Add Kubeflow Model Registry Network Policies

[lampajr]

As discussed in the last Manifests WG (2nd May, 2024) we need to setup Network Policies for the new Kubeflow Model Registry, this seems required to make the pod accessible from namespaces other than the kubeflow one.

The new network policy should be added here: https://github.com/kubeflow/manifests/blob/master/common/networkpolicies/base/

A good starting point, as suggested in the meeting is: https://github.com/kubeflow/manifests/blob/master/common/networkpolicies/base/ml-pipeline.yaml

Open question:

Do we need to apply network policy for both ports (8080, the REST interface and 9090, the gRPC interface) ?

NOTE: This is a non-blocker for Kubeflow 1.9 release as KFMR won't be deployed by default

[lampajr]

fyi @tarilabs @rimolive

[juliusvonkohout]

"Do we need to apply network policy for both ports (8080, the REST interface and 9090, the gRPC interface) ?" everything that sould be reachable outside of the Kubeflow namespace must be exposed.

[tarilabs]

/assign @tarilabs

(data mgt)