Skip to content

fix: Mount TLS volumes for init container for TLS-enabled registries#6199

Merged
ntkathole merged 1 commit intofeast-dev:masterfrom
ntkathole:fix_6197
Mar 31, 2026
Merged

fix: Mount TLS volumes for init container for TLS-enabled registries#6199
ntkathole merged 1 commit intofeast-dev:masterfrom
ntkathole:fix_6197

Conversation

@ntkathole
Copy link
Copy Markdown
Member

@ntkathole ntkathole commented Mar 31, 2026
edited
Loading

What this PR does / why we need it:

When a FeatureStore CR uses TLS-enabled services (local TLS, remote registry TLS, or custom CA bundles), the feast-apply init container fail to connect to TLS-secured endpoints because they lack the necessary TLS certificate volume mounts. init containers need the same PVC mounts that main containers already get.

Additionally, removed the feastProject name matching constraint in getRemoteRegistryFeastHandler that required the referencing and referenced FeatureStore CRs to use the same feastProject name. This was overly restrictive - the operator should allow different project configurations to reference a shared remote registry without enforcing name equality.

changes

  • tls.go: mountTlsConfig, mountTlsRemoteRegistryConfig, and mountCustomCABundle now iterate podSpec.InitContainers in addition to podSpec.Containers to mount TLS volume mounts.
  • services.go: Removed the feastProject name equality check in getRemoteRegistryFeastHandler that blocked remote registry references between FeatureStore CRs with different project names.

Which issue(s) this PR fixes:

Fixes #6197

Open with Devin

@ntkathole ntkathole self-assigned this Mar 31, 2026
@ntkathole ntkathole requested a review from a team as a code owner March 31, 2026 05:19
devin-ai-integration[bot]
devin-ai-integration bot reviewed Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 2 additional findings.

Open in Devin Review

devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@ntkathole
fix: Mount TLS volumes for init container
91a99bf 
Signed-off-by: ntkathole <nikhilkathole2683@gmail.com>
@ntkathole ntkathole merged commit 080a9b5 into feast-dev:master Mar 31, 2026
29 of 31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

@franciscojavierarceo franciscojavierarceo franciscojavierarceo approved these changes

Assignees

@ntkathole ntkathole

Labels

ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

init container needs the same TLS volume mounts as the main container when using TLS-enabled remote registries

2 participants

@ntkathole @franciscojavierarceo