24 May 2022 |
_slack_kubeflow_U9UFLSBM4 | We even tried uninstalling "everything" and re-installing, but we can't seem to get the init-container to happen....no errors in any place we've looked so far | 16:22:39 |
_slack_kubeflow_U9UFLSBM4 | Oh...interesting...her project does have the control-plane: controller-manager label | 16:28:55 |
_slack_kubeflow_U9UFLSBM4 | Thanks Dan Sun that was it. Somehow, she tried in the one project that would NOT work. | 16:32:28 |
Dan Sun | ye the pod mutator webhook checks the namespace label
https://github.com/kserve/kserve/blob/master/config/webhook/manifests.yaml#L40 | 16:37:15 |
Rachit Chauhan | I observed there are 3 PeerAuthentication policies that are being created as part of knative istio controller (https://github.com/knative/serving/blob/591e12dafbcb79a34e0a3bdc586d408b2830aef1/third_party/istio-latest/net-istio.yaml
lines 203, 222, 240).
Why these webhooks deployments getting istio’s sidecars injected ? Which other components are calling them apart from kube-apiserver ? | 23:28:33 |
25 May 2022 |
Dan Sun | As the comment says these policies are created to work with both mesh and non mesh mode in case sidecar is injected | 04:23:18 |
zorba(손주형) | I think this is bug.
I’m using fake client with NewSimpleClientset .
and testing InferenceService.List function
list, err := suite.fakeClient.InferenceService.List(v12.ListOptions{})
s.NoError(err)
this error occurs
no kind "InferenceServiceList" is registered for version "serving/v1beta1" in scheme "pkg/runtime/scheme.go:100" | 11:06:48 |
Shri Javadekar | Hey everyone..
I missed the community meeting today 😞
What's the zoom link for the community meeting? The doc only shows a Google meet link. Also, are the community meeting recordings available somewhere? | 17:04:14 |
| Sree joined the room. | 19:10:50 |
Dan Sun | We are in progress of migrating to zoom from gmeet, hopefully we can get recordings there | 19:16:28 |
Shri Javadekar | Got it.. What is the Zoom link for the meetings right now? I want to join the meetings. | 19:42:10 |
Dan Sun | it is the gmeet link on the doc | 19:46:01 |
Rachit Chauhan | Dan Sun: found the detailed reasoning why they still want sidecars even though the communication will not be over TLS (as it’s PERMISSIVE )
https://github.com/knative-sandbox/net-istio/issues/150
Not having sidecars will lead to loss of metrics.
ref: this comment | 21:34:45 |
Dan Sun | ye if you have strict security and audit requirement, you would need the sidecar | 21:41:22 |
Rachit Chauhan | For audits => logs and metrics
But for security purposes, STRICT was expected but it would cause failure as kube-apiserver is not part of the mesh and doesn’t have envoy | 21:43:47 |
Dan Sun | ye that makes sense | 21:51:41 |
26 May 2022 |
| _slack_kubeflow_U03H27PMSMR joined the room. | 06:03:04 |
| Kuba Dawczynski joined the room. | 08:13:24 |
| Kuba Dawczynski changed their display name from _slack_kubeflow_U03HSETDZPA to Kuba Dawczynski. | 09:07:31 |
| Kuba Dawczynski set a profile picture. | 09:07:32 |
Kuba Dawczynski | Hi everyone.
I have one question maybe someone already had this issue.
We are using kubeflow 1.4 and when we create new InferenceService, kserver is creating new virtual service with internal and external endpoint
where external endpoint is looking like
http://{name_of_model}.{namespace}.{domain}
unfortunately our network setup is a little bit complex and we would like to expose it like:
http://{domain}/{namespace}/{name_of_model}
I've tried to dig in this channel and github to get some information but i haven't found nothing | 09:07:33 |
| John Paulett joined the room. | 10:59:09 |
Alexandre Brown | Hello, maybe try modifying the domain template to replace the . with /
kubectl edit configmap config-network -n knative-serving | 11:19:05 |
| John Paulett changed their display name from _slack_kubeflow_U01B8DPEY01 to John Paulett. | 11:19:41 |
| John Paulett set a profile picture. | 11:19:43 |
Kuba Dawczynski | there was my idea also, but no luck 😕
i've putted
domainTemplate: "{{.Domain}}/{{.Namespace}}/{{.Name}}"
also i've tried to add - instead of / but this not change anything | 12:50:14 |
Alexandre Brown | Have you tried deploying a new inference service after applying the changes ? (not patching an existing deployment) | 12:51:25 |
Kuba Dawczynski | yes, i created new inference service couple of times, and i also recreated kserver itself
and it like for domain change in domain config file everyting went well that for this i don't see any changes
unless i'm doing something wrong in config-network cm
apiVersion: v1
data:
mydomain.com: ,
domainTemplate: "{{.Domain}}/{{.Namespace}}/{{.Name}}"
where in mydomain.com i've putted domain which i'm using in config-domain cm | 12:56:33 |
Alexandre Brown | On my side I didn't put the mydomain.com inside this config map, I put inside
kubectl edit configmap config-domain -n knative-serving
Perhaps you can try moving mydomain.com to this config map and only modifying the domain template in the config-network configmap ?
kubectl edit configmap config-network -n knative-serving | 13:02:28 |
Kuba Dawczynski | ok but as default in config-network configimap
apiVersion: v1
data:
_example: , | 13:04:43 |