From a56df7fe85514f097192437c3a103f6a99c94804 Mon Sep 17 00:00:00 2001
From: Cyber Nagle <nagle.zhang@qq.com>
Date: Mon, 21 Oct 2024 17:47:27 +0800
Subject: [PATCH] feat: add doc to describe use oauth2proxy directly. (#2884)

* feat: add doc to describe use oauth2proxy directly.

Signed-off-by: Cyber Nagle <nagle.zhang@qq.com>

* fix: typos for OAuth2 Proxy doc.

Signed-off-by: Cyber Nagle <nagle.zhang@qq.com>

* feat: move oauth2 proxy doc to common/oauth2-proxy/README.md.

Signed-off-by: Cyber Nagle <nagle.zhang@qq.com>

* rephrasing and consolidating

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* remove outdated documentation

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

* further documentation improvements

Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>

---------

Signed-off-by: Cyber Nagle <nagle.zhang@qq.com>
Signed-off-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
Co-authored-by: juliusvonkohout <45896133+juliusvonkohout@users.noreply.github.com>
---
 README.md                                     | 38 ++++-------
 common/oauth2-proxy/README.md                 | 65 ++++++++++++++-----
 .../oauth2-proxy/components/oauth2-flow.svg   | 13 ++++
 3 files changed, 73 insertions(+), 43 deletions(-)
 create mode 100644 common/oauth2-proxy/components/oauth2-flow.svg

diff --git a/README.md b/README.md
index cefcc3ac25..6743c64a44 100755
--- a/README.md
+++ b/README.md
@@ -220,7 +220,8 @@ kubectl wait --for=condition=Ready pods --all -n istio-system --timeout 300s
 
 #### Oauth2-proxy
 
-The oauth2-proxy extends your Istio Ingress-Gateway capabilities, to be able to function as an OIDC client:
+The oauth2-proxy extends your Istio Ingress-Gateway capabilities, to be able to function as an OIDC client.
+It supports user sessions as well as proper token-based machine to machine authentication.
 
 ```sh
 echo "Installing oauth2-proxy..."
@@ -234,19 +235,20 @@ echo "Installing oauth2-proxy..."
 kustomize build common/oauth2-proxy/overlays/m2m-dex-only/ | kubectl apply -f -
 kubectl wait --for=condition=ready pod -l 'app.kubernetes.io/name=oauth2-proxy' --timeout=180s -n oauth2-proxy
 
-# Option 2: works on Kind/K3D clusters, and allows K8s service account tokens to be used
-#           from outside the cluster via the Istio ingress-gateway.
+# Option 2: works on Kind/K3D and other clusters with the proper configuration, and allows K8s service account tokens to be used
+#           from outside the cluster via the Istio ingress-gateway. For example for automation with github actions.
 # 
 #kustomize build common/oauth2-proxy/overlays/m2m-dex-and-kind/ | kubectl apply -f -
 #kubectl wait --for=condition=ready pod -l 'app.kubernetes.io/name=oauth2-proxy' --timeout=180s -n oauth2-proxy
 #kubectl wait --for=condition=ready pod -l 'app.kubernetes.io/name=cluster-jwks-proxy' --timeout=180s -n istio-system
 ```
 
-It supports user sessions as well as proper token-based machine to machine authentication.
+If you want to use OAuth2 Proxy without Dex and conenct it directly to your own IDP, you can refer to this [document](common/oauth2-proxy/README.md#change-default-authentication-from-dex--oauth2-proxy-to-oauth2-proxy-only). But you can also keep Dex and extend it with connectors to your own IDP.
+TODO: rough guidance on how to connect Dex to a generic IDP with OIDC.
 
 #### Dex
 
-Dex is an OpenID Connect Identity (OIDC) with multiple authentication backends. In this default installation, it includes a static user with email `user@example.com`. By default, the user's password is `12341234`. For any production Kubeflow deployment, you should change the default password by following [the relevant section](#change-default-user-password).
+Dex is an OpenID Connect (OIDC) identity provider with multiple authentication backends. In this default installation, it includes a static user with email `user@example.com`. By default, the user's password is `12341234`. For any production Kubeflow deployment, you should change the default password by following [the relevant section](#change-default-user-password).
 
 Install Dex:
 
@@ -255,7 +257,7 @@ echo "Installing Dex..."
 kustomize build common/dex/overlays/oauth2-proxy | kubectl apply -f -
 kubectl wait --for=condition=ready pods --all --timeout=180s -n auth
 ```
- 
+
 #### Knative
 
 Knative is used by the KServe official Kubeflow component.
@@ -321,27 +323,7 @@ Install the [Multi-User Kubeflow Pipelines](https://www.kubeflow.org/docs/compon
 ```sh
 kustomize build apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user | kubectl apply -f -
 ```
-This installs argo with the runasnonroot emissary executor. Please note that you are still responsible to analyze the security issues that arise when containers are run with root access and to decide if the kubeflow pipeline main containers are run as runasnonroot. It is in general strongly recommended that all user-accessible OCI containers run with Pod Security Standards [restricted]
-(https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted)
-
-**Multi-User Kubeflow Pipelines dependencies**
-
-* Istio
-* Kubeflow Roles
-* OIDC Auth Service (or cloud provider specific auth service)
-* Profiles + KFAM
-
-**Alternative: Kubeflow Pipelines Standalone**
-
-You can install [Kubeflow Pipelines Standalone](https://www.kubeflow.org/docs/components/pipelines/installation/standalone-deployment/) which
-
-* does not support multi user separation
-* has no dependencies on the other services mentioned here
-
-You can learn more about their differences in [Installation Options for Kubeflow Pipelines
-](https://www.kubeflow.org/docs/components/pipelines/installation/overview/).
-
-Besides installation instructions in Kubeflow Pipelines Standalone documentation, you need to apply two virtual services to expose [Kubeflow Pipelines UI](https://github.com/kubeflow/pipelines/blob/1.7.0/manifests/kustomize/base/installs/multi-user/virtual-service.yaml) and [Metadata API](https://github.com/kubeflow/pipelines/blob/1.7.0/manifests/kustomize/base/metadata/options/istio/virtual-service.yaml) in kubeflow-gateway.
+This installs argo with the runasnonroot emissary executor. Please note that you are still responsible to analyze the security issues that arise when containers are run with root access and to decide if the kubeflow pipeline main containers are run as runasnonroot. It is in general strongly recommended that all user-accessible OCI containers run with Pod Security Standards [restricted](https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted).
 
 #### KServe
 
@@ -559,6 +541,8 @@ For example, running the above command locally with required packages like _pass
 
 4. Try to login using the new dex password.
 
+
+
 ## Upgrading and extending
 
 For modifications and in place upgrades of the Kubeflow platform we provide a rough description for advanced users:
diff --git a/common/oauth2-proxy/README.md b/common/oauth2-proxy/README.md
index 2110e0b7a0..3ebe06c273 100644
--- a/common/oauth2-proxy/README.md
+++ b/common/oauth2-proxy/README.md
@@ -1,17 +1,5 @@
 # Kubeflow Authentication using Oauth2 Proxy
 
-## Istio Envoy Filter
-
-> EnvoyFilter provides a mechanism to customize the Envoy configuration generated by Istio Pilot. Use EnvoyFilter to modify values for certain fields, add specific filters, or even add entirely new listeners, clusters, etc.[^1]
-
-Kubeflow will use an Envoy Filter for every incoming request when is used
-with `oidc-authservice`.
-
-Usage of EnvoyFilter is currently not recommended. The preferred method for configuring External
-Authentication in Istio is the `envoyExtAuthzHttp` extension provider[^2].
-
-Envoy Filter is set up with [oidc-authservice](https://github.com/arrikto/oidc-authservice).
-
 ## Istio envoyExtAuthzHttp
 
 This is Istio's recommended approach for External Authorization[^2]. It is not limited to the use
@@ -20,11 +8,11 @@ current and foreseeable authentication needs.
 
 ## Kubeflow Pipelines User and M2M Authentication and Authorization
 
-Kubeflow Pipelines component relies on the built-in kubernetes functionalities to authenticate and authorize
+The Kubeflow Pipelines component relies on the built-in kubernetes functionalities to authenticate and authorize
 user requests, specifically the TokenReviews[^4] and SubjectAccessReview[^5].
 
 The best way to describe how it works is to explain with an example. Lets analyze the flow
-when client calls API to list the KF Pipeline Runs:
+when a client calls the API to list the KF Pipeline runs:
 
 1. api-server starts endpoints in:
 
@@ -76,10 +64,55 @@ when client calls API to list the KF Pipeline Runs:
      {}  # empty response which is fine because no pipeline runs exist
      ```
 
-### Auth analysis diagram for Kubeflow Pipelines
-
+### Authentication and Authorization analysis diagram for Kubeflow Pipelines
 ![Kubeflow Auth Diagram](./components/kubeflow_auth_diagram.svg)
 
+### Change the default authentication from "Dex + Oauth2-proxy" to "Oauth2-proxy" only
+
+The authentication in Kubeflow evolved over time and we dropped envoyfilters and oidc-authservice in favor of RequestAuthentication and Oauth2-proxy in Kubeflow 1.9.
+![auth-flow](components/oauth2-flow.svg)
+
+You can adjust OAuth2 Proxy to directly connect to your own IDP(Identity Provider) suchg as GCP, [AWS](https://docs.aws.amazon.com/cognito/latest/developerguide/federation-endpoints-oauth-grants.html), Azure etc:
+
+1. Create an application on your IdP (purple line)
+2. Change your [OAuth2 Proxy issuer](https://github.com/kubeflow/manifests/blob/35539f162ea7fafc8c5035d8df0d8d8cf5a9d327/common/oauth2-proxy/base/oauth2-proxy-config.yaml#L10) to your IdP. Of course never ever directly, but with kustomize overlays and components.
+3. In the istio-system namespace is a RequestAuthentication resource. You need to change its issuer to your own IdP, or even better create an additional one.
+4. You can now directly issue a token from your IdP and use this token to access your Kubeflow platform. 
+
+This feature is useful when you need to integrate kubeflow with you current CI/CD platform (GitHub Actions, Jenkins) via machine-to-machine authentication.
+
+Example for obtaining and using a JWT token From your IDP:
+```
+import requests
+token_url = "https://your-idp.com/oauth/token"
+client_id = "YOUR_CLIENT_ID"
+client_secret = "YOUR_CLIENT_SECRET"
+username = "YOUR_USERNAME"
+password = "YOUR_PASSWORD"
+# request header
+headers = {
+    "Content-Type": "application/x-www-form-urlencoded"
+}
+data = {
+    "grant_type": "password",
+    "client_id": client_id,
+    "client_secret": client_secret,
+    "username": username,
+    "password": password,
+    "scope": "openid profile email"  #change your scope
+}
+response = requests.post(token_url, headers=headers, data=data)
+TOKEN = response.json()['access_token']
+```
+
+```
+import kfp
+kubeflow_host="https://your_host"
+pipeline_host = kubeflow_host + "/pipeline" 
+client = kfp.Client(host=pipeline_host, existing_token=TOKEN)
+print(client.list_runs(namespace="your-profile-name"))
+```
+
 ## Kubeflow Notebooks User and M2M Authentication and Authorization
 
 The underlying mechanism is the same as in Kubeflow Pipelines.
diff --git a/common/oauth2-proxy/components/oauth2-flow.svg b/common/oauth2-proxy/components/oauth2-flow.svg
new file mode 100644
index 0000000000..eee8551ada
--- /dev/null
+++ b/common/oauth2-proxy/components/oauth2-flow.svg
@@ -0,0 +1,13 @@
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 891.0298080444336 472.17504508271804" width="891.0298080444336" height="472.17504508271804">
+  <!-- svg-source:excalidraw -->
+  
+  <defs>
+    <style class="style-fonts">
+      @font-face {
+        font-family: Virgil;
+        src: url(data:font/woff2;base64,d09GMgABAAAAABJoAAsAAAAAHRgAABIcAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAABmAAfBEICrEEpBYLQAABNgIkA3wEIAWDHAcgG6sVUZSuWo7siwPbWNHo7IhKSSiiYmq2Y6uZfuiS9SzXZw3RNu//iZZ8MGkLAwTtKS2IgYWVWDV77TJ0lboqdRntqgm+3++393zMo4dikkUk4YkGJZDEQiPjIdNIHn06jf76X6sf4JCb/sN6N74TCKkDSar61CcIX2VZX9Z2PRJIxbAkrad9YgbclyM3K/x3oT2vX0utrOidrl3a3XYEyYX7y4K/k5yYPCw+//crnTf0z1CkRtMAjw7K+2/yTtcGRWskpcGCROWbpUgbWpIFhLI1WDPbAs5sc+ahE1xfPRXAhAmaAbAAfACnAwAsimkwAFNAgF9MO2wBfF0QAQAEO2bMGo1ATaAt1/xvEsCuXaBmAIDDslEPPcF/RD7QpzCXYFsRaKHAKCuh6D/ACc7nJ0AoM6tyVeq0ZeBUCiH2BSrVaPisst/sanY5O5ftd0skFPAHgROUEWR8QqTRHgChBQDiqjUNIxRJCk+8EcgdRODJ9KXVeOY6ZKEKZlGoMJwt4wakKbiZ6XqeS7zY6CzwZvsai6xh1pzYeedEtJw5kdG1sT+ZAa0nlvt/m0ugCWSddid2oMIoPBDoCwjC8PMaSCLLYiC61q+7E4pjJZbcCpfuBLr0ml4keQgYY7OszMpI38n8PLFz98oJVIWzwp2xFBvo+3bNUGD0Kd7MRX4e9GLaGOBECG7pGsjppEx+mo9XFK7Y2HpKQL6SnIhTukNMMVjPdVf4JoVCnMDH6r7k39NlAAgYQ3qMKE6JhG3jOMG2k/JcejN8SdFGyDHFmVFjTGFhLRGcR5OXQOrHqdWeKAnhVyFUD5BE/UvTq/3tEnqHdPxKnxx2k7jNTxxwayUpPEd3QRByTzjCIM4CY0TWl8gy578dWcwpP2yIFARN0BjViJPSkCtdJwHZBAAkSVrpYS7V7JRyg6bY5rBSsbEdb0rgeYzNzgKpSvQIgGQ+D11xZGHjbkxl1ACMDtKGneT1uep8/4l+hup+J+LKqJiQQgkKaaCGMIatSSl0hfdYTa7Gaj1+qAICx5WW+pAxB23q62Jn2cpMeY7DShhSLqV6cEAmqS6D7Y4LCOLfQbqNz+u0m8pVarBEI/5whukOVCb6NpqOcXsK72Os2Rhxvv6BRiULygGZKdJfcqhyFycO2txlomNVv9vozb4f0ZB3caVCGaqWQSw15qyCTxl2UF0aJ1l/J8o3xcOiKRoTmWu7to/HF7qu8ImeAHkVGLOipyd2+Fh6u1bI2z0kvTL5S+gQ6XtRXiy4+MfYmvkVXQQRqi+bcXP6p2V13Bx/zgoWoPPRxhzch4p2lqs4odgpvLxOwxzexug6GFYFYXix1ENhGr/wNxPsIwCym+rVreoSgRg1Fw8/358E6feddQKPko7v8VkN5PUCENqV28TCl+FLunLBZhv3Ns/CM6+pN0VTXOaWwuj7c3PwpIer+XMv8lWUF+x7IqYtaGh8QN1UDDgNlrdpCZU2TpLCjyhxCeAwojOBSCmhVE/uZRtzepyMnRUwqiD7p2QCpNqbEwaJLJiHqJzaiTHLejDkcU1TNN3n9S/ZP5ye9fx62hrxmQ2oTgmXMUTnjw1gNjbDMVT8oxJN2Ih3unED+bHUGE1vpYJ6XkyCemb4u34XxaiaBCAzVCYzbrVUoRFfSzNhqlgUYm/O1mZFIgg285kUqsJW0tFmpyAjN9J/DhtifuaGxgE26zQeQxf19eEbkix9S2lKAiUcQ1ksuqtYLDgCMMaQ7i6sIXFBX8RSpdaZnyPpvMKtD4Ol5Qxr6ZBYXMS+0EO68TYMc3y3smjTcBO5u3cP1QiZ572a7LWpmEtxbmTjxhrxtuX/O0OoCgJ/RaG5aeCqu7iIMYacpNirlv5uDIglT/9ghZy6ZIFEy21gJftNnoO/Um40KFcqc5D9TVtuBVMsCj6CfvHhaIuYTloiBZGWRSXKd+/SDaiSU+1gY0DTewGOD+9sWbiZ3/vxNi5VywExQKqAst6JtdP270dfr6ThFK15Zwzi83V6vC9iIU71JXWYdVNrmaKblvgyN/G+L8mByD5E6za0agiX+ujpiY27TrXHhMuQHqc7QUDkoeehqU3JX1iV0XWY1Bk9kGvxPD06hgcH/kuoJnieJCkxRapXyXCGOe0s5c/Z+Lh4MS+fsabnIXDwWjK19jmZzOLm6GE6PbEctzMgzaRsEipXCS3TtyfWrFOO5TImWNkwfRmOvRlnM6SbMZrSo1NiZVEWfTlWlAHqhivU2Jbnl1AVvbsITTDppr0lJUgJ/T0ddRxrQ7Z97GdF7yAp/EgAXxCQ9c7N+Gz9pj4dbC1V10UWLeriBuUDWI2TjrAYMFUJ3m7hM6ly3P01tue3qTv/Pc9XKpBrcmviplvDMe1GQt7DY1gTRG9jQERRNI6tTmSZFA+2Wk1nUBy6omin5QRnyG5i0UWZMWhByJzOMidcUCdz8aIwDcunnPKZzxz6NO9tDGrfBJPh/jAtPb8eeThYW85YbrXH4hm+wlyhap3sZyzuYahsGz/HpIBQUZt5rrNaTFgozj0yFWLvVXRLAvwRtXGBy0dCJS8gSarTLNDRPX+H3XWR3YN2uW/KgMafDj46h90z5/U+bVswqvuG81LyZM5aXpfnstT556RzV6+fu567vm8pPzfC3Cb7DxNr1RtSuuaBrqvsRVfl8xYt482TdE1CN+l5qAVqK3ru3plAzss7whm5pBqUTLuT2R6OPNsHCvszmtwWCDmRegtIMMUBU0Wj5iKl5jYMhfUG0kMH3WCQdX7tXgu+HNfvhrRHDCFppVvxi1p59bbq+R1VLAiFpJBSkKRRq/ZI/QtEb5JsgtCHRNBcXjFMnOylvVzSfm3k7GNaelSKW9mmCAG+qOsSY2itNSIZl3f59IJN/dBljkd3xIff+smYR2nbWUI6hFCOo47ii+DOaBC1m2A4D7TV0endrVkl2mJ5eB/x8XHBrPytzsedlAIVdBZuIufjTe5QltbRfqpdiln8gOlm832Jr0gn5OkWEM713Mjv/Q/RjDsMtXLFs5SuoPY2WDrnS2Si3H9Z2GW9k06ksk5FDPiNZgzWsrflDyN5W2YdrMZlw9EBdnByOiax9+4ovE35ozfRPCsVYiFZyvOTMmPoqWWk3aIpMXgC7sJkuAqC2S8RMLFQTWE9FO/G2hnLg7CvLRKNRrHOoM6mlZcJAP7AMyB+EXhb6pjiu4axy+BQb3pGI+hJxQ6M/jgVQSUrGBHLAfSVuq1LfJanKC7OeMgz30+6VirtHcCxEKcAhK6jI5Ae6hC8qSOocRj4pLWKyoBmHQ5ch/ecVHC7gY2VI3Isp5A/B3hfBA8Fnu8xztNin8PJnrvaQkICnajbUhel4hbhqlmFkukyYy6nzwLSRn48OcUrrtVKpip5seFcICjHRVlmwqBlzRfSjvxFco7GMwcznqi/HmnmjgVkxvmIzQzJLP9ujOZRoPghoNQWgrnTm1aYi/XLnmh47lMrbiakcrwhb8Mun2LRTJNDAp5RviDk7N0hCnuOaoWqqfjnDPo62DMcWsKjdLgXhmsVY2wl3hwnCeMGNNRuQlrxqhiMsjO9rw4DuL27SM6c91ROxV3GXJLLANZhvAt9EkErQJCvfZhEHMO0gO9nFYXUTZwbq8qHiqO9YvyI2ZCpSk0M6XUfMNDAr7NJjL62/jVslq5vrj0OODzUTO9A8zxeqk8IS2qiThxEep+Fqla+qv/YdLUqFimQ9XyLWFbNbHW0n8RGvPpSdLGKFVPA//sL9hJPTBjdHk/RdMOk/iS5sN+uBNa9bULu94pgwxIUQtoglJC/mDq8Ax+xcyDJ2eLLdcDV4KSUSgk/TqIG8CTsn+birI5xexOIx26Z770NZ/3DPhEWq4w2HzlBVZy6veknLhGU1EdnpTqXIJeyjD4YW5ouiKt6JsIphBCRpG7K1CCdKOI3y7cTX7CLKA3Rrph+/LkgDbHKzVKPnNcete0czuMxmA6CGIqieKudv65J5DndKoGCQHxx++oMzggxnz4jrA8H5XFx5Cwyq/f/kbxY32tj1em5Rf3u0UIiVrzubI/9QwpPH6ZOLU6Lk7w8bqWNpZUfPzWHlXZlbqQMfMbOlZxl7lzHZgKWEOIygoy/Gyec+WN8h1c7h6kDsR8FXOYe/azvIgSYq3GWyFBak5kcHiC3jA8zkcKTbUfig6MBroiy5+B2w5NBZn14uHldyW7GHYlAy87jT16E0J/I+zRjJEY8CeMaUmaQTaVPwKW23PV5yWQZgzOrF6odQdjfHq9KlbmMSrlORmcxF6okCIbqr5TDFiaSBTsS63mh5NEN4P/5fKeRRBK2m8jCNTe1lqCo0MTmpy91SfeWshk2MsH9qolrJDnoALU59zFknbkyeWNAelooo5zUgsJeU+nEHtMrZ7wVn453cn3lfuwCp7r2ii9B5A/B/l4V2h5AtWTaliIIJsDEwu6EYYYT65S+u8mkUletNws7Tb5dAmsq8VniNlPDsh/l87Aa+fNVFAauFMEZfxxutOYUAF3JARkdJxtscJ2Zfmm4gaa9DVf4Acs9mXwaD4ilvm2oC59KQqJJVCiHXQ7FUEO9yw4upbafYHNPQJxBiYBVqQkOTGL5xdcv1+/lm8mzXbFIKILF0HUDgiMVMiIJagJpO/FBt43XD9IJ3RUzKnvdolOZicghyOm1oAxHcmSWlDI12e6bTNEFBOCyX1XhXf665feqeVExE6JOKI0bo6qHuXy118kJ3uX7zfGy6oHeSpmnDTWHGMm0w/P5qhQ/HzSkY/7p0SKH3Zuwmc7uQFEy8MgyUPGdTW5y01/K8Pc1kaLbSarFGCI8ToivCCueNT9oa13dbds+hkc0aTUBlNRCSdlEfWdOYGuyxSXC+ZSTVnfm1oSVnc5mLFEIxKWVD2YrQo0nUlRKhOtv/UJrVDneukiQq69tT42a6Bops1Wi+2KWT6bS3gy/uQRohlnXpCEBb1x7tqrJqE+nstl3SZzW7mYJNRZedsZVa3Ssn9mSZCwsRD529OmbTZyksdjEgf6m3zeujv3+oC8RxpAo5uyGWNaVAUa9cPhwsHoPlOhqsek0GAHRdWvhnYe6UFY6RV7CLIUWlaE9flIorQT6GorbWzWXVq4Howq+G+lb6TPIRoo7qtvspBggXpZ/tvZpxhhayodGY5rYmw5eupeozh8SHGetFwwnX8qSXt4uhfA6AgDLHdUh5zbiEUx+N034UwL7FBNja2SfQ8k4bIY8eE67yf0e8uJG1GWolImSUqk4v28skWLUDbh+oh8FwcASaZi/17fCX2ROzNejotEzFgdiEcC9EQ0UPSdd/adBLE4VHP7pjZ/Ef7NrbvR65uMmiA55O+Bk5g611ZC7yPROu4qxE5rNOKxg9O3SutI/8kxnCiRqN4A24Sh0jVJTmn99/H0RMQNbg8ermTwUf0OhEWXB1XpmEOFW+THmLs5Z1qqn2vQNJjvDDiWq82npgweZ/PRGvSDgQpPdUW9agAjIVwKWEdNkkW4uUDaw5ZVbOhJKtCFdGR/ttoedvmiLjYCp76RPWB+RXKBGYDm2KFfXlhuWimEkCQzMIAiBvfWaE6O1fC+njkEDHHQCo01QeFX5y8fp58HEjq7YGL0znQSjxybpUnl3/LcuT1gAWrYpDTHH9jlqjBcvCrbT3brtwqwqTQHJxB3pyfg+MhonG0DyKabnW6Ktuzeo2Od7V2H0EVOTh/JcRHHtUplF9R4Ok9bxtkRuDBhVkh3oRHommC3V9JwCAAQYfvK3Ms8h4iuBjLwEMNyurD4DrvB4xfvu/7//V95rzDAAAAHswqfrSuZLFIKm1jzJ+ckgQP9NCtUAbXL4L04CXfyVEQWAH0LAidnAJRYCVvoDTd8QIxTAIQbM9Pz/4/QVLb0Hju4AbHrx/3PCg9h0BXDDG6DpHeClTa9G+IAWgf8/RwjwCDKgRwHgRgBwSNcAMyYmvvsAB3gRgX4T6rgdhpcJAeURAQAd4ODLAqHot8BoVlkQNlYLBirMguXGBbg5gKS7XINS/V2nryT2F2lCAUN5YieDB9eqISCnqoLfbbKrxVHKkMDIKE+ES+YT7rYULsBiJ4R/VGIFzyfHaZKrdjq1ekfxE+WL1co0EvBUxOvGXEFBJYFCZUkgQ4YmUbdAgpaYRYwxjDU+0LRAsYrK4LcoaVTRdIGvkcEfsN+IHc1zFIvyCHjCAgA=);
+          }
+    </style>
+    
+  </defs>
+  <rect x="0" y="0" width="891.0298080444336" height="472.17504508271804" fill="#ffffff"></rect><g stroke-linecap="round" transform="translate(158 137.17504508271804) rotate(0 57 55)"><path d="M27.5 0 C45.31 1.89, 66.02 0.17, 86.5 0 C107.87 -2.56, 117.53 5.82, 114 27.5 C111.01 51.62, 113.8 73.84, 114 82.5 C113.78 99.61, 101.79 108.37, 86.5 110 C70.42 113.94, 51.86 110.32, 27.5 110 C8.89 107.74, -2.18 98.08, 0 82.5 C1.35 71.78, -1.16 55.16, 0 27.5 C-2.06 6.9, 8.46 0.31, 27.5 0" stroke="none" stroke-width="0" fill="#b2f2bb"></path><path d="M27.5 0 C48.93 -2.29, 73.62 -2.22, 86.5 0 M27.5 0 C50.84 0.48, 73.91 -0.64, 86.5 0 M86.5 0 C103.37 0.53, 112.1 10.69, 114 27.5 M86.5 0 C104.62 -1.74, 113.3 9.38, 114 27.5 M114 27.5 C115.72 40.58, 115.49 54.79, 114 82.5 M114 27.5 C113.59 40.09, 113.14 53.1, 114 82.5 M114 82.5 C114.91 99, 104.97 108.18, 86.5 110 M114 82.5 C113.33 99.11, 103.85 109.32, 86.5 110 M86.5 110 C67.86 110.63, 45.14 108.61, 27.5 110 M86.5 110 C63.17 108.59, 40.86 109.29, 27.5 110 M27.5 110 C10.21 111.94, -1.2 99.94, 0 82.5 M27.5 110 C7.14 111.44, 1.49 102.35, 0 82.5 M0 82.5 C0.82 60.41, -1.05 41.32, 0 27.5 M0 82.5 C-0.3 64.97, -1.43 47.13, 0 27.5 M0 27.5 C-0.47 8.82, 8.91 1.73, 27.5 0 M0 27.5 C0.72 7.07, 7.46 -0.35, 27.5 0" stroke="#2f9e44" stroke-width="1" fill="none"></path></g><g transform="translate(173.9400405883789 154.67504508271804) rotate(0 41.059959411621094 37.5)"><text x="41.059959411621094" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#2f9e44" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">istio </text><text x="41.059959411621094" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#2f9e44" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">ingress </text><text x="41.059959411621094" y="67.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#2f9e44" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">gateway</text></g><g stroke-linecap="round" transform="translate(42 144.17504508271804) rotate(0 12 16)"><path d="M13.34 -0.3 C15.75 0.02, 19.33 2.84, 21.16 5.51 C22.99 8.18, 24.21 12.31, 24.32 15.71 C24.42 19.1, 23.36 23.27, 21.78 25.88 C20.21 28.49, 17.46 30.6, 14.88 31.35 C12.29 32.11, 8.58 31.87, 6.27 30.41 C3.96 28.95, 2.01 25.77, 1.01 22.59 C0 19.4, -0.52 14.72, 0.23 11.3 C0.99 7.87, 3.29 3.92, 5.54 2.05 C7.79 0.18, 12.3 0.34, 13.73 0.08 C15.15 -0.17, 14.04 0.22, 14.11 0.53 M9.34 0.86 C11.68 -0.07, 14.54 0.11, 16.86 1.67 C19.18 3.23, 22.18 6.93, 23.27 10.2 C24.35 13.47, 24.22 17.97, 23.35 21.29 C22.47 24.61, 20.26 28.27, 18.01 30.14 C15.77 32.02, 12.28 32.97, 9.86 32.55 C7.44 32.12, 5.26 30.1, 3.5 27.58 C1.74 25.06, -0.48 20.84, -0.68 17.43 C-0.88 14.02, 0.64 10.02, 2.29 7.14 C3.95 4.26, 8.17 1.29, 9.24 0.16 C10.31 -0.97, 8.68 0.18, 8.71 0.39" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g><g stroke-linecap="round" transform="translate(29 175.17504508271804) rotate(0 25 39)"><path d="M14.67 3.2 C18.66 -0.6, 24.99 -1.02, 29.84 0.37 C34.7 1.76, 40.54 6.23, 43.8 11.55 C47.05 16.87, 48.89 24.78, 49.38 32.32 C49.87 39.85, 49.07 49.72, 46.74 56.76 C44.42 63.8, 39.71 70.95, 35.43 74.56 C31.15 78.16, 25.84 79.75, 21.07 78.37 C16.3 76.99, 10.3 71.97, 6.82 66.28 C3.34 60.58, 0.97 51.87, 0.2 44.21 C-0.57 36.54, -0.56 27.43, 2.2 20.29 C4.95 13.15, 13.66 4.52, 16.75 1.39 C19.83 -1.74, 20.35 0.89, 20.7 1.51 M22.99 0.22 C27.85 -0.57, 34.49 2.15, 38.85 6.38 C43.2 10.61, 47.47 18.59, 49.13 25.59 C50.79 32.6, 50.05 40.97, 48.8 48.4 C47.55 55.83, 45.54 65.21, 41.61 70.19 C37.69 75.18, 30.35 78.08, 25.23 78.33 C20.11 78.57, 14.56 75.64, 10.9 71.68 C7.24 67.72, 4.91 61.77, 3.28 54.57 C1.66 47.38, 0.39 36.1, 1.16 28.51 C1.93 20.93, 4.4 13.83, 7.91 9.07 C11.43 4.32, 19.51 1.22, 22.25 -0.01 C25 -1.24, 24.42 0.93, 24.39 1.69" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g><g stroke-linecap="round" transform="translate(520 352.17504508271804) rotate(0 57 55)"><path d="M27.5 0 C46.89 -0.36, 62.53 0.88, 86.5 0 C106.74 -1.68, 117.33 6.5, 114 27.5 C111.76 50.23, 117.15 68.99, 114 82.5 C111.78 100.3, 103.63 112.66, 86.5 110 C71.96 111.77, 61.68 110.45, 27.5 110 C11.18 110.14, 0.28 101.59, 0 82.5 C0.44 64.69, -2.25 41.63, 0 27.5 C-0.11 11.12, 12.58 2.2, 27.5 0" stroke="none" stroke-width="0" fill="#a5d8ff"></path><path d="M27.5 0 C46.46 1.58, 63.59 0.32, 86.5 0 M27.5 0 C41.73 0.2, 57.99 -0.51, 86.5 0 M86.5 0 C106.12 -1.02, 112.58 8.27, 114 27.5 M86.5 0 C104.35 1.49, 112.21 9.53, 114 27.5 M114 27.5 C116.01 38.51, 113.91 50.64, 114 82.5 M114 27.5 C114.47 46.37, 114.48 64.94, 114 82.5 M114 82.5 C112.01 100.93, 104.93 109.91, 86.5 110 M114 82.5 C115.76 101.28, 102.95 109.07, 86.5 110 M86.5 110 C72.82 108.92, 55.38 111.09, 27.5 110 M86.5 110 C68.64 109.37, 49.01 109.32, 27.5 110 M27.5 110 C11.01 109.9, 1.8 102.32, 0 82.5 M27.5 110 C8.25 108.62, 1.29 102.32, 0 82.5 M0 82.5 C-0.18 70.54, -0.96 55.37, 0 27.5 M0 82.5 C-0.3 61.64, -1.18 42.58, 0 27.5 M0 27.5 C1.76 8.87, 10.82 -1.52, 27.5 0 M0 27.5 C-0.09 7.03, 8.94 0.93, 27.5 0" stroke="#1971c2" stroke-width="1" fill="none"></path></g><g transform="translate(559.3400115966797 394.67504508271804) rotate(0 17.659988403320312 12.5)"><text x="17.659988403320312" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1971c2" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">dex</text></g><g mask="url(#mask-eDAO9YePF9cwy_MlJXRju)" stroke-linecap="round"><g transform="translate(214 257.17504508271804) rotate(0 151 74.8306714394148)"><path d="M-1.11 0.94 C4.28 23.81, -19.08 113.43, 31.58 138.34 C82.24 163.25, 257.67 148.41, 302.84 150.41 M0.51 0.39 C5.86 23.39, -19.39 111.72, 30.94 136.4 C81.27 161.08, 257.14 146.51, 302.52 148.47" stroke="#1971c2" stroke-width="1" fill="none"></path></g><g transform="translate(214 257.17504508271804) rotate(0 151 74.8306714394148)"><path d="M279.17 157.42 C286.21 156.48, 290.77 154.78, 302.52 148.47 M279.17 157.42 C287.89 153.61, 296.12 151.54, 302.52 148.47" stroke="#1971c2" stroke-width="1" fill="none"></path></g><g transform="translate(214 257.17504508271804) rotate(0 151 74.8306714394148)"><path d="M278.88 140.32 C286.15 143.45, 290.77 145.82, 302.52 148.47 M278.88 140.32 C287.79 142.71, 296.12 146.84, 302.52 148.47" stroke="#1971c2" stroke-width="1" fill="none"></path></g></g><mask id="mask-eDAO9YePF9cwy_MlJXRju"><rect x="0" y="0" fill="#fff" width="616" height="506.83638796154764"></rect><rect x="188.60005950927734" y="382.67504508271804" fill="#000" width="112.79988098144531" height="25" opacity="1"></rect></mask><g transform="translate(188.60005950927734 382.67504508271804) rotate(0 175.85098464512402 -48.80581135803254)"><text x="56.399940490722656" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1971c2" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">envoy filter</text></g><g stroke-linecap="round" transform="translate(510 141.17504508271804) rotate(0 61 56.5)"><path d="M28.25 0 C50.41 0.42, 73.59 -3.43, 93.75 0 C113.63 -3.5, 123.38 8.07, 122 28.25 C125.29 50.12, 122.62 67.35, 122 84.75 C118.82 103.32, 113.73 115.43, 93.75 113 C80.75 113.52, 57.83 115.24, 28.25 113 C8.89 115.94, -2.79 100.56, 0 84.75 C-0.28 60.86, -1.9 41.88, 0 28.25 C-1.28 7.36, 12.97 3.12, 28.25 0" stroke="none" stroke-width="0" fill="#eaddd7"></path><path d="M28.25 0 C47.96 0.34, 71.14 1.9, 93.75 0 M28.25 0 C52.57 -1.3, 74.99 -0.66, 93.75 0 M93.75 0 C113.63 -0.15, 123.44 10.78, 122 28.25 M93.75 0 C114.77 1.59, 120.96 11.17, 122 28.25 M122 28.25 C121.69 48.87, 121.43 72.8, 122 84.75 M122 28.25 C122.06 41.72, 121.62 54.08, 122 84.75 M122 84.75 C123.58 105.29, 110.81 113.23, 93.75 113 M122 84.75 C120.84 105.15, 112.98 114.31, 93.75 113 M93.75 113 C71.09 114.07, 46.34 114.6, 28.25 113 M93.75 113 C74.12 112.62, 55.77 112.38, 28.25 113 M28.25 113 C9.7 111.06, -0.42 103.06, 0 84.75 M28.25 113 C10.75 112.54, -2.11 105.85, 0 84.75 M0 84.75 C1.03 66.57, 0.33 45.91, 0 28.25 M0 84.75 C0.26 68.17, 0.06 53.29, 0 28.25 M0 28.25 C-0.59 10.91, 8.39 1.2, 28.25 0 M0 28.25 C-1.49 9.46, 10.89 -2.08, 28.25 0" stroke="#846358" stroke-width="1" fill="none"></path></g><g transform="translate(535.4000396728516 172.67504508271804) rotate(0 35.59996032714844 25)"><text x="35.59996032714844" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#846358" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">oauth2</text><text x="35.59996032714844" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#846358" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">proxy</text></g><g mask="url(#mask-Dk-F827dNdTRGeji6DNsE)" stroke-linecap="round"><g transform="translate(275 194.17504508271804) rotate(0 111 1.0434736569641245)"><path d="M0.78 -0.57 C37.83 -0.32, 184.83 0.56, 221.52 1.08 M-0.27 1.74 C36.65 2.15, 183.07 2.3, 220.33 2.09" stroke="#846358" stroke-width="1" fill="none"></path></g><g transform="translate(275 194.17504508271804) rotate(0 111 1.0434736569641245)"><path d="M196.85 10.68 C201.49 7.7, 206.33 4.68, 220.33 2.09 M196.85 10.68 C205.36 8.3, 212.07 4.17, 220.33 2.09" stroke="#846358" stroke-width="1" fill="none"></path></g><g transform="translate(275 194.17504508271804) rotate(0 111 1.0434736569641245)"><path d="M196.82 -6.42 C201.4 -5.35, 206.25 -4.32, 220.33 2.09 M196.82 -6.42 C205.4 -2.97, 212.11 -1.27, 220.33 2.09" stroke="#846358" stroke-width="1" fill="none"></path></g></g><mask id="mask-Dk-F827dNdTRGeji6DNsE"><rect x="0" y="0" fill="#fff" width="597" height="296.2619923966463"></rect><rect x="332.25006103515625" y="182.71851873968217" fill="#000" width="107.4998779296875" height="25" opacity="1"></rect></mask><g transform="translate(332.25006103515625 182.71851873968217) rotate(0 53.37880510892256 12.262339315676627)"><text x="53.74993896484375" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#846358" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">auth policy</text></g><g stroke-linecap="round"><g transform="translate(80.95581799749948 205.88506267289858) rotate(0 33.02209100125026 -0.3550087950902707)"><path d="M0.2 -1.03 C11.26 -1.1, 55.28 -1.08, 66.1 -1.04 M-1.16 1.04 C9.78 1.21, 53.73 0.42, 65.18 0.32" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g><g transform="translate(80.95581799749948 205.88506267289858) rotate(0 33.02209100125026 -0.3550087950902707)"><path d="M41.8 9.18 C46.62 6.77, 54.27 2.68, 65.18 0.32 M41.8 9.18 C47.65 7.23, 54.37 3.16, 65.18 0.32" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g><g transform="translate(80.95581799749948 205.88506267289858) rotate(0 33.02209100125026 -0.3550087950902707)"><path d="M41.58 -7.92 C46.36 -5.58, 54.08 -4.93, 65.18 0.32 M41.58 -7.92 C47.66 -4.89, 54.45 -3.98, 65.18 0.32" stroke="#1e1e1e" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round"><g transform="translate(577 262.17504508271804) rotate(0 0.5 41)"><path d="M0.7 -0.58 C0.61 13.4, 0.04 69.35, 0 83.06 M-0.4 1.73 C-0.16 15.47, 2.22 67.98, 2.18 81.49" stroke="#846358" stroke-width="1" fill="none"></path></g><g transform="translate(577 262.17504508271804) rotate(0 0.5 41)"><path d="M-6.93 58.21 C-4.94 64.46, 0.91 73.16, 2.18 81.49 M-6.93 58.21 C-4.52 65.38, -2.77 71.33, 2.18 81.49" stroke="#846358" stroke-width="1" fill="none"></path></g><g transform="translate(577 262.17504508271804) rotate(0 0.5 41)"><path d="M10.17 57.8 C6.3 64.29, 6.3 73.13, 2.18 81.49 M10.17 57.8 C7.91 64.95, 5 71.02, 2.18 81.49" stroke="#846358" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round" transform="translate(722 245.17504508271804) rotate(0 64 58)"><path d="M29 0 C48.41 -1.29, 73.21 -0.95, 99 0 C115.14 0.7, 124.6 10.19, 128 29 C127.31 43.91, 131.15 53.89, 128 87 C129.51 104.01, 121.32 113.71, 99 116 C82.85 117.31, 71.42 118.65, 29 116 C7.96 116.45, -1.41 108.65, 0 87 C0.96 63.62, 1.36 38.25, 0 29 C-1.3 8.18, 7.57 -2.99, 29 0" stroke="none" stroke-width="0" fill="#ffec99"></path><path d="M29 0 C51.04 -1.83, 75.07 0.61, 99 0 M29 0 C46.36 0.28, 63.88 -0.76, 99 0 M99 0 C117.93 0.63, 127.2 7.82, 128 29 M99 0 C119.57 -0.87, 129.15 11.52, 128 29 M128 29 C127.13 45.82, 126.79 59.09, 128 87 M128 29 C127.21 49.05, 128.46 68.3, 128 87 M128 87 C127.48 106.91, 119.87 114.24, 99 116 M128 87 C126.23 106.46, 119.14 117.64, 99 116 M99 116 C70.19 117.34, 42.77 113.95, 29 116 M99 116 C83.81 115.37, 67.6 115.36, 29 116 M29 116 C11.31 114.1, 0.57 105.81, 0 87 M29 116 C10.47 116.05, 0 108.27, 0 87 M0 87 C-0.46 73.13, -1.65 61.96, 0 29 M0 87 C-0.97 71.7, -0.64 56.72, 0 29 M0 29 C-0.15 8.52, 10.83 -0.88, 29 0 M0 29 C1.53 9.99, 8.24 0, 29 0" stroke="#f08c00" stroke-width="1" fill="none"></path></g><g transform="translate(745.7300338745117 278.17504508271804) rotate(0 40.26996612548828 25)"><text x="40.26996612548828" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#f08c00" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Identity</text><text x="40.26996612548828" y="42.62" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#f08c00" text-anchor="middle" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">Provider</text></g><g stroke-linecap="round"><g transform="translate(645 203.17504508271804) rotate(0 69.5 18.81729689254962)"><path d="M0.09 -0.47 C20.67 -0.56, 100.48 -6.45, 123.69 -0.03 C146.91 6.4, 136.63 31.65, 139.38 38.1 M-1.32 -1.76 C19.14 -1.69, 99.75 -4.8, 123.11 1.5 C146.46 7.79, 136.44 30.14, 138.81 36.01" stroke="#6741d9" stroke-width="1" fill="none"></path></g><g transform="translate(645 203.17504508271804) rotate(0 69.5 18.81729689254962)"><path d="M131.76 16.81 C133.31 24.05, 136.28 29.62, 138.81 36.01 M131.76 16.81 C134.59 23.93, 135.86 29.72, 138.81 36.01" stroke="#6741d9" stroke-width="1" fill="none"></path></g><g transform="translate(645 203.17504508271804) rotate(0 69.5 18.81729689254962)"><path d="M145.75 16.77 C142.86 24.04, 141.38 29.62, 138.81 36.01 M145.75 16.77 C143.84 24.03, 140.36 29.83, 138.81 36.01" stroke="#6741d9" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round"><g transform="translate(642 409.17504508271804) rotate(0 76 -18.420529801324392)"><path d="M-0.8 -0.03 C21.92 0.07, 110.95 6.82, 136.32 0.68 C161.68 -5.45, 148.95 -30.44, 151.39 -36.86 M0.98 -1.08 C23.56 -1.34, 110.65 4.67, 135.53 -1.08 C160.42 -6.82, 147.79 -29.52, 150.3 -35.55" stroke="#1971c2" stroke-width="1" fill="none"></path></g><g transform="translate(642 409.17504508271804) rotate(0 76 -18.420529801324392)"><path d="M158.01 -17 C155.64 -22.1, 154.5 -29.22, 150.3 -35.55 M158.01 -17 C155.54 -22.83, 152.82 -27.94, 150.3 -35.55" stroke="#1971c2" stroke-width="1" fill="none"></path></g><g transform="translate(642 409.17504508271804) rotate(0 76 -18.420529801324392)"><path d="M144.29 -16.39 C146.04 -21.58, 149.03 -28.88, 150.3 -35.55 M144.29 -16.39 C145.92 -22.28, 147.3 -27.57, 150.3 -35.55" stroke="#1971c2" stroke-width="1" fill="none"></path></g></g><mask></mask><g stroke-linecap="round"><g transform="translate(55 12.175045082718043) rotate(0 44.5 -0.5)"><path d="M0.94 0.58 C15.7 0.03, 73.15 -1.92, 88 -2.18 M-0.03 -0.16 C15.15 -0.1, 75.22 -1.35, 90.18 -1.25" stroke="#1971c2" stroke-width="1" fill="none"></path></g></g><mask></mask><g transform="translate(10 39.17504508271804) rotate(0 94.38990020751953 12.5)"><text x="0" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#1971c2" text-anchor="start" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">before kubeflow 1.8</text></g><g stroke-linecap="round"><g transform="translate(350.61009979248047 16.262567624076837) rotate(0 44.5 -0.5)"><path d="M-0.77 0.79 C13.81 0.76, 73.4 -0.06, 88.5 -0.48 M1.03 0.15 C15.31 -0.21, 72.55 -2.17, 87.3 -2.33" stroke="#846358" stroke-width="1" fill="none"></path></g></g><mask></mask><g transform="translate(262.61009979248047 44.26256762407684) rotate(0 152.61984252929688 12.5)"><text x="0" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#846358" text-anchor="start" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">kubeflow 1.9 with oauth2 proxy</text></g><g stroke-linecap="round"><g transform="translate(669.6100997924805 15.262567624076837) rotate(0 44.5 -0.5)"><path d="M-0.28 0.75 C14.75 0.59, 74.93 -0.65, 89.73 -1.09 M1.78 0.11 C16.75 0.15, 74.88 0.59, 89.17 0.39" stroke="#9c36b5" stroke-width="1" fill="none"></path></g></g><mask></mask><g transform="translate(623.6100997924805 42.26256762407684) rotate(0 128.70985412597656 12.5)"><text x="0" y="17.619999999999997" font-family="Virgil, Segoe UI Emoji" font-size="20px" fill="#9c36b5" text-anchor="start" style="white-space: pre;" direction="ltr" dominant-baseline="alphabetic">directly use oauth2 proxy</text></g></svg>
\ No newline at end of file