From 2bcd2ce37991e7cb37f0116adea4420c17298ac6 Mon Sep 17 00:00:00 2001
From: Khor Shu Heng <khor.heng@gojek.com>
Date: Tue, 3 Nov 2020 16:58:47 +0800
Subject: [PATCH] Allow user to specify custom secrets to be mounted on Feast
 Serving and Feast Core pods

Signed-off-by: Khor Shu Heng <khor.heng@gojek.com>
---
 infra/charts/feast/README.md                           |  2 +-
 infra/charts/feast/charts/feast-core/README.md         |  1 +
 .../feast/charts/feast-core/templates/deployment.yaml  | 10 ++++++++++
 infra/charts/feast/charts/feast-core/values.yaml       |  3 +++
 infra/charts/feast/charts/feast-jobservice/Chart.yaml  |  2 +-
 infra/charts/feast/charts/feast-jobservice/README.md   |  6 +++---
 infra/charts/feast/charts/feast-serving/README.md      |  1 +
 .../charts/feast-serving/templates/deployment.yaml     | 10 ++++++++++
 infra/charts/feast/charts/feast-serving/values.yaml    |  3 +++
 9 files changed, 33 insertions(+), 5 deletions(-)

diff --git a/infra/charts/feast/README.md b/infra/charts/feast/README.md
index 22e2b83a20..6e817c5c2e 100644
--- a/infra/charts/feast/README.md
+++ b/infra/charts/feast/README.md
@@ -15,7 +15,7 @@ https://docs.feast.dev/v/master/getting-started/deploying-feast/kubernetes
 |  | feast-jupyter | 0.8-SNAPSHOT |
 |  | feast-serving | 0.8-SNAPSHOT |
 |  | prometheus-statsd-exporter | 0.1.2 |
-| https://kubernetes-charts-incubator.storage.googleapis.com/ | kafka | 0.20.8 |
+| https://charts.bitnami.com/bitnami/ | kafka | 11.8.8 |
 | https://kubernetes-charts.storage.googleapis.com/ | grafana | 5.0.5 |
 | https://kubernetes-charts.storage.googleapis.com/ | postgresql | 8.6.1 |
 | https://kubernetes-charts.storage.googleapis.com/ | prometheus | 11.0.2 |
diff --git a/infra/charts/feast/charts/feast-core/README.md b/infra/charts/feast/charts/feast-core/README.md
index 0b880e60c5..5169d237a8 100644
--- a/infra/charts/feast/charts/feast-core/README.md
+++ b/infra/charts/feast/charts/feast-core/README.md
@@ -58,6 +58,7 @@ Current chart version is `0.8-SNAPSHOT`
 | readinessProbe.timeoutSeconds | int | `10` | When the probe times out |
 | replicaCount | int | `1` | Number of pods that will be created |
 | resources | object | `{}` | CPU/memory [resource requests/limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) |
+| secrets | list | `[]` | List of Kubernetes secrets to be mounted on Feast Core pods. These secrets will be mounted on /etc/secrets/<secret name>. |
 | service.grpc.nodePort | string | `nil` | Port number that each cluster node will listen to |
 | service.grpc.port | int | `6565` | Service port for GRPC requests |
 | service.grpc.targetPort | int | `6565` | Container port serving GRPC requests |
diff --git a/infra/charts/feast/charts/feast-core/templates/deployment.yaml b/infra/charts/feast/charts/feast-core/templates/deployment.yaml
index 8f9de2afbe..a24672d940 100644
--- a/infra/charts/feast/charts/feast-core/templates/deployment.yaml
+++ b/infra/charts/feast/charts/feast-core/templates/deployment.yaml
@@ -46,6 +46,11 @@ spec:
       - name: {{ template "feast-core.fullname" . }}-secret
         secret:
           secretName: {{ template "feast-core.fullname" . }}
+      {{- range $secret := .Values.secrets }}
+      - name: {{ $secret }}
+        secret:
+          secretName: {{ $secret }}
+      {{- end }}
 
       containers:
       - name: {{ .Chart.Name }}
@@ -58,6 +63,11 @@ spec:
         - name: {{ template "feast-core.fullname" . }}-secret
           mountPath: /etc/secrets/feast
           readOnly: true
+        {{- range $secret := .Values.secrets }}
+        - name: {{ $secret }}
+          mountPath: "/etc/secrets/{{ $secret }}"
+          readOnly: true
+        {{- end }}
 
         env:
         - name: LOG_TYPE
diff --git a/infra/charts/feast/charts/feast-core/values.yaml b/infra/charts/feast/charts/feast-core/values.yaml
index 26d80536dd..423373e61c 100644
--- a/infra/charts/feast/charts/feast-core/values.yaml
+++ b/infra/charts/feast/charts/feast-core/values.yaml
@@ -140,5 +140,8 @@ nodeSelector: {}
 # envOverrides -- Extra environment variables to set
 envOverrides: {}
 
+# secrets -- List of Kubernetes secrets to be mounted on Feast Core pods. These secrets will be mounted on /etc/secrets/<secret name>.
+secrets: []
+
 # podLabels -- Labels to be added to Feast Core pods
 podLabels: {}
diff --git a/infra/charts/feast/charts/feast-jobservice/Chart.yaml b/infra/charts/feast/charts/feast-jobservice/Chart.yaml
index f0e1c4e581..ca51d87082 100644
--- a/infra/charts/feast/charts/feast-jobservice/Chart.yaml
+++ b/infra/charts/feast/charts/feast-jobservice/Chart.yaml
@@ -1,4 +1,4 @@
 apiVersion: v1
-description: Feast Job Coontroller manage ingestion jobs.
+description: Feast Job Service manage ingestion jobs.
 name: feast-jobservice
 version: 0.8-SNAPSHOT
diff --git a/infra/charts/feast/charts/feast-jobservice/README.md b/infra/charts/feast/charts/feast-jobservice/README.md
index c8502080a5..353612f988 100644
--- a/infra/charts/feast/charts/feast-jobservice/README.md
+++ b/infra/charts/feast/charts/feast-jobservice/README.md
@@ -1,5 +1,5 @@
 feast-jobservice
-==========
+================
 Feast Job Service manage ingestion jobs.
 
 Current chart version is `0.8-SNAPSHOT`
@@ -37,7 +37,7 @@ Current chart version is `0.8-SNAPSHOT`
 | ingress.http.https.enabled | bool | `true` | Flag to enable HTTPS |
 | ingress.http.https.secretNames | object | `{}` | Map of hostname to TLS secret name |
 | ingress.http.whitelist | string | `""` | Allowed client IP source ranges |
-| livenessProbe.enabled | bool | `false` | Flag to enabled the probe |
+| livenessProbe.enabled | bool | `true` | Flag to enabled the probe |
 | livenessProbe.failureThreshold | int | `5` | Min consecutive failures for the probe to be considered failed |
 | livenessProbe.initialDelaySeconds | int | `60` | Delay before the probe is initiated |
 | livenessProbe.periodSeconds | int | `10` | How often to perform the probe |
@@ -45,7 +45,7 @@ Current chart version is `0.8-SNAPSHOT`
 | livenessProbe.timeoutSeconds | int | `5` | When the probe times out |
 | nodeSelector | object | `{}` | Node labels for pod assignment |
 | podLabels | object | `{}` | Labels to be added to Feast Job Service pods |
-| prometheus.enabled | bool | `true` | Flag to enable scraping of Feast Job Service metrics |
+| prometheus.enabled | bool | `true` | Flag to enable scraping of metrics |
 | readinessProbe.enabled | bool | `true` | Flag to enabled the probe |
 | readinessProbe.failureThreshold | int | `5` | Min consecutive failures for the probe to be considered failed |
 | readinessProbe.initialDelaySeconds | int | `20` | Delay before the probe is initiated |
diff --git a/infra/charts/feast/charts/feast-serving/README.md b/infra/charts/feast/charts/feast-serving/README.md
index fa3553fb8b..c4156e69ca 100644
--- a/infra/charts/feast/charts/feast-serving/README.md
+++ b/infra/charts/feast/charts/feast-serving/README.md
@@ -61,6 +61,7 @@ Current chart version is `0.8-SNAPSHOT`
 | readinessProbe.timeoutSeconds | int | `10` | When the probe times out |
 | replicaCount | int | `1` | Number of pods that will be created |
 | resources | object | `{}` | CPU/memory [resource requests/limit](https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#resource-requests-and-limits-of-pod-and-container) |
+| secrets | list | `[]` | List of Kubernetes secrets to be mounted on Feast Core pods. These secrets will be mounted on /etc/secrets/<secret name>. |
 | service.grpc.nodePort | string | `nil` | Port number that each cluster node will listen to |
 | service.grpc.port | int | `6566` | Service port for GRPC requests |
 | service.grpc.targetPort | int | `6566` | Container port serving GRPC requests |
diff --git a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml
index cdc1077064..3df799df1d 100644
--- a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml
+++ b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml
@@ -46,6 +46,11 @@ spec:
       - name: {{ template "feast-serving.fullname" . }}-secret
         secret:
           secretName: {{ template "feast-serving.fullname" . }}
+      {{- range $secret := .Values.secrets }}
+      - name: {{ $secret }}
+        secret:
+          secretName: {{ $secret }}
+      {{- end }}
 
       containers:
       - name: {{ .Chart.Name }}
@@ -58,6 +63,11 @@ spec:
         - name: {{ template "feast-serving.fullname" . }}-secret
           mountPath: /etc/secrets/feast
           readOnly: true
+        {{- range $secret := .Values.secrets }}
+        - name: {{ $secret }}
+          mountPath: "/etc/secrets/{{ $secret }}"
+          readOnly: true
+        {{- end }}
 
         env:
         - name: LOG_TYPE
diff --git a/infra/charts/feast/charts/feast-serving/values.yaml b/infra/charts/feast/charts/feast-serving/values.yaml
index 6343f4432b..06dbb85cb9 100644
--- a/infra/charts/feast/charts/feast-serving/values.yaml
+++ b/infra/charts/feast/charts/feast-serving/values.yaml
@@ -147,5 +147,8 @@ nodeSelector: {}
 # envOverrides -- Extra environment variables to set
 envOverrides: {}
 
+# secrets -- List of Kubernetes secrets to be mounted on Feast Core pods. These secrets will be mounted on /etc/secrets/<secret name>.
+secrets: []
+
 # podLabels -- Labels to be added to Feast Serving pods
 podLabels: {}