Skip to content

Commit 05900ee

Browse files
zetxqxzetxqx
committed
change to namespaced resources as much as possible.
1 parent f413e5c commit 05900ee

File tree

2 files changed

+31
-24
lines changed

2 files changed

+31
-24
lines changed

config/charts/inferencepool/templates/gke.yaml

Lines changed: 29 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -36,34 +36,39 @@ spec:
3636
logging:
3737
enabled: true # log all requests by default
3838
{{- if .Values.inferenceExtension.monitoring.gke.enabled }}
39-
{{- $saName := printf "%s-metrics-reader-sa" .Release.Name -}}
40-
{{- $secretName := printf "%s-metrics-reader-secret" .Release.Name -}}
41-
{{- $clusterRoleName := printf "%s-%s-metrics-reader" .Release.Namespace .Release.Name -}}
42-
{{- $clusterRoleBindingName := printf "%s-%s-metrics-reader-role-binding" .Release.Namespace .Release.Name -}}
43-
{{- $secretReadClusterRoleName := printf "%s-%s-metrics-reader-secret-read" .Release.Namespace .Release.Name -}}
44-
{{- $gmpCollectorRoleBindingName := printf "gmp-system:collector:%s-%s-metrics-reader-secret-read" .Release.Namespace .Release.Name -}}
39+
{{- $metricsReadSA := printf "%s-metrics-reader-sa" .Release.Name -}}
40+
{{- $metricsReadSecretName := printf "%s-metrics-reader-secret" .Release.Name -}}
41+
{{- $metricsReadRoleName := printf "%s-%s-metrics-reader" .Release.Namespace .Release.Name -}}
42+
{{- $metricsReadRoleBindingName := printf "%s-%s-metrics-reader-role-binding" .Release.Namespace .Release.Name -}}
43+
{{- $secretReadRoleName := printf "%s-metrics-reader-secret-read" .Release.Name -}}
44+
{{- $gmpNamespace := "gmp-system" -}}
45+
{{- if .Values.inferenceExtension.monitoring.gke.autopilot -}}
46+
{{- $gmpNamespace = "gke-gmp-system" -}}
47+
{{- end -}}
48+
{{- $gmpCollectorRoleBindingName := printf "%s:collector:%s-%s-metrics-reader-secret-read" $gmpNamespace .Release.Namespace .Release.Name -}}
4549
---
4650
apiVersion: v1
4751
kind: ServiceAccount
4852
metadata:
49-
name: {{ $saName }}
53+
name: {{ $metricsReadSA }}
5054
namespace: {{ .Release.Namespace }}
5155
---
5256
apiVersion: v1
5357
kind: Secret
5458
metadata:
55-
name: {{ $secretName }}
59+
name: {{ $metricsReadSecretName }}
5660
namespace: {{ .Release.Namespace }}
5761
labels:
5862
{{- include "gateway-api-inference-extension.labels" . | nindent 4 }}
5963
annotations:
60-
kubernetes.io/service-account.name: {{ $saName }}
64+
kubernetes.io/service-account.name: {{ $metricsReadSA }}
6165
type: kubernetes.io/service-account-token
6266
---
6367
apiVersion: monitoring.googleapis.com/v1
64-
kind: ClusterPodMonitoring
68+
kind: PodMonitoring
6569
metadata:
66-
name: {{ .Release.Namespace }}-{{ .Release.Name }}
70+
name: {{ .Release.Name }}
71+
namespace: {{ .Release.Namespace }}
6772
labels:
6873
{{- include "gateway-api-inference-extension.labels" . | nindent 4 }}
6974
spec:
@@ -76,17 +81,16 @@ spec:
7681
type: Bearer
7782
credentials:
7883
secret:
79-
name: {{ $secretName }}
84+
name: {{ $metricsReadSecretName }}
8085
key: token
81-
namespace: {{ .Release.Namespace }}
8286
selector:
8387
matchLabels:
8488
{{- include "gateway-api-inference-extension.selectorLabels" . | nindent 8 }}
8589
---
8690
apiVersion: rbac.authorization.k8s.io/v1
8791
kind: ClusterRole
8892
metadata:
89-
name: {{ $clusterRoleName }}
93+
name: {{ $metricsReadRoleName }}
9094
rules:
9195
- nonResourceURLs:
9296
- /metrics
@@ -96,38 +100,39 @@ rules:
96100
apiVersion: rbac.authorization.k8s.io/v1
97101
kind: ClusterRoleBinding
98102
metadata:
99-
name: {{ $clusterRoleBindingName }}
103+
name: {{ $metricsReadRoleBindingName }}
100104
subjects:
101105
- kind: ServiceAccount
102-
name: {{ $saName }}
106+
name: {{ $metricsReadSA }}
103107
namespace: {{ .Release.Namespace }}
104108
roleRef:
105109
kind: ClusterRole
106-
name: {{ $clusterRoleName }}
110+
name: {{ $metricsReadRoleName }}
107111
apiGroup: rbac.authorization.k8s.io
108112
---
109113
apiVersion: rbac.authorization.k8s.io/v1
110-
kind: ClusterRole
114+
kind: Role
111115
metadata:
112-
name: {{ $secretReadClusterRoleName }}
116+
name: {{ $secretReadRoleName }}
113117
rules:
114118
- resources:
115119
- secrets
116120
apiGroups: [""]
117121
verbs: ["get", "list", "watch"]
118-
resourceNames: [{{ $secretName | quote }}]
122+
resourceNames: [{{ $metricsReadSecretName | quote }}]
119123
---
120124
apiVersion: rbac.authorization.k8s.io/v1
121-
kind: ClusterRoleBinding
125+
kind: RoleBinding
122126
metadata:
123127
name: {{ $gmpCollectorRoleBindingName }}
128+
namespace: {{ .Release.Namespace }}
124129
roleRef:
125-
name: {{ $secretReadClusterRoleName }}
126-
kind: ClusterRole
130+
name: {{ $secretReadRoleName }}
131+
kind: Role
127132
apiGroup: rbac.authorization.k8s.io
128133
subjects:
129134
- name: collector
130-
namespace: gmp-system
135+
namespace: {{ $gmpNamespace }}
131136
kind: ServiceAccount
132137
{{- end }}
133138
{{- end }}

config/charts/inferencepool/values.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,8 @@ inferenceExtension:
5353

5454
gke:
5555
enabled: false
56+
# Set to true if the cluster is an Autopilot cluster.
57+
autopilot: false
5658

5759
inferencePool:
5860
targetPorts:

0 commit comments

Comments
 (0)