kubeflow
diff --git a/‎.github/dependabot.yaml‎
Lines changed: 11 additions & 0 deletions b/‎.github/dependabot.yaml‎
Lines changed: 11 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 144 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 144 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,11 @@
+version: 2
+updates:
+- package-ecosystem: "github-actions"
+  open-pull-requests-limit: 5
+  cooldown:
+    default-days: 7
+  directory: "/"
+  schedule:
+    interval: "daily"
+  commit-message:
+    prefix: "chore"
@@ -0,0 +1,144 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## What This Repository Is
+
+The Kubeflow Manifests repository provides production-ready Kubernetes manifests for deploying the complete Kubeflow AI platform. The primary mechanism is Kustomize; everything can be installed with a single `kustomize build example | kubectl apply` invocation, or component by component via individual overlays.
+
+## Commands
+
+### Linting
+
+Pre-commit hooks are the primary linting mechanism. They are scoped to non-upstream code only (`**/upstream/**` is excluded from all hooks).
+
+```bash
+# Install hooks (once)
+pip install pre-commit
+pre-commit install
+
+# Run all hooks against staged files
+pre-commit run
+
+# Run all hooks against the entire repository
+pre-commit run --all-files
+```
+
+Individual linters:
+```bash
+# YAML (common/, example/, hack/, tests/, .github/)
+yamllint --config-file=.yamllint.yaml <file>
+
+# Python (common/, example/ only)
+black --check common/ example/
+
+# Bash (everything except applications/ and upstream)
+shellcheck <script.sh>
+```
+
+### Building / Rendering Manifests
+
+```bash
+# Render the full platform
+kustomize build example
+
+# Render a single component
+kustomize build applications/jupyter/notebook-controller/upstream/base
+
+# Apply to a cluster (with retry — resources may have ordering dependencies)
+while ! kustomize build example | kubectl apply --server-side --force-conflicts -f -; do
+  echo "Retrying to apply resources"
+  sleep 20
+done
+```
+
+### Installation Testing (E2E)
+
+Tests live in `tests/`. Each script installs one component and waits for it to become ready. Run them in order:
+
+```bash
+./tests/install_KinD_create_KinD_cluster_install_kustomize.sh  # cluster + kustomize
+./tests/cert_manager_install.sh
+./tests/istio-cni_install.sh
+./tests/oauth2-proxy_install.sh
+./tests/dex_install.sh
+./tests/multi_tenancy_install.sh
+./tests/central_dashboard_install.sh
+# ... component scripts as needed
+```
+
+### Helm / Kustomize Comparison
+
+```bash
+./tests/helm_kustomize_compare.sh <component> <scenario>
+# e.g.: katib, model-registry, kserve-models-web-app, notebook-controller
+```
+
+## Architecture
+
+### Directory Layout
+
+```
+applications/    # Per-component manifests (dashboard, jupyter, pipeline, kserve, …)
+common/          # Shared infrastructure (Istio, Knative, Dex, OAuth2-Proxy, cert-manager, …)
+experimental/    # Third-party integrations not yet in the main platform (Ray, Helm charts)
+example/         # Single kustomization.yaml composing the full platform
+tests/           # E2E installation scripts and Helm/Kustomize comparison tooling
+scripts/         # Upstream synchronization scripts
+releases/        # Release handbook and versioning notes
+proposals/       # Architecture proposals
+```
+
+### Kustomize Structure Pattern
+
+Every component follows the same layered pattern:
+
+```
+<component>/
+  upstream/        # Verbatim copy of the upstream project's manifests (do NOT edit)
+  base/            # Minimal overlay on top of upstream
+  overlays/        # Cluster-specific variants (gke, eks, aks, kind, …)
+  components/      # Optional reusable Kustomize components
+```
+
+`upstream/` directories are excluded from linting and are regenerated by the synchronization scripts in `scripts/`.
+
+### Deployment Ordering
+
+`example/kustomization.yaml` lists resources in a specific order that Kubernetes requires:
+
+1. Namespaces, ResourceQuotas, StorageClasses
+2. CRDs
+3. Mutating / Validating Webhooks
+4. RBAC (ServiceAccounts, Roles, ClusterRoles, Bindings)
+5. ConfigMaps, Secrets
+6. Services, Deployments, StatefulSets
+7. Validating Webhooks (must be last)
+
+This order matters; the retry loop in CI works around Kubernetes not guaranteeing CRD availability before dependents.
+
+### Authentication Flow
+
+Default: Dex (OIDC provider) → OAuth2-Proxy → Istio AuthorizationPolicy → application.
+
+Default credentials (`user@example.com` / `12341234`) are in `common/dex/` and **must** be changed for any non-local deployment.
+
+## Coding Standards
+
+These come from `.github/copilot-instructions.md` and apply to all code, commit messages, and PR descriptions in this repository:
+
+- **No abbreviations.** Use the full word: `application` not `app`, `dependencies` not `dep` or `deps`, `repository` not `repo`, `synchronization` not `sync`, `development` not `dev`, `production` not `prod`, `temporary` not `temp`/`tmp`, `authentication` or `authorization` (never bare `auth`), `deployment` not `deploy`, `credentials` not `cred`, `documentation` not `doc`, `difference` not `diff`. Well-known acronyms (OIDC, API, CPU, GPU) are fine.
+- **Trunk-based development** on the `master` branch.
+- **Linux only** — no macOS or Windows compatibility concerns.
+- **What is not tested is not supported.**
+
+## Upstream Synchronization
+
+Components track upstream releases. To update a component, use the corresponding script:
+
+```bash
+# Example — update notebook manifests
+./scripts/synchronize-notebooks-manifests.sh <upstream-tag>
+```
+
+These scripts fetch the upstream release, place it under `upstream/`, and open a PR. Never hand-edit files under `upstream/`.
@@ -75,7 +75,7 @@ This repository periodically synchronizes all official Kubeflow components from
 | Volumes Web Application | applications/notebooks-v1/upstream/volumes-web-app | [v1.11.0-rc.1](https://github.com/kubeflow/notebooks/tree/v1.11.0-rc.1/components/crud-web-apps/volumes/manifests) | 4m | 226Mi | 0GB |
 | Katib | applications/katib/upstream | [v0.19.0](https://github.com/kubeflow/katib/tree/v0.19.0/manifests/v1beta1) | 13m | 476Mi | 10GB |
 | KServe Models Web Application | applications/kserve/models-web-app | [c71ee4309f0335159d9fdfd4559a538b5c782c92](https://github.com/kserve/models-web-app/tree/c71ee4309f0335159d9fdfd4559a538b5c782c92/manifests/kustomize) | 6m | 259Mi  | 0GB |
-| KServe | applications/kserve/kserve | [v0.17.0](https://github.com/kserve/kserve/tree/release-0.17/install/v0.17.0) | 600m | 1200Mi | 0GB |
+| KServe | applications/kserve/kserve | [v0.18.0](https://github.com/kserve/kserve/tree/v0.18.0) | 600m | 1200Mi | 0GB |
 | Kubeflow Pipelines | applications/pipeline/upstream | [2.16.0](https://github.com/kubeflow/pipelines/tree/2.16.0/manifests/kustomize) | 970m | 3552Mi | 35GB |
 | Kubeflow Model Registry | applications/model-registry/upstream | [v0.3.8](https://github.com/kubeflow/model-registry/tree/v0.3.8/manifests/kustomize) | 510m | 2112Mi | 20GB |
 | Spark Operator	|	applications/spark/spark-operator	|	[2.5.0](https://github.com/kubeflow/spark-operator/tree/v2.5.0) | 9m | 41Mi | 0GB |