Replies: 1 comment 1 reply
-
From next release (hopefully 0.12.1) kserve no longer needs cluster level list/watch for configmaps, serviceaccounts, secrets #3469 |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Since k8s
Secret
s are not encrypted we disabled access to them. Having aServiceAccount
with cluster-widelist
access would break that.We gave
kserve:kserve-controller-manager
secret access for the namespace where the controller runs –kserve
– and the namespace where we createInferenceService
s. I.e. we used a couple ofRoleBinding
s instead ofClusterRoleBinding
to give itSecret
access.The service keeps logging that it needs cluster-wide list access and we don't know how to disable it:
Let me know if you need more context/information.
Thanks in advance.
Beta Was this translation helpful? Give feedback.
All reactions