Is there a way to make the controller list the secrets only for certain namespace/s?

[superfav]

Since k8s Secrets are not encrypted we disabled access to them. Having a ServiceAccount with cluster-wide list access would break that.
We gave kserve:kserve-controller-manager secret access for the namespace where the controller runs –kserve– and the namespace where we create InferenceServices. I.e. we used a couple of RoleBindings instead of ClusterRoleBinding to give it Secret access.
The service keeps logging that it needs cluster-wide list access and we don't know how to disable it:

W0403 08:46:23.594462       1 reflector.go:324] k8s.io/client-go@v0.23.9/tools/cache/reflector.go:167: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:kserve:kserve-controller-manager" cannot list resource "secrets" in API group "" at the cluster scope
E0403 08:46:23.594533       1 reflector.go:138] k8s.io/client-go@v0.23.9/tools/cache/reflector.go:167: Failed to watch *v1.Secret: failed to list *v1.Secret: secrets is forbidden: User "system:serviceaccount:kserve:kserve-controller-manager" cannot list resource "secrets" in API group "" at the cluster scope

Let me know if you need more context/information.
Thanks in advance.

[sivanantha321]

From next release (hopefully 0.12.1) kserve no longer needs cluster level list/watch for configmaps, serviceaccounts, secrets #3469

[superfav]

That would be great. Thanks for the update.