# network-policy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-egress
namespace: kserve-test
spec:
podSelector: {}
policyTypes:
- Egress
egress:
- {} # 모든 외부 연결 허용
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-all-ingress
namespace: kserve-test
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- {} # 모든 내부 연결 허용# 1. KServe 네임스페이스 생성
apiVersion: v1
kind: Namespace
metadata:
name: kserve-test
---
# 2. ServiceAccount 생성 (모델 다운로드를 위한 권한)
apiVersion: v1
kind: ServiceAccount
metadata:
name: model-loader
namespace: kserve-test
---
# 3. Role 생성
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: model-loader-role
namespace: kserve-test
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["create", "get", "list", "watch"]
- apiGroups: ["serving.kserve.io"]
resources: ["inferenceservices"]
verbs: ["create", "get", "list", "watch"]
---
# 4. RoleBinding 생성
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: model-loader-binding
namespace: kserve-test
subjects:
- kind: ServiceAccount
name: model-loader
namespace: kserve-test
roleRef:
kind: Role
name: model-loader-role
apiGroup: rbac.authorization.k8s.io
---
# 5. InferenceService 배포
apiVersion: serving.kserve.io/v1beta1
kind: InferenceService
metadata:
name: sklearn-from-uri
namespace: kserve-test
spec:
predictor:
serviceAccountName: model-loader
model:
modelFormat:
name: sklearn
storageUri: "https://github.com/tduffy000/kfserving-uri-examples/blob/master/sklearn/frozen/model.joblib?raw=true"
# storageUri: "https://raw.githubusercontent.com/tduffy000/kfserving-uri-examples/master/sklearn/frozen/model.joblib"
---
# 6. 추론 요청을 위한 샘플 Input (input.json)
{
"instances": [
[6.8, 2.8, 4.8, 1.4],
[6.0, 3.4, 4.5, 1.6]
]
}
https://github.com/min731