Finish and upstream the minio replacement

[juliusvonkohout]

Validation Checklist

• I confirm that this is a Kubeflow-related issue.
• I am reporting this in the appropriate repository.
• I have followed the Kubeflow installation guidelines.
• The issue report is detailed and includes version numbers where applicable.
• I have considered adding my company to the adopters page to support Kubeflow and help the community, since I expect help from the community for my issue (see 1. and 2.).
• This issue pertains to Kubeflow development.
• I am available to work on this issue.
• You can join the CNCF Slack and access our meetings at the Kubeflow Community website. Our channel on the CNCF Slack is here #kubeflow-platform.

Version

master

Detailed Description

Follow up of #3051 (comment)

@akagami-harsh @milinddethe15 @pschoen-itsc

Steps to Reproduce

In a follow up PR we should

• check whether ubuntu-latest-16-cores is really needed instead of the smaller nodes
• test it also in https://github.com/kubeflow/manifests/blob/master/.github/workflows/full_kubeflow_integration_test.yaml
• Add security checks to fest for unauthorized access
• Adjust the Argo Workflow-Controller configuration map to achieve the same for V1 pipelines (easy, did so before)
• See how we can upstream that to KFP
• Fix ./tests/gh-actions/install_pipelines_swfs.sh
  shell: /usr/bin/bash -e {0}
  Installing Pipelines ...
  customresourcedefinition.apiextensions.k8s.io/compositecontrollers.metacontroller.k8s.io created
  customresourcedefinition.apiextensions.k8s.io/controllerrevisions.metacontroller.k8s.io created
  customresourcedefinition.apiextensions.k8s.io/decoratorcontrollers.metacontroller.k8s.io created
  Waiting for crd/compositecontrollers.metacontroller.k8s.io to be available ...
  customresourcedefinition.apiextensions.k8s.io/compositecontrollers.metacontroller.k8s.io condition met
  Warning: 'vars' is deprecated. Please use 'replacements' instead. [EXPERIMENTAL] Run 'kustomize edit fix' to update your Kustomization automatically.
• WARNING: PSS violation detected for namespace kubeflow
  Warning: existing pods in namespace "kubeflow" violate the new PodSecurity enforce level "restricted:latest"
  Warning: init-seaweedfs-pg9jk (and 3 other pods): seccompProfile

Thank you everyone!
I am pushing this for 4 years or so and even had google and redhat employees involved, back then even Amazon. It is fundamental for CVEs, maintainabiliy (minio is now stuck for 5 years or so) and hard multi-tenancy as basic requirement for a sane platform. We also had approaches there for several years with minio. it started all in 2020 here kubeflow/pipelines#4649 and went via kubeflow/pipelines#7725 (2022) and #2826 (October 2024) to #3051 (2025). Without that experimental and extended tests it would have been very hard to pull of and coordinate. I want to especially highlight @pschoen-itsc who spent his effort here for the public health sector in Germany where many insurances need hard multi-tenancy to process data.

Screenshots or Videos (Optional)

No response

[juliusvonkohout]

@akagami-harsh

[juliusvonkohout]

/assign @akagami-harsh

[google-oss-prow]

@juliusvonkohout: GitHub didn't allow me to assign the following users: akagami-harsh.

Note that only kubeflow members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @akagami-harsh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[akagami-harsh]

/assign

[juliusvonkohout]

SO what is missing is
"test it also in https://github.com/kubeflow/manifests/blob/master/.github/workflows/full_kubeflow_integration_test.yaml"

and then in the next call we can discuss how to upstream it.