@@ -665,7 +665,33 @@ func (feast *FeastServices) setService(svc *corev1.Service, feastType FeastServi
665665 if len (svc .Annotations ) == 0 {
666666 svc .Annotations = map [string ]string {}
667667 }
668- svc .Annotations ["service.beta.openshift.io/serving-cert-secret-name" ] = svc .Name + tlsNameSuffix
668+
669+ // For registry services, we need special handling based on which services are enabled
670+ if feastType == RegistryFeastType && feast .isRegistryServer () {
671+ grpcEnabled := feast .isRegistryGrpcEnabled ()
672+ restEnabled := feast .isRegistryRestEnabled ()
673+
674+ if grpcEnabled && restEnabled {
675+ // Both services enabled: Use gRPC service name as primary, add REST as SAN
676+ grpcSvcName := feast .initFeastSvc (RegistryFeastType ).Name
677+ svc .Annotations ["service.beta.openshift.io/serving-cert-secret-name" ] = grpcSvcName + tlsNameSuffix
678+
679+ // Add Subject Alternative Names (SANs) for both services
680+ grpcHostname := grpcSvcName + "." + svc .Namespace + ".svc.cluster.local"
681+ restHostname := feast .GetFeastRestServiceName (RegistryFeastType ) + "." + svc .Namespace + ".svc.cluster.local"
682+ svc .Annotations ["service.beta.openshift.io/serving-cert-sans" ] = grpcHostname + "," + restHostname
683+ } else if grpcEnabled && ! restEnabled {
684+ // Only gRPC enabled: Use gRPC service name
685+ grpcSvcName := feast .initFeastSvc (RegistryFeastType ).Name
686+ svc .Annotations ["service.beta.openshift.io/serving-cert-secret-name" ] = grpcSvcName + tlsNameSuffix
687+ } else if ! grpcEnabled && restEnabled {
688+ // Only REST enabled: Use REST service name
689+ svc .Annotations ["service.beta.openshift.io/serving-cert-secret-name" ] = svc .Name + tlsNameSuffix
690+ }
691+ } else {
692+ // Standard behavior for non-registry services
693+ svc .Annotations ["service.beta.openshift.io/serving-cert-secret-name" ] = svc .Name + tlsNameSuffix
694+ }
669695 }
670696
671697 var port int32 = HttpPort
0 commit comments