Hardening Kubeflow Security for Enterprise Environments

This talk delves into hardening the security of Kubeflow, an open-source Kubernetes-native MLOps platform, for enterprise environments. The session covers how Kubeflow's architecture aligns with Kubernetes security best practices, uncovering shortcomings and addressing common security breaches such as unauthorized access, user impersonation, and data theft. It highlights the efforts of the Kubeflow security working group, including vulnerability scanning, software bill of materials (SBOM) integration, and the implementation of rootless containers. The presenters discuss specific security issues related to profile controllers, namespace sharing, artifact storage (MinIO), and metadata storage, offering practical solutions and emphasizing the importance of security as a shared responsibility to achieve a robust and secure MLOps platform.