Add TLS support to the Operator #4770
Description
Is your feature request related to a problem? Please describe.
An Operator user should be able to configure feast with TLS.
Describe the solution you'd like
When configured, TLS will be enabled for that feast service. If the operator detects it's running in an OpenShift cluster, we enable TLS by default because we can leverage the built-in service serving certificate feature.
apiVersion: feast.dev/v1alpha1
kind: FeatureStore
metadata:
name: example
namespace: <namespace>
spec:
feastProject: test
services:
<feast_service_type>: // e.g. offlineStore, onlineStore, registry
// add CRD validation that requires `secretRef` to be set if `disable` is false.
tls: // optional ... enabled by default when deployed to an OpenShift cluster. if user leaves tls undefined, the operator assumes tls should be enabled and uses built-in service serving certificate feature.
secretRef: // required if tls.disable is false
name: <string> // required
secretKeyNames: // optional
tlsCrt: <string> // optional (defaults to tls.crt)
tlsKey: <string> // optional (defaults to tls.key)
verifyClient: <bool> // optional (defaults to false) currently only used with offline server
disable: <bool> // optional (defaults to false) allows the user to disable tls without removing the TLS settings. one scenario in which this is beneficial would be in openshift, where we default to tls being enabledAdditional context
References for implementation -
https://github.com/feast-dev/feast/blob/master/docs/how-to-guides/starting-feast-servers-tls-mode.md
https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/