace via nginx-ingress or any other ingress provider. For security reasons do only use `ClusterIP` on the service, not NodePort or something similarly dangerous.
 There are also third-party commercial [distributions](https://www.kubeflow.org/docs/started/installing-kubeflow/#install-a-packaged-kubeflow-distribution) available.
 
 ---
@@ -571,7 +572,7 @@ For security reasons, we don't want to use the default username and email for th
 
 ### Change default user password
 
-If you have an identy provider (LDAP,GitHub,Google,Microsoft,OIDC,SAML,GitLab) available you should use that instead of static passwords and connect it to oauth2-proxy or Dex as explained in the sections above. This is best practices instead of using static passwords. 
+If you have an identity provider (LDAP,GitHub,Google,Microsoft,OIDC,SAML,GitLab) available you should use that instead of static passwords and connect it to oauth2-proxy or Dex as explained in the sections above. This is best practices instead of using static passwords. 
 
 For security reasons, we don't want to use the default static password for the default Kubeflow user when installing in security-sensitive environments. Instead, you should define your own password and apply it either **before creating the cluster** or **after creating the cluster**. 
 

diff --git a/apps/model-registry/upstream/README.md b/apps/model-registry/upstream/README.md
@@ -40,6 +40,26 @@ curl -sX 'GET' \
   -H 'accept: application/json' | jq
 ```
 
+### UI Installation
+
+There are two main ways to deploy the Model Registry UI:
+
+1. Standalone mode - Use this if you are using Model Registry without the Kubeflow Platform
+
+2. Integrated mode - Use this if you are deploying Model Registry in Kubeflow 
+
+For a standalone install run the following command:
+
+```bash
+kubectl apply -k options/ui/overlays/standalone -n kubeflow
+```
+
+For an integrated install use the istio UI overlay:
+
+```bash
+kubectl apply -k options/ui/overlays/istio -n kubeflow
+```
+
 ## Usage
 
 For a basic usage of the Kubeflow Model Registry, follow the [Kubeflow Model Registry getting started documentation](https://www.kubeflow.org/docs/components/model-registry/getting-started/)

diff --git a/apps/model-registry/upstream/base/kustomization.yaml b/apps/model-registry/upstream/base/kustomization.yaml
@@ -8,4 +8,4 @@ resources:
 images:
 - name: kubeflow/model-registry
   newName: kubeflow/model-registry
-  newTag: v0.2.12
+  newTag: v0.2.13
diff --git a/apps/model-registry/upstream/options/csi/kustomization.yaml b/apps/model-registry/upstream/options/csi/kustomization.yaml
@@ -7,4 +7,4 @@ resources:
 images:
 - name: kubeflow/model-registry-storage-initializer
   newName: kubeflow/model-registry-storage-initializer
-  newTag: v0.2.12
+  newTag: v0.2.13
diff --git a/apps/model-registry/upstream/options/ui/base/kustomization.yaml b/apps/model-registry/upstream/options/ui/base/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- model-registry-ui-role.yaml
+- model-registry-ui-service.yaml
+- model-registry-ui-deployment.yaml
+- model-registry-ui-service-account.yaml
+
+images:
+- name: model-registry-ui-image
+  newName: docker.io/kubeflow/model-registry-ui
+  newTag: latest