search

kserve / kserve

Standardized Serverless ML Inference Platform on Kubernetes
https://kserve.github.io/website/
Apache License 2.0
3.46k stars 1.03k forks source link

PVC volume mount is not supporting readOnly: false #2975

Open Agarwal-Saurabh opened 1 year ago

Agarwal-Saurabh commented 1 year ago

I am trying to deploy kserve inference service over knative and mounting PVC on it. But the readOnly is coming as true even if its made false while deploying.

Also is there a way to change default value of readOnly to false instead true for PVC sharing here the yaml for reference

apiVersion: serving.kserve.io/v1beta1
kind: InferenceService

metadata:
  name: "hatest"
  annotations:
    autoscaling.knative.dev/target: "10"
    autoscaling.knative.dev/target-utilization-percentage: "80"

spec:
  predictor:
    volumes:
      - name: nfs1
        persistentVolumeClaim:
          claimName: nfs
          readOnly: False
    timeout: 600
    minReplicas: 1
    maxReplicas: 10
    imagePullSecrets:
        - name: gcr-secret
    containers:
      - name: "cls"
        image: docker.io/name:latest
        imagePullPolicy: Always
        securityContext:
          runAsNonRoot: false
          readOnlyRootFilesystem: false
          allowPrivilegeEscalation: true
        resources:
          limits:
            cpu: 2
            memory: 4Gi
          requests:
            cpu: 1
            memory: 2Gi
        volumeMounts:
          - name: nfs1
            readOnly: False
            mountPath: "/mnt/nfs"

        readinessProbe:
          httpGet:
            path: /v1/models/upscale
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 120
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 3
          failureThreshold: 3
jaeuHeo commented 2 months ago

Hi, @Agarwal-Saurabh

It seems that the issue is closed, but I'm sharing the solution.

We have to customize the controller in the kserve project.

The process of solving the problem is as follows.

First, create an isvc and check if readonly is actually applied to kubectl get isvc. Probably, isvc is not only declared as readonly.

Next, check ksvc. At this time, ksvc is declared as read only true. When I check the configuration, it's also true.

We can predict the problem situation in this part. By default, kserve, which takes advantage of the native, detects changes to resources through the controller and prevents them from being restored or modified.

So, we need to look at the ksvc reconciler part. The path is as follows.

pkg/controller/v1beta1/inferenceservice/reconcilers/knative/ksvc_reconciler.go

If you look at the createKnativeService function, you see service.SetDefaults (context.TODO()) in the very last line. This is a method that sets default values for service objects in NativeServing. Let's remove this part, in annotation.

Then build the controller docker image and deploy it and re-deploy the isvc!

hfeng101 commented 1 month ago

I am trying to deploy kserve inference service over knative and mounting PVC on it. But the readOnly is coming as true even if its made false while deploying.

Also is there a way to change default value of readOnly to false instead true for PVC sharing here the yaml for reference

apiVersion: serving.kserve.io/v1beta1
kind: InferenceService

metadata:
  name: "hatest"
  annotations:
    autoscaling.knative.dev/target: "10"
    autoscaling.knative.dev/target-utilization-percentage: "80"

spec:
  predictor:
    volumes:
      - name: nfs1
        persistentVolumeClaim:
          claimName: nfs
          readOnly: False
    timeout: 600
    minReplicas: 1
    maxReplicas: 10
    imagePullSecrets:
        - name: gcr-secret
    containers:
      - name: "cls"
        image: docker.io/name:latest
        imagePullPolicy: Always
        securityContext:
          runAsNonRoot: false
          readOnlyRootFilesystem: false
          allowPrivilegeEscalation: true
        resources:
          limits:
            cpu: 2
            memory: 4Gi
          requests:
            cpu: 1
            memory: 2Gi
        volumeMounts:
          - name: nfs1
            readOnly: False
            mountPath: "/mnt/nfs"

        readinessProbe:
          httpGet:
            path: /v1/models/upscale
            port: 8080
            scheme: HTTP
          initialDelaySeconds: 120
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 3
          failureThreshold: 3

i'm face to the same question

hfeng101 commented 1 month ago

any available solutions ??

jaeuHeo commented 1 month ago

any available solutions ??

Would modifying the pkg/controller/v1beta1/inferenceservice/reconcilers/knative/ksvc_reconciler.go file in the kserve controller not work?