Skip to content

Update kserve/kserve manifests from v0.16.0 #3290

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
juliusvonkohout wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update kserve/kserve manifests from v0.16.0 #3290

juliusvonkohout wants to merge 1 commit into from

Conversation

@juliusvonkohout
Copy link
Member

@juliusvonkohout juliusvonkohout commented Nov 28, 2025

@google-oss-prow
Copy link

google-oss-prow bot commented Nov 28, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from juliusvonkohout. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
Comment on lines +2002 to +2004
- IPC_LOCK
- SYS_RAWIO
- NET_RAW
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That looks very dangerous and must be disabled

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That looks very dangerous and must be disabled

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
kind: LLMInferenceServiceConfig
metadata:
name: kserve-config-llm-worker-data-parallel
namespace: kserve
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
kind: LLMInferenceServiceConfig
metadata:
name: kserve-config-llm-template
namespace: kserve
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
kind: LLMInferenceServiceConfig
metadata:
name: kserve-config-llm-scheduler
namespace: kserve
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know why there is a namespace-level resource in the upstream file cluster-resources ? @yuzisun @terrytangyuan

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
kind: LLMInferenceServiceConfig
metadata:
name: kserve-config-llm-router-route
namespace: kserve
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know why there is a namespace-level resource in the upstream file cluster-resources ?

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
Comment on lines +1495 to +1501
- IPC_LOCK
- SYS_RAWIO
- NET_RAW
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
Comment on lines +1356 to +1362
- IPC_LOCK
- SYS_RAWIO
- NET_RAW
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
Comment on lines +1107 to +1113
- IPC_LOCK
- SYS_RAWIO
- NET_RAW
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
Comment on lines +917 to +923
- IPC_LOCK
- SYS_RAWIO
- NET_RAW
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

juliusvonkohout
juliusvonkohout commented Nov 28, 2025
View reviewed changes
applications/kserve/kserve/kserve-cluster-resources.yaml
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: false
Copy link
Member Author

@juliusvonkohout juliusvonkohout Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete this insecure resource and make sure that only the kubeflow namespace is used. Maybe by adding namespace=kubeflow in the overlay.

@juliusvonkohout
Copy link
Member Author

juliusvonkohout commented Nov 28, 2025

The kserve 0.16.0 release looks severely broken, maybe i should try 0.15.2 https://github.com/kserve/kserve/releases/tag/v0.15.2 first.

@juliusvonkohout juliusvonkohout mentioned this pull request Dec 1, 2025
Merged
@juhyeon-cha
Copy link

juhyeon-cha commented Dec 5, 2025

fyi: llmisvc in kserve 0.16.0 added several dependent components.

Related information can be found at the link below:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kimwnasptd kimwnasptd Awaiting requested review from kimwnasptd

@yuzisun yuzisun Awaiting requested review from yuzisun

Assignees

No one assigned

Labels

size/XXL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@juliusvonkohout @juhyeon-cha