forked from kserve/kserve
-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Augments the `default` profile with some changes expected by an ODH installation: * Removes the `Namespace` CR, because the ODH operator does not expect such resource. The Namespace is expected to be created in advance to later create a KfDef on it, where resources are going to be installed. * Adds cluster roles, to extend the cluster's default user-facing roles with KServe privileges. Signed-off-by: Edgar Hernández <23639005+israel-hdez@users.noreply.github.com>
- Loading branch information
1 parent
23c823c
commit 50d33ed
Showing
3 changed files
with
72 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: kustomize.config.k8s.io/v1beta1 | ||
kind: Kustomization | ||
|
||
resources: | ||
- ../../default | ||
- user-cluster-roles.yaml | ||
|
||
patchesStrategicMerge: | ||
- remove-namespace.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
# Remove namespace resource as namespace will already exist. | ||
$patch: delete | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: kserve |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: kserve-admin | ||
labels: | ||
rbac.authorization.k8s.io/aggregate-to-admin: "true" | ||
aggregationRule: | ||
clusterRoleSelectors: | ||
- matchLabels: | ||
rbac.authorization.k8s.io/aggregate-to-kserve-admin: "true" | ||
rules: [] | ||
|
||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: kserve-edit | ||
labels: | ||
rbac.authorization.k8s.io/aggregate-to-edit: "true" | ||
rbac.authorization.k8s.io/aggregate-to-kserve-admin: "true" | ||
rules: | ||
- apiGroups: | ||
- serving.kserve.io | ||
resources: | ||
- inferenceservices | ||
- servingruntimes | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
|
||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRole | ||
metadata: | ||
name: kserve-view | ||
labels: | ||
rbac.authorization.k8s.io/aggregate-to-view: "true" | ||
rules: | ||
- apiGroups: | ||
- kubeflow.org | ||
resources: | ||
- servingruntimes | ||
- servingruntimes/status | ||
- servingruntimes/finalizers | ||
- inferenceservices | ||
- inferenceservices/status | ||
- inferenceservices/finalizers | ||
verbs: | ||
- get | ||
- list | ||
- watch |