adding tls config for ui

redhatHameed · redhatHameed · commit f3c3d61e2a48 · 2025-01-23T11:13:33.000-05:00
Signed-off-by: Abdul Hameed &lt;ahameed@redhat.com&gt;
diff --git a/infra/feast-operator/config/samples/v1alpha1_featurestore_openshift_tls_disable.yaml b/infra/feast-operator/config/samples/v1alpha1_featurestore_openshift_tls_disable.yaml
@@ -0,0 +1,21 @@
+# The "tls.disable = true" setting will disable the creation of TLS for the Feast services in an OpenShift environment.
+apiVersion: feast.dev/v1alpha1
+kind: FeatureStore
+metadata:
+  name: sample-services-tls-disable
+spec:
+  feastProject: my_project
+  services:
+    onlineStore:
+      tls:
+        disable : true
+    offlineStore:
+      tls:
+        disable: true
+    ui:
+      tls:
+        disable: true
+    registry:
+      local:
+        tls:
+          disable: true
diff --git a/infra/feast-operator/dist/install.yaml b/infra/feast-operator/dist/install.yaml
diff --git a/infra/feast-operator/internal/controller/featurestore_controller.go b/infra/feast-operator/internal/controller/featurestore_controller.go
@@ -155,7 +155,7 @@ func (r *FeatureStoreReconciler) deployFeast(ctx context.Context, cr *feastdevv1
 
 // SetupWithManager sets up the controller with the Manager.
 func (r *FeatureStoreReconciler) SetupWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewControllerManagedBy(mgr).
+	bldr := ctrl.NewControllerManagedBy(mgr).
 		For(&feastdevv1alpha1.FeatureStore{}).
 		Owns(&corev1.ConfigMap{}).
 		Owns(&appsv1.Deployment{}).
@@ -164,9 +164,13 @@ func (r *FeatureStoreReconciler) SetupWithManager(mgr ctrl.Manager) error {
 		Owns(&corev1.ServiceAccount{}).
 		Owns(&rbacv1.RoleBinding{}).
 		Owns(&rbacv1.Role{}).
-		Owns(&routev1.Route{}).
-		Watches(&feastdevv1alpha1.FeatureStore{}, handler.EnqueueRequestsFromMapFunc(r.mapFeastRefsToFeastRequests)).
-		Complete(r)
+		Watches(&feastdevv1alpha1.FeatureStore{}, handler.EnqueueRequestsFromMapFunc(r.mapFeastRefsToFeastRequests))
+	if services.IsOpenShift() {
+		bldr = bldr.Owns(&routev1.Route{})
+	}
+
+	return bldr.Complete(r)
+
 }
 
 // if a remotely referenced FeatureStore is changed, reconcile any FeatureStores that reference it.
diff --git a/infra/feast-operator/internal/controller/services/repo_config_test.go b/infra/feast-operator/internal/controller/services/repo_config_test.go
@@ -371,6 +371,7 @@ func minimalFeatureStoreWithAllServices() *feastdevv1alpha1.FeatureStore {
 		OfflineStore: &feastdevv1alpha1.OfflineStore{},
 		OnlineStore:  &feastdevv1alpha1.OnlineStore{},
 		Registry:     &feastdevv1alpha1.Registry{},
+		UI:           &feastdevv1alpha1.UIService{},
 	}
 	return feast
 }
diff --git a/infra/feast-operator/internal/controller/services/services.go b/infra/feast-operator/internal/controller/services/services.go
@@ -240,7 +240,7 @@ func (feast *FeastServices) removeRoute(feastType FeastServiceType) error {
 		return nil
 	}
 	route := feast.initRoute(feastType)
-	if err := feast.Handler.DeleteOwnedFeastObj(route); err != nil && !apierrors.IsNotFound(err) {
+	if err := feast.Handler.DeleteOwnedFeastObj(route); err != nil {
 		return err
 	}
 	return nil
@@ -423,15 +423,11 @@ func (feast *FeastServices) setContainer(containers *[]corev1.Container, feastTy
 }
 
 func (feast *FeastServices) setRoute(route *routev1.Route, feastType FeastServiceType) error {
+
 	svcName := feast.GetFeastServiceName(feastType)
 	route.Labels = feast.getFeastTypeLabels(feastType)
 
 	tls := feast.getTlsConfigs(feastType)
-	/*	scheme := HttpScheme
-		if tls.IsTLS() {
-			scheme = HttpsScheme
-		}*/
-
 	route.Spec = routev1.RouteSpec{
 		To: routev1.RouteTargetReference{
 			Kind: "Service",
@@ -440,9 +436,12 @@ func (feast *FeastServices) setRoute(route *routev1.Route, feastType FeastServic
 		Port: &routev1.RoutePort{
 			TargetPort: intstr.FromInt(int(getTargetPort(feastType, tls))),
 		},
-		TLS: &routev1.TLSConfig{
-			Termination: routev1.TLSTerminationEdge,
-		},
+	}
+	if tls.IsTLS() {
+		route.Spec.TLS = &routev1.TLSConfig{
+			Termination:                   routev1.TLSTerminationPassthrough,
+			InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect,
+		}
 	}
 
 	return controllerutil.SetControllerReference(feast.Handler.FeatureStore, route, feast.Handler.Scheme)
diff --git a/infra/feast-operator/internal/controller/services/tls.go b/infra/feast-operator/internal/controller/services/tls.go
@@ -37,6 +37,9 @@ func (feast *FeastServices) setTlsDefaults() error {
 	if feast.isLocalRegistry() {
 		tlsDefaults(appliedServices.Registry.Local.TLS)
 	}
+	if feast.isUI() {
+		tlsDefaults(appliedServices.UI.TLS)
+	}
 	return nil
 }
 
@@ -56,6 +59,14 @@ func (feast *FeastServices) setOpenshiftTls() error {
 			},
 		}
 	}
+	if feast.uiOpenshiftTls() {
+		appliedServices.UI.TLS = &feastdevv1alpha1.TlsConfigs{
+			SecretRef: &corev1.LocalObjectReference{
+				Name: feast.initFeastSvc(UIFeastType).Name + tlsNameSuffix,
+			},
+		}
+	}
+
 	if feast.localRegistryOpenshiftTls() {
 		appliedServices.Registry.Local.TLS = &feastdevv1alpha1.TlsConfigs{
 			SecretRef: &corev1.LocalObjectReference{
@@ -79,7 +90,7 @@ func (feast *FeastServices) setOpenshiftTls() error {
 }
 
 func (feast *FeastServices) checkOpenshiftTls() (bool, error) {
-	if feast.offlineOpenshiftTls() || feast.onlineOpenshiftTls() || feast.localRegistryOpenshiftTls() {
+	if feast.offlineOpenshiftTls() || feast.onlineOpenshiftTls() || feast.localRegistryOpenshiftTls() || feast.uiOpenshiftTls() {
 		return true, nil
 	}
 	return feast.remoteRegistryOpenshiftTls()
@@ -93,7 +104,10 @@ func (feast *FeastServices) isOpenShiftTls(feastType FeastServiceType) (isOpenSh
 		isOpenShift = feast.onlineOpenshiftTls()
 	case RegistryFeastType:
 		isOpenShift = feast.localRegistryOpenshiftTls()
+	case UIFeastType:
+		isOpenShift = feast.uiOpenshiftTls()
 	}
+
 	return
 }
 
@@ -132,6 +146,12 @@ func (feast *FeastServices) onlineOpenshiftTls() bool {
 		feast.isOnlinStore() && feast.Handler.FeatureStore.Spec.Services.OnlineStore.TLS == nil
 }
 
+// True if running in an openshift cluster and Tls not configured in the service Spec
+func (feast *FeastServices) uiOpenshiftTls() bool {
+	return isOpenShift &&
+		feast.isUI() && feast.Handler.FeatureStore.Spec.Services.UI.TLS == nil
+}
+
 // True if running in an openshift cluster and Tls not configured in the service Spec
 func (feast *FeastServices) localRegistryOpenshiftTls() bool {
 	return isOpenShift &&
@@ -180,6 +200,7 @@ func (feast *FeastServices) mountTlsConfigs(podSpec *corev1.PodSpec) {
 	feast.mountRegistryClientTls(podSpec)
 	feast.mountTlsConfig(OfflineFeastType, podSpec)
 	feast.mountTlsConfig(OnlineFeastType, podSpec)
+	feast.mountTlsConfig(UIFeastType, podSpec)
 }
 
 func (feast *FeastServices) mountTlsConfig(feastType FeastServiceType, podSpec *corev1.PodSpec) {
diff --git a/infra/feast-operator/internal/controller/services/tls_test.go b/infra/feast-operator/internal/controller/services/tls_test.go
@@ -63,6 +63,8 @@ var _ = Describe("TLS Config", func() {
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
+
 			openshiftTls, err := feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(openshiftTls).To(BeFalse())
@@ -79,6 +81,9 @@ var _ = Describe("TLS Config", func() {
 			tls = feast.getTlsConfigs(OnlineFeastType)
 			Expect(tls).To(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).To(BeNil())
+			Expect(tls.IsTLS()).To(BeFalse())
 			tls = feast.getTlsConfigs(RegistryFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeTrue())
@@ -90,7 +95,9 @@ var _ = Describe("TLS Config", func() {
 			Expect(feast.localRegistryTls()).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeTrue())
+
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(openshiftTls).To(BeTrue())
@@ -124,12 +131,19 @@ var _ = Describe("TLS Config", func() {
 			Expect(tls.SecretRef.Name).To(Equal("feast-test-registry-tls"))
 			Expect(tls.SecretKeyNames).To(Equal(secretKeyNames))
 			Expect(tls.IsTLS()).To(BeTrue())
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).NotTo(BeNil())
+			Expect(tls.SecretRef).NotTo(BeNil())
+			Expect(tls.SecretRef.Name).To(Equal("feast-test-ui-tls"))
+			Expect(tls.SecretKeyNames).To(Equal(secretKeyNames))
+			Expect(tls.IsTLS()).To(BeTrue())
 
 			Expect(feast.remoteRegistryTls()).To(BeFalse())
 			Expect(feast.localRegistryTls()).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeTrue())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeTrue())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeTrue())
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(openshiftTls).To(BeTrue())
@@ -139,18 +153,22 @@ var _ = Describe("TLS Config", func() {
 			err = feast.setDeployment(feastDeploy)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(feastDeploy.Spec.Template.Spec.InitContainers).To(HaveLen(1))
-			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(3))
+			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(4))
 			Expect(feastDeploy.Spec.Template.Spec.Containers[0].Command).To(ContainElements(ContainSubstring("--key")))
 			Expect(feastDeploy.Spec.Template.Spec.Containers[1].Command).To(ContainElements(ContainSubstring("--key")))
 			Expect(feastDeploy.Spec.Template.Spec.Containers[2].Command).To(ContainElements(ContainSubstring("--key")))
-			Expect(feastDeploy.Spec.Template.Spec.Volumes).To(HaveLen(4))
+			Expect(feastDeploy.Spec.Template.Spec.Containers[3].Command).To(ContainElements(ContainSubstring("--key")))
+			Expect(feastDeploy.Spec.Template.Spec.Volumes).To(HaveLen(5))
 
 			// registry service w/ tls and in an openshift cluster
 			feast.Handler.FeatureStore = minimalFeatureStore()
 			feast.Handler.FeatureStore.Spec.Services = &feastdevv1alpha1.FeatureStoreServices{
 				OnlineStore: &feastdevv1alpha1.OnlineStore{
 					TLS: &feastdevv1alpha1.TlsConfigs{},
 				},
+				UI: &feastdevv1alpha1.UIService{
+					TLS: &feastdevv1alpha1.TlsConfigs{},
+				},
 				Registry: &feastdevv1alpha1.Registry{
 					Local: &feastdevv1alpha1.LocalRegistryConfig{
 						TLS: &feastdevv1alpha1.TlsConfigs{
@@ -171,17 +189,20 @@ var _ = Describe("TLS Config", func() {
 			tls = feast.getTlsConfigs(OnlineFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).NotTo(BeNil())
+			Expect(tls.IsTLS()).To(BeFalse())
 			tls = feast.getTlsConfigs(RegistryFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeTrue())
 			Expect(tls.SecretKeyNames).NotTo(Equal(secretKeyNames))
 			Expect(getPortStr(tls)).To(Equal("443"))
 			Expect(GetTlsPath(RegistryFeastType)).To(Equal("/tls/registry/"))
-
 			Expect(feast.remoteRegistryTls()).To(BeFalse())
 			Expect(feast.localRegistryTls()).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeFalse())
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
@@ -193,6 +214,9 @@ var _ = Describe("TLS Config", func() {
 			feast.Handler.FeatureStore.Spec.Services.OnlineStore.TLS = &feastdevv1alpha1.TlsConfigs{
 				Disable: &disable,
 			}
+			feast.Handler.FeatureStore.Spec.Services.UI.TLS = &feastdevv1alpha1.TlsConfigs{
+				Disable: &disable,
+			}
 			feast.Handler.FeatureStore.Spec.Services.Registry = &feastdevv1alpha1.Registry{
 				Local: &feastdevv1alpha1.LocalRegistryConfig{
 					TLS: &feastdevv1alpha1.TlsConfigs{
@@ -219,6 +243,10 @@ var _ = Describe("TLS Config", func() {
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
 			Expect(tls.SecretKeyNames).NotTo(Equal(secretKeyNames))
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).NotTo(BeNil())
+			Expect(tls.IsTLS()).To(BeFalse())
+			Expect(tls.SecretKeyNames).NotTo(Equal(secretKeyNames))
 			tls = feast.getTlsConfigs(RegistryFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
@@ -230,6 +258,7 @@ var _ = Describe("TLS Config", func() {
 			Expect(feast.localRegistryTls()).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeFalse())
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
@@ -249,11 +278,17 @@ var _ = Describe("TLS Config", func() {
 			Expect(onlineSvc.Annotations).To(BeEmpty())
 			Expect(onlineSvc.Spec.Ports[0].Name).To(Equal(HttpScheme))
 
+			uiSvc := feast.initFeastSvc(UIFeastType)
+			err = feast.setService(uiSvc, UIFeastType)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(uiSvc.Annotations).To(BeEmpty())
+			Expect(uiSvc.Spec.Ports[0].Name).To(Equal(HttpScheme))
+
 			// check k8s deployment objects
 			feastDeploy = feast.initFeastDeploy()
 			err = feast.setDeployment(feastDeploy)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(3))
+			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(4))
 			Expect(GetOfflineContainer(*feastDeploy)).NotTo(BeNil())
 			Expect(feastDeploy.Spec.Template.Spec.Volumes).To(HaveLen(2))
 
@@ -263,6 +298,9 @@ var _ = Describe("TLS Config", func() {
 			Expect(GetOfflineContainer(*feastDeploy).VolumeMounts).To(HaveLen(2))
 			Expect(GetOnlineContainer(*feastDeploy).Command).NotTo(ContainElements(ContainSubstring("--key")))
 			Expect(GetOnlineContainer(*feastDeploy).VolumeMounts).To(HaveLen(1))
+			Expect(GetUIContainer(*feastDeploy).Command).NotTo(ContainElements(ContainSubstring("--key")))
+			Expect(GetUIContainer(*feastDeploy).VolumeMounts).To(HaveLen(1))
+
 		})
 	})
 })
diff --git a/infra/feast-operator/test/e2e/e2e_test.go b/infra/feast-operator/test/e2e/e2e_test.go
@@ -167,6 +167,7 @@ func validateTheFeatureStoreCustomResource(namespace string, featureStoreName st
 	feastK8sResourceNames := []string{
 		feastResourceName + "-online",
 		feastResourceName + "-offline",
+		feastResourceName + "-ui",
 	}
 
 	if !hasRemoteRegistry {
diff --git a/infra/feast-operator/test/testdata/feast_integration_test_crs/v1alpha1_default_featurestore.yaml b/infra/feast-operator/test/testdata/feast_integration_test_crs/v1alpha1_default_featurestore.yaml
@@ -7,3 +7,4 @@ spec:
   services:
     onlineStore: {}
     offlineStore: {}
+    ui: {}
diff --git a/infra/feast-operator/test/testdata/feast_integration_test_crs/v1alpha1_remote_registry_featurestore.yaml b/infra/feast-operator/test/testdata/feast_integration_test_crs/v1alpha1_remote_registry_featurestore.yaml
@@ -7,6 +7,7 @@ spec:
   services:
     onlineStore: {}
     offlineStore: {}
+    ui: {}
     registry:
       remote:
         feastRef:

Original file line number	Diff line number	Diff line change
`@@ -371,6 +371,7 @@ func minimalFeatureStoreWithAllServices() *feastdevv1alpha1.FeatureStore {`
`371`	`371`	`OfflineStore: &feastdevv1alpha1.OfflineStore{},`
`372`	`372`	`OnlineStore: &feastdevv1alpha1.OnlineStore{},`
`373`	`373`	`Registry: &feastdevv1alpha1.Registry{},`
	`374`	`+ UI: &feastdevv1alpha1.UIService{},`
`374`	`375`	`}`
`375`	`376`	`return feast`
`376`	`377`	`}`
Original file line number	Diff line number	Diff line change
`@@ -167,6 +167,7 @@ func validateTheFeatureStoreCustomResource(namespace string, featureStoreName st`
`167`	`167`	`feastK8sResourceNames := []string{`
`168`	`168`	`feastResourceName + "-online",`
`169`	`169`	`feastResourceName + "-offline",`
	`170`	`+ feastResourceName + "-ui",`
`170`	`171`	`}`
`171`	`172`
`172`	`173`	`if !hasRemoteRegistry {`