Server Configuration

Guidance on managing your Kubeflow Pipelines instances

By default, you can use Kubeflow Pipelines deployment manifests as provided, which aim to offer a standard configuration for most use cases. At the meantime, customizations are available for more advanced usage.

When deploying Kubeflow Pipelines servers, you can pass various environment variables to customize the behavior of servers.

Frontend Server

When deploying frontend server called ml-pipeline-ui, you can pass various environment variables to customize the server behavior for your namespace. Some examples are shown in the ml-pipeline-ui-deployment.yaml.

Artifact storage endpoint allowlist

You can configure ALLOWED_ARTIFACT_DOMAIN_REGEX to allowlist object storage endpoint that your frontend server will fetch artifacts from. If the domain that frontend server tries to fetch does not match the regular expression defined in ALLOWED_ARTIFACT_DOMAIN_REGEX, it will return error to users that the requested domain is not allowed.

Standalone Kubeflow Pipelines deployment

By default, the value for ALLOWED_ARTIFACT_DOMAIN_REGEX is "^.*$". You can customize this value for your users, for example: ^.*.yourdomain$ in the ml-pipeline-ui-deployment.yaml.

Full fledged Kubeflow deployment

For full fledged Kubeflow, each namespace corresponds to a project with the same name. To configure the ALLOWED_ARTIFACT_DOMAIN_REGEX value for user namespace, add an entry in ml-pipeline-ui-artifact just like this example in sync.py for ALLOWED_ARTIFACT_DOMAIN_REGEX environment variable, the entry is identical to the environment variable instruction in Standalone Kubeflow Pipelines deployment.

Proxy

Since KFP 2.5, you can set a server-scoped proxy configuration for the backend by setting any of the following environment variables (in uppercase) in the API Server deployment. All variables are optional.

HTTP_PROXY
HTTPS_PROXY
NO_PROXY

If HTTP_PROXY or HTTPS_PROXY is set and NO_PROXY is not set, NO_PROXY will automatically be set to localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc,metadata-grpc-service,0,1,2,3,4,5,6,7,8,9.

Example of an API Server deployment with `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` set

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ml-pipeline
    application-crd-id: kubeflow-pipelines
  name: ml-pipeline
  namespace: kubeflow
spec:
  selector:
    matchLabels:
      app: ml-pipeline
      application-crd-id: kubeflow-pipelines
  template:
    metadata:
      annotations:
        cluster-autoscaler.kubernetes.io/safe-to-evict: "true"
      labels:
        app: ml-pipeline
        application-crd-id: kubeflow-pipelines
    spec:
      containers:
      - env:
        - name: HTTP_PROXY
          value: http://squid.squid.svc.cluster.local:3128
        - name: HTTPS_PROXY
          value: http://squid.squid.svc.cluster.local:3128
        - name: NO_PROXY
          value: localhost,127.0.0.1,.svc.cluster.local,kubernetes.default.svc,metadata-grpc-service,0,1,2,3,4,5,6,7,8,9

Feedback

Was this page helpful?

Thank you for your feedback!

We're sorry this page wasn't helpful. If you have a moment, please share your feedback so we can improve.

Last modified April 14, 2025: pipelines: Added proxy documentation (#4073) (5c9995d)