Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[helm-charts] Expose service account #532

Open
poussa opened this issue Nov 7, 2024 · 0 comments · May be fixed by #617, #618, #619 or #620
Open

[helm-charts] Expose service account #532

poussa opened this issue Nov 7, 2024 · 0 comments · May be fixed by #617, #618, #619 or #620
Assignees
@lianhao
Milestone
v1.2

Comments

@poussa
Copy link
Collaborator

poussa commented Nov 7, 2024

In order to make OPEA deployments easier and more secure the service account (SA) needs to be exposed to deployments. Especially to those accessing the model data (e.g. tgi). In CSP environments (e.g. Google cloud), the model data is often stored in a cloud service (e.g., Google Cloud Storage (gcs)). Pod access to these services are managed via SAs. Special SAs are created and granted access. We don't want to use default SA since it gives all pods access, which is unnecessary.

Currently, there is no way to set the SA for any deployments.

In general, it would be good if all the helm charts settings are based on what comes out from helm create. The settings are there for a reason.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lianhao lianhao

Labels
None yet
Projects
None yet
Milestone
v1.2
3 participants
@poussa @lianhao @yongfengdu