Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document annotation for namespaces with anyuid enbled #25

Closed
israel-hdez opened this issue Jul 12, 2023 · 4 comments
Closed

Document annotation for namespaces with anyuid enbled #25

israel-hdez opened this issue Jul 12, 2023 · 4 comments
Assignees
@israel-hdez
Labels
good first issue Good for newcomers kind/documentation Improvements or additions to documentation

Comments

@israel-hdez
Copy link

In pull request #18 it was introduced some code to automatically set the UID of the storage-initializer container, so that it runs properly when using Maistra and OpenShift.

For namespaces that forbid running containers with anyuid, the mesh sidecar runs with the project allowed range +1. For namespaces that alloq running containers with anyuid, the mesh sidecar runs with 1337 uid.

The controller always assumes that anyuid is forbidden. So, if the namespace enabled anyuid, the storage-initializer may still fail. However, the end-user can still override which UID is used via an annotation and this can be used as a workaround. Some documentation should state this.
@israel-hdez israel-hdez added the kind/documentation Improvements or additions to documentation label Jul 12, 2023
@israel-hdez israel-hdez mentioned this issue Jul 12, 2023
Closed
@Xaenalt
Copy link

Xaenalt commented Jul 13, 2023

@israel-hdez Is this still needed or has the anyuid fix now made this issue obsolete?

@israel-hdez
Copy link
Author

israel-hdez commented Jul 13, 2023
edited

@israel-hdez Is this still needed or has the anyuid fix now made this issue obsolete?

It is still needed for the (corner, for us) use-case of a namespace having the anyuid privilege. If this happens, the user needs to manually add an annotation on the ISVC.

@Xaenalt Xaenalt added the good first issue Good for newcomers label Jul 25, 2023
israel-hdez pushed a commit to israel-hdez/kserve that referenced this issue Oct 24, 2023
@openshift-ci
Merge pull request opendatahub-io#25 from israel-hdez/1-34-sync
fd8f121 
Manual 1.34 sync
@israel-hdez
Copy link
Author

Related upstream PR: kserve#3316.
If the upstream PR is accepted, changes in #18 can be reverted and we can drop this ticket.

cc @ReToCode @skonto

Jooho pushed a commit to Jooho/kserve that referenced this issue Jan 11, 2024
@Xaenalt
Merge pull request opendatahub-io#25 from Xaenalt/main
7298c57 
Upstream sync using caikit-nlp:88fd6432366fa4e1b3d5dc086e70ad5d6899368b
@israel-hdez
Copy link
Author

Closing, because kserve#3316 was accepted, and this is no longer needed.

@israel-hdez israel-hdez closed this as not planned Won't fix, can't repro, duplicate, stale Feb 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@israel-hdez israel-hdez

Labels
good first issue Good for newcomers kind/documentation Improvements or additions to documentation
Projects
Internal tracking
Status: Done
ODH Feature Tracking
Status: No status
ODH Model Serving Planning
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Xaenalt @israel-hdez