# mlflow

MLflow tracking server + model registry. Used by data scientists running experiments from JupyterHub or local laptops. **Cloud-only.**

- **Networks**: `app` (UI on port 5000, reverse-proxied at `/mlflow` or subdomain) + `data` (postgres backend in `sql`)
- **Backend store**: postgres database `mlflow` — must be provisioned by `sql/config/init.d/`
- **Artifact store**: local volume `mlflow-artifacts`. Switch to S3/MinIO when artifact volume grows beyond a few GB.
- **TODO**:
  - Provision `mlflow` DB + role in `sql` init scripts
  - Keycloak OIDC via nginx `auth_request` (MLflow has no native auth — must front-end it)
  - MinIO sidecar for S3-compatible artifact store
  - Retention / cleanup policy for stale runs