Add TLS support to the Operator
Is your feature request related to a problem? Please describe.
An Operator user should be able to configure feast with TLS.
Describe the solution you'd like
When configured, TLS will be enabled for that feast service. If the operator detects it's running in an OpenShift cluster, we enable TLS by default because we can leverage the built-in service serving certificate feature.
apiVersion: feast.dev/v1alpha1 kind: FeatureStore metadata: name: example namespace: <namespace> spec: feastProject: test services: <feast_service_type>: // e.g. offlineStore, onlineStore, registry // add CRD validation that requires `secretRef` to be set if `disable` is false. tls: // optional ... enabled by default when deployed to an OpenShift cluster. if user leaves tls undefined, the operator assumes tls should be enabled and uses built-in service serving certificate feature. secretRef: // required if tls.disable is false name: <string> // required secretKeyNames: // optional tlsCrt: <string> // optional (defaults to tls.crt) tlsKey: <string> // optional (defaults to tls.key) verifyClient: <bool> // optional (defaults to false) currently only used with offline server disable: <bool> // optional (defaults to false) allows the user to disable tls without removing the TLS settings. one scenario in which this is beneficial would be in openshift, where we default to tls being enabled
Additional context
References for implementation -
https://github.com/feast-dev/feast/blob/master/docs/how-to-guides/starting-feast-servers-tls-mode.md
https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/