Kubeflow Platform (Manifests & Security WG) roadmap for KF 1.10

[juliusvonkohout]

Describe your issue

Tracker for 1.10 @rimolive @kimwnasptd
Follow up of #2598 and #2592

Organizational:

• Kubeflow 1.9 follow up: Upstream our authorizationpolicy and oauth2-proxy changes to kubeflow/pipelines and kubeflow/kubeflow #2804
• Merge security and manifests WG meeting in a cal entry community#725
• [TRACKING] discussion & planning for future of kubeflow/kubeflow repo kubeflow#7549
• Disable issue creation and update README kubeflow#7618
• Expose from /contrib ray and seldon in the example.yaml (commented out)

Security external:

• chore(backend): update python from 3.7 to 3.12 pipelines#10950
• [backend] Unable to create directory in Minio when using Artifacts: Permission denied pipelines#10397
• [backend] Security exploit in mlpipeline-UI pipelines#9889
• kserve/models-web-app v0.10.0 using kubeflow/kubeflow#2b4cc42e (not v1.7.0) #2433
• feat: allow updating profile owners kubeflow#7547
• https://github.com/kserve/models-web-app/pulls

Security JWTs:

• proposal: Uniform way for handling JWTs #2748
• Getting Istio RBAC issues when submitting a pipeline from a Notebook #2747 authorize requests to ml-pipeline endpoint if contains any trusted principals #2753
• authorize requests to ml-pipeline endpoint if contains any trusted principals #2753

Rootless Kubeflow & Istio:

• Rootless Kubeflow #2528
• Adding an option of Optimized Istio Flavour in Kubeflow #2679
• Istio Ambient support #2676
• kubeflow components metrics not merged by istio #2454
• Istio CNI and setting the kserve-needed annotation across all Pods

Rest:

• Remove the old tekton version #2765
• Add extra namespace labels option kubeflow#7325
• Update the ray example cluster to the stable v1 version and integrate istio #2742
• feat: allow updating profile owners kubeflow#7547
• To many open issues and PRs and no stalebot #2514
• Deprecate optional Knative Eventing components from common manifests #2685
• Add the networkpolicies to cicd tests #2718
• Kubeflow 1.10 Enterprise grade Agenda #2727
• Document the steps for an air gap environment  #2728
• [bug] v1 Metrics not working in KFP 2.2.0 pipelines#10988
• Fix view edit cluster roles pipelines#11067

[kimwnasptd]

(Orthogonal question, but why is this called Kubeflow Platform and includes Manifests and Security WGs in it?

Especially once we'll have the repos broken up after the discussion in kubeflow/kubeflow#7549 (comment)

[thesuperzapper]

Similar to what @kimwnasptd said, it's hard to imagine that "Kubeflow Platform" should not also involve the distribution owners? I am not sure we should be calling the meetings "Kubeflow Platform" if they are only referring to Manifests/Security WGs.

[andreyvelich]

(Orthogonal question, but why is this called Kubeflow Platform and includes Manifests and Security WGs in it?

Especially once we'll have the repos broken up after the discussion in kubeflow/kubeflow#7549 (comment)

@kimwnasptd The main motivation is to identify contributors who can maintain Kubeflow Platform components. E.g. Kubeflow Manifests, Profile Controller, KFAM, Central Dashboard, etc. So if users have any questions about these components they can join the Kubeflow Platform community calls.
Since @juliusvonkohout was driving the security effort around Kubeflow ecosystem, he included the security roadmap to the Kubeflow Platform discussion.

From my perspective, distributions should certainly join those meetings since they are main consumers of Kubeflow Manifests.

[juliusvonkohout]

@kimwnasptd it is in line with kubeflow/community#725 (comment)