Kubeflow 26.03.1 is a large calendar release bundling upgrades across Pipelines, Kserve, Trainer, Notebooks, Dashboard, Istio, Knative, Dex, cert-manager, and oauth2-proxy, alongside a breaking rename of model-registry to hub and a relocation of model registry/catalog namespaces that operators must account for before upgrading.
breakingmodel-registry package renamed to hub
The kubeflow/model-registry package has been renamed to kubeflow/hub. Update manifests, kustomizations, and any automation referencing the old package name.
breakingModel registry now deploys to user profile namespace
Model registry deployments now land in the user's profile namespace instead of the shared default namespace. Review per-user access, RBAC, and any scripts that assumed a fixed default-namespace location.
breakingModel catalog moved to cluster-wide singleton
The model catalog is now split out into the kubeflow namespace as a single cluster-wide instance rather than one per namespace. Check for per-namespace catalog customizations that would need consolidation.
enhancementModel registry with UI now on by default
Model registry with its UI is now enabled by default. Clusters that previously left it off will get it running after upgrade unless explicitly disabled.
Key changes (7)
- Breaking: kubeflow/model-registry renamed to kubeflow/hub, with model registry relocated to per-user profile namespaces and the model catalog consolidated into a cluster-wide singleton in the kubeflow namespace
- Model registry with UI is now enabled by default
- Major component bumps: Kubeflow Pipelines 2.16.1, Kserve/Kserve Web App v0.18.0, Kubeflow Trainer v2.2.0, Notebooks v1.11.0 (Workspaces v2 at v2.0.0-alpha.3), Dashboard toward v2.0.0
- Platform dependency updates: Istio 1.30.1 (hostUsers: false support), Knative 1.22.0 (new eventing security overlay), cert-manager 1.20.2 (overlay split from base), oauth2-proxy v7.15.2, Dex 2.45.1 (now 2 replicas, no sticky service)
- CI/infra: PSS restricted and network policies added for optional knative-eventing, move to Kind 0.32+ and Kubernetes 1.36, dependabot with SHA-pinned Actions
- Docs restructured with version-specific upgrade notes, including Kserve v0.16.x to v0.17.0 migration guidance
- trivy scanning temporarily removed from CI, to be re-enabled later