adding tls config for ui

Signed-off-by: Abdul Hameed <[email protected]>

infra/feast-operator/internal/controller/services/repo_config_test.go

@@ -371,6 +371,7 @@ func minimalFeatureStoreWithAllServices() *feastdevv1alpha1.FeatureStore {
 		OfflineStore: &feastdevv1alpha1.OfflineStore{},
 		OnlineStore:  &feastdevv1alpha1.OnlineStore{},
 		Registry:     &feastdevv1alpha1.Registry{},
+		UI:           &feastdevv1alpha1.UIService{},
 	}
 	return feast
 }

infra/feast-operator/internal/controller/services/services.go

@@ -427,11 +427,6 @@ func (feast *FeastServices) setRoute(route *routev1.Route, feastType FeastServic
 	route.Labels = feast.getFeastTypeLabels(feastType)
 
 	tls := feast.getTlsConfigs(feastType)
-	/*	scheme := HttpScheme
-		if tls.IsTLS() {
-			scheme = HttpsScheme
-		}*/
-
 	route.Spec = routev1.RouteSpec{
 		To: routev1.RouteTargetReference{
 			Kind: "Service",
@@ -441,7 +436,7 @@ func (feast *FeastServices) setRoute(route *routev1.Route, feastType FeastServic
 			TargetPort: intstr.FromInt(int(getTargetPort(feastType, tls))),
 		},
 		TLS: &routev1.TLSConfig{
-			Termination: routev1.TLSTerminationEdge,
+			Termination: routev1.TLSTerminationPassthrough,
 		},
 	}
 

infra/feast-operator/internal/controller/services/tls.go

@@ -37,6 +37,9 @@ func (feast *FeastServices) setTlsDefaults() error {
 	if feast.isLocalRegistry() {
 		tlsDefaults(appliedServices.Registry.Local.TLS)
 	}
+	if feast.isUI() {
+		tlsDefaults(appliedServices.UI.TLS)
+	}
 	return nil
 }
 
@@ -56,6 +59,14 @@ func (feast *FeastServices) setOpenshiftTls() error {
 			},
 		}
 	}
+	if feast.uiOpenshiftTls() {
+		appliedServices.UI.TLS = &feastdevv1alpha1.TlsConfigs{
+			SecretRef: &corev1.LocalObjectReference{
+				Name: feast.initFeastSvc(UIFeastType).Name + tlsNameSuffix,
+			},
+		}
+	}
+
 	if feast.localRegistryOpenshiftTls() {
 		appliedServices.Registry.Local.TLS = &feastdevv1alpha1.TlsConfigs{
 			SecretRef: &corev1.LocalObjectReference{
@@ -79,7 +90,7 @@ func (feast *FeastServices) setOpenshiftTls() error {
 }
 
 func (feast *FeastServices) checkOpenshiftTls() (bool, error) {
-	if feast.offlineOpenshiftTls() || feast.onlineOpenshiftTls() || feast.localRegistryOpenshiftTls() {
+	if feast.offlineOpenshiftTls() || feast.onlineOpenshiftTls() || feast.localRegistryOpenshiftTls() || feast.uiOpenshiftTls() {
 		return true, nil
 	}
 	return feast.remoteRegistryOpenshiftTls()
@@ -93,7 +104,10 @@ func (feast *FeastServices) isOpenShiftTls(feastType FeastServiceType) (isOpenSh
 		isOpenShift = feast.onlineOpenshiftTls()
 	case RegistryFeastType:
 		isOpenShift = feast.localRegistryOpenshiftTls()
+	case UIFeastType:
+		isOpenShift = feast.uiOpenshiftTls()
 	}
+
 	return
 }
 
@@ -132,6 +146,12 @@ func (feast *FeastServices) onlineOpenshiftTls() bool {
 		feast.isOnlinStore() && feast.Handler.FeatureStore.Spec.Services.OnlineStore.TLS == nil
 }
 
+// True if running in an openshift cluster and Tls not configured in the service Spec
+func (feast *FeastServices) uiOpenshiftTls() bool {
+	return isOpenShift &&
+		feast.isUI() && feast.Handler.FeatureStore.Spec.Services.UI.TLS == nil
+}
+
 // True if running in an openshift cluster and Tls not configured in the service Spec
 func (feast *FeastServices) localRegistryOpenshiftTls() bool {
 	return isOpenShift &&
@@ -180,6 +200,7 @@ func (feast *FeastServices) mountTlsConfigs(podSpec *corev1.PodSpec) {
 	feast.mountRegistryClientTls(podSpec)
 	feast.mountTlsConfig(OfflineFeastType, podSpec)
 	feast.mountTlsConfig(OnlineFeastType, podSpec)
+	feast.mountTlsConfig(UIFeastType, podSpec)
 }
 
 func (feast *FeastServices) mountTlsConfig(feastType FeastServiceType, podSpec *corev1.PodSpec) {

infra/feast-operator/internal/controller/services/tls_test.go

@@ -63,6 +63,8 @@ var _ = Describe("TLS Config", func() {
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
+
 			openshiftTls, err := feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(openshiftTls).To(BeFalse())
@@ -79,6 +81,9 @@ var _ = Describe("TLS Config", func() {
 			tls = feast.getTlsConfigs(OnlineFeastType)
 			Expect(tls).To(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).To(BeNil())
+			Expect(tls.IsTLS()).To(BeFalse())
 			tls = feast.getTlsConfigs(RegistryFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeTrue())
@@ -90,7 +95,9 @@ var _ = Describe("TLS Config", func() {
 			Expect(feast.localRegistryTls()).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeTrue())
+
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(openshiftTls).To(BeTrue())
@@ -124,12 +131,19 @@ var _ = Describe("TLS Config", func() {
 			Expect(tls.SecretRef.Name).To(Equal("feast-test-registry-tls"))
 			Expect(tls.SecretKeyNames).To(Equal(secretKeyNames))
 			Expect(tls.IsTLS()).To(BeTrue())
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).NotTo(BeNil())
+			Expect(tls.SecretRef).NotTo(BeNil())
+			Expect(tls.SecretRef.Name).To(Equal("feast-test-ui-tls"))
+			Expect(tls.SecretKeyNames).To(Equal(secretKeyNames))
+			Expect(tls.IsTLS()).To(BeTrue())
 
 			Expect(feast.remoteRegistryTls()).To(BeFalse())
 			Expect(feast.localRegistryTls()).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeTrue())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeTrue())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeTrue())
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
 			Expect(openshiftTls).To(BeTrue())
@@ -139,18 +153,22 @@ var _ = Describe("TLS Config", func() {
 			err = feast.setDeployment(feastDeploy)
 			Expect(err).ToNot(HaveOccurred())
 			Expect(feastDeploy.Spec.Template.Spec.InitContainers).To(HaveLen(1))
-			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(3))
+			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(4))
 			Expect(feastDeploy.Spec.Template.Spec.Containers[0].Command).To(ContainElements(ContainSubstring("--key")))
 			Expect(feastDeploy.Spec.Template.Spec.Containers[1].Command).To(ContainElements(ContainSubstring("--key")))
 			Expect(feastDeploy.Spec.Template.Spec.Containers[2].Command).To(ContainElements(ContainSubstring("--key")))
-			Expect(feastDeploy.Spec.Template.Spec.Volumes).To(HaveLen(4))
+			Expect(feastDeploy.Spec.Template.Spec.Containers[3].Command).To(ContainElements(ContainSubstring("--key")))
+			Expect(feastDeploy.Spec.Template.Spec.Volumes).To(HaveLen(5))
 
 			// registry service w/ tls and in an openshift cluster
 			feast.Handler.FeatureStore = minimalFeatureStore()
 			feast.Handler.FeatureStore.Spec.Services = &feastdevv1alpha1.FeatureStoreServices{
 				OnlineStore: &feastdevv1alpha1.OnlineStore{
 					TLS: &feastdevv1alpha1.TlsConfigs{},
 				},
+				UI: &feastdevv1alpha1.UIService{
+					TLS: &feastdevv1alpha1.TlsConfigs{},
+				},
 				Registry: &feastdevv1alpha1.Registry{
 					Local: &feastdevv1alpha1.LocalRegistryConfig{
 						TLS: &feastdevv1alpha1.TlsConfigs{
@@ -171,17 +189,20 @@ var _ = Describe("TLS Config", func() {
 			tls = feast.getTlsConfigs(OnlineFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).NotTo(BeNil())
+			Expect(tls.IsTLS()).To(BeFalse())
 			tls = feast.getTlsConfigs(RegistryFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeTrue())
 			Expect(tls.SecretKeyNames).NotTo(Equal(secretKeyNames))
 			Expect(getPortStr(tls)).To(Equal("443"))
 			Expect(GetTlsPath(RegistryFeastType)).To(Equal("/tls/registry/"))
-
 			Expect(feast.remoteRegistryTls()).To(BeFalse())
 			Expect(feast.localRegistryTls()).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeFalse())
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
@@ -193,6 +214,9 @@ var _ = Describe("TLS Config", func() {
 			feast.Handler.FeatureStore.Spec.Services.OnlineStore.TLS = &feastdevv1alpha1.TlsConfigs{
 				Disable: &disable,
 			}
+			feast.Handler.FeatureStore.Spec.Services.UI.TLS = &feastdevv1alpha1.TlsConfigs{
+				Disable: &disable,
+			}
 			feast.Handler.FeatureStore.Spec.Services.Registry = &feastdevv1alpha1.Registry{
 				Local: &feastdevv1alpha1.LocalRegistryConfig{
 					TLS: &feastdevv1alpha1.TlsConfigs{
@@ -219,6 +243,10 @@ var _ = Describe("TLS Config", func() {
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
 			Expect(tls.SecretKeyNames).NotTo(Equal(secretKeyNames))
+			tls = feast.getTlsConfigs(UIFeastType)
+			Expect(tls).NotTo(BeNil())
+			Expect(tls.IsTLS()).To(BeFalse())
+			Expect(tls.SecretKeyNames).NotTo(Equal(secretKeyNames))
 			tls = feast.getTlsConfigs(RegistryFeastType)
 			Expect(tls).NotTo(BeNil())
 			Expect(tls.IsTLS()).To(BeFalse())
@@ -230,6 +258,7 @@ var _ = Describe("TLS Config", func() {
 			Expect(feast.localRegistryTls()).To(BeFalse())
 			Expect(feast.isOpenShiftTls(OfflineFeastType)).To(BeTrue())
 			Expect(feast.isOpenShiftTls(OnlineFeastType)).To(BeFalse())
+			Expect(feast.isOpenShiftTls(UIFeastType)).To(BeFalse())
 			Expect(feast.isOpenShiftTls(RegistryFeastType)).To(BeFalse())
 			openshiftTls, err = feast.checkOpenshiftTls()
 			Expect(err).ToNot(HaveOccurred())
@@ -249,11 +278,17 @@ var _ = Describe("TLS Config", func() {
 			Expect(onlineSvc.Annotations).To(BeEmpty())
 			Expect(onlineSvc.Spec.Ports[0].Name).To(Equal(HttpScheme))
 
+			uiSvc := feast.initFeastSvc(UIFeastType)
+			err = feast.setService(uiSvc, UIFeastType)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(uiSvc.Annotations).To(BeEmpty())
+			Expect(uiSvc.Spec.Ports[0].Name).To(Equal(HttpScheme))
+
 			// check k8s deployment objects
 			feastDeploy = feast.initFeastDeploy()
 			err = feast.setDeployment(feastDeploy)
 			Expect(err).ToNot(HaveOccurred())
-			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(3))
+			Expect(feastDeploy.Spec.Template.Spec.Containers).To(HaveLen(4))
 			Expect(GetOfflineContainer(*feastDeploy)).NotTo(BeNil())
 			Expect(feastDeploy.Spec.Template.Spec.Volumes).To(HaveLen(2))
 
@@ -263,6 +298,9 @@ var _ = Describe("TLS Config", func() {
 			Expect(GetOfflineContainer(*feastDeploy).VolumeMounts).To(HaveLen(2))
 			Expect(GetOnlineContainer(*feastDeploy).Command).NotTo(ContainElements(ContainSubstring("--key")))
 			Expect(GetOnlineContainer(*feastDeploy).VolumeMounts).To(HaveLen(1))
+			Expect(GetUIContainer(*feastDeploy).Command).NotTo(ContainElements(ContainSubstring("--key")))
+			Expect(GetUIContainer(*feastDeploy).VolumeMounts).To(HaveLen(1))
+
 		})
 	})
 })

infra/feast-operator/test/e2e/e2e_test.go

@@ -167,6 +167,7 @@ func validateTheFeatureStoreCustomResource(namespace string, featureStoreName st
 	feastK8sResourceNames := []string{
 		feastResourceName + "-online",
 		feastResourceName + "-offline",
+		feastResourceName + "-ui",
 	}
 
 	if !hasRemoteRegistry {

infra/feast-operator/test/testdata/feast_integration_test_crs/v1alpha1_default_featurestore.yaml

@@ -7,3 +7,4 @@ spec:
   services:
     onlineStore: {}
     offlineStore: {}
+    ui: {}

infra/feast-operator/test/testdata/feast_integration_test_crs/v1alpha1_remote_registry_featurestore.yaml

@@ -7,6 +7,7 @@ spec:
   services:
     onlineStore: {}
     offlineStore: {}
+    ui: {}
     registry:
       remote:
         feastRef: