New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document annotation for namespaces with anyuid
enbled
#25
Comments
@israel-hdez Is this still needed or has the anyuid fix now made this issue obsolete? |
It is still needed for the (corner, for us) use-case of a namespace having the |
Manual 1.34 sync
Related upstream PR: kserve#3316. |
Upstream sync using caikit-nlp:88fd6432366fa4e1b3d5dc086e70ad5d6899368b
Closing, because kserve#3316 was accepted, and this is no longer needed. |
In pull request #18 it was introduced some code to automatically set the UID of the storage-initializer container, so that it runs properly when using Maistra and OpenShift.
For namespaces that forbid running containers with
anyuid
, the mesh sidecar runs with the project allowed range +1. For namespaces that alloq running containers withanyuid
, the mesh sidecar runs with1337
uid.The controller always assumes that
anyuid
is forbidden. So, if the namespace enabledanyuid
, the storage-initializer may still fail. However, the end-user can still override which UID is used via an annotation and this can be used as a workaround. Some documentation should state this.The text was updated successfully, but these errors were encountered: