feast-dev · redhatHameed · Feb 25, 2025 · Feb 6, 2025 · Feb 17, 2025 · Feb 17, 2025
@@ -1,23 +1,21 @@
 # Feast Examples
 
-1. **[Quickstart Example](quickstart)**: This is a step-by-step guide for getting started with Feast.
-
-2. **[Java Demo](java-demo)**: Demonstrates how to use Feast with Java feature server and deployed with Kubernetes.
-
-3. **[Kind Quickstart](kind-quickstart)**: Demonstrates how to install and use Feast on Kind with the Helm chart.
-
-4. **[Operator Quickstart](operator-quickstart)**: Demonstrates how to install and use Feast on Kubernetes with the Feast Go Operator.
-
-5. **[Credit Risk End-to-End](credit-risk-end-to-end)**: Demonstrates how to use Feast with Java feature server and deployed with Kubernetes.
-
-6. **[Python Helm Demo](python-helm-demo)**: Demonstrates Feast with Kubernetes using Helm charts and Python feature server.
+The following examples illustrate various **Feast** use cases to enhance understanding of its functionality.
 
-7. **[RBAC Local](rbac-local)**: Demonstrates using notebooks how configure and test Role-Based Access Control (RBAC) for securing access in Feast using OIDC authorization type with in a local environment.
-
-8. **[RBAC Remote](rbac-remote)**: Demonstrates how to configure and test Role-Based Access Control (RBAC) for securing access in Feast using Kubernetes or OIDC Authentication type with in Kubernetes environment.
-
-9. **[Remote Offline Store](remote-offline-store)**: Demonstrates how to set up and use remote offline server.
-
-10. **[Podman/Podman Compose_local](podman_local)**: Demonstrates how to deploy Feast remote server components using Podman Compose locally.
-
-11. **[RHOAI Feast Demo](rhoai-quickstart)**: Showcases Feast's core functionality using a Jupyter notebook, including fetching online feature data from a remote server and retrieving metadata from a remote registry.
+1. **[Quickstart Example](quickstart)**: This is a step-by-step guide for getting started with Feast.
+1. **[Java Demo](java-demo)**: Demonstrates how to use Feast with Java feature server and deploy it on Kubernetes.
+1. **[Kind Quickstart](kind-quickstart)**: Demonstrates how to install and use Feast on Kind with the Helm chart.
+1. **[Credit Risk End-to-End](credit-risk-end-to-end)**: Demonstrates how to use Feast with Java feature server and deploy it on Kubernetes.
+1. **[Python Helm Demo](python-helm-demo)**: Demonstrates Feast with Kubernetes using Helm charts and Python feature server.
+1. **[RBAC Local](rbac-local)**: Shows how to configure and test Role-Based Access Control (RBAC) for securing access in Feast using OIDC authorization in a local environment.
+1. **[RBAC Remote](rbac-remote)**: Demonstrates how to configure and test Role-Based Access Control (RBAC) for securing access in Feast using Kubernetes or OIDC Authentication in a Kubernetes environment.
+1. **[Remote Offline Store](remote-offline-store)**: Demonstrates how to set up and use a remote offline store.
+1. **[Podman/Podman Compose Local](podman_local)**: Demonstrates how to deploy Feast remote server components using Podman Compose locally.
+1. **[RHOAI Feast Demo](rhoai-quickstart)**: Showcases Feast's core functionality using a Jupyter notebook, including fetching online feature data from a remote server and retrieving metadata from a remote registry.
+
+# Feast Operator Examples
+
+The examples below showcase how to deploy and manage **Feast on Kubernetes** using the **Feast Go Operator**.
+
+1. **[Operator Quickstart](operator-quickstart)**: Demonstrates how to install and use Feast on Kubernetes with the Feast Go Operator.
+1. **[Operator Quickstart with Postgres in TLS](operator-postgres-tls-demo)**: Demonstrates installing and configuring Feast with PostgreSQL in TLS mode on Kubernetes using the Feast Go Operator, with an emphasis on volumes and VolumeMounts support.  
@@ -0,0 +1,4 @@
+postgres-tls-certs
+values.yaml
+.ipynb_checkpoints
+*.tar.gz
@@ -0,0 +1,134 @@
+{
+ "cells": [
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Uninstall the Operator and all Feast related objects"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 8,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "secret \"postgres-secret\" deleted\n",
+      "secret \"feast-data-stores\" deleted\n",
+      "featurestore.feast.dev \"sample-db-ssl\" deleted\n",
+      "Error from server (NotFound): error when deleting \"../../infra/feast-operator/config/samples/v1alpha1_featurestore_postgres_tls_volumes_ca_env.yaml\": secrets \"postgres-secret\" not found\n",
+      "Error from server (NotFound): error when deleting \"../../infra/feast-operator/config/samples/v1alpha1_featurestore_postgres_tls_volumes_ca_env.yaml\": secrets \"feast-data-stores\" not found\n",
+      "Error from server (NotFound): error when deleting \"../../infra/feast-operator/config/samples/v1alpha1_featurestore_postgres_tls_volumes_ca_env.yaml\": featurestores.feast.dev \"sample-db-ssl\" not found\n"
+     ]
+    }
+   ],
+   "source": [
+    "# If you have choosen the option 1 example earlier.\n",
+    "!kubectl delete -f ../../infra/feast-operator/config/samples/v1alpha1_featurestore_postgres_db_volumes_tls.yaml\n",
+    "\n",
+    "# If you have choosen the option 2 example earlier.\n",
+    "!kubectl delete -f ../../infra/feast-operator/config/samples/v1alpha1_featurestore_postgres_tls_volumes_ca_env.yaml\n",
+    "\n",
+    "#!kubectl delete -f ../../infra/feast-operator/dist/install.yaml"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Uninstall the Postgresql using helm"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 9,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "release \"postgresql\" uninstalled\n",
+      "secret \"postgresql-server-certs\" deleted\n",
+      "secret \"postgresql-client-certs\" deleted\n",
+      "persistentvolumeclaim \"data-postgresql-0\" deleted\n",
+      "persistentvolume \"pvc-d0c961d9-7579-4e30-842a-b46812b71f74\" deleted\n"
+     ]
+    }
+   ],
+   "source": [
+    "# Uninstall the Helm release\n",
+    "!helm uninstall postgresql\n",
+    "\n",
+    "# Delete the secrets\n",
+    "!kubectl delete secret postgresql-server-certs\n",
+    "!kubectl delete secret postgresql-client-certs\n",
+    "\n",
+    "# Remove the certificates directory\n",
+    "!rm -rf postgres-tls-certs\n",
+    "\n",
+    "# Remove PV and PVC for clean up. some times those are not deleted automatically and can cause issues.\n",
+    "# Delete all PVCs in the default namespace\n",
+    "!kubectl delete pvc --all\n",
+    "\n",
+    "# Delete all PVs\n",
+    "!kubectl delete pv --all"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "Ensure everything has been removed, or is in the process of being terminated."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": 3,
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "No resources found in feast namespace.\n"
+     ]
+    }
+   ],
+   "source": [
+    "!kubectl get all"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.11.10"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 4
+}
@@ -0,0 +1,50 @@
+# Installing Feast on Kubernetes with PostgreSQL TLS Demo using feast operator
+
+This example folder contains a series of Jupyter Notebooks that guide you through setting up [Feast](https://feast.dev/) on a Kubernetes cluster. 
+
+In this demo, Feast connects to a PostgreSQL database running in TLS mode, ensuring secure communication between services. Additionally, the example demonstrates how feast application references TLS certificates using Kubernetes volumes and volume mounts. While the focus is on mounting TLS certificates, you can also mount any other resources supported by Kubernetes volumes.
+
+## Prerequisites
+
+- A running Kubernetes cluster with sufficient resources.
+- [Helm](https://helm.sh/) installed and configured.
+- The [Feast Operator](https://docs.feast.dev/) for managing Feast deployments.
+- Jupyter Notebook or JupyterLab to run the provided notebooks.
+- Basic familiarity with Kubernetes, Helm, and TLS concepts.
+
+## Notebook Overview
+
+The following Jupyter Notebooks will walk you through the entire process:
+
+1. **[01-Install-postgres-tls-using-helm.ipynb](./01-Install-postgres-tls-using-helm.ipynb)**  
+   Installs PostgreSQL in TLS mode using a Helm chart.
+
+2. **[02-Install-feast.ipynb](02-Install-feast.ipynb)**  
+   Deploys Feast using the Feast Operator.
+
+3. **[03-Uninstall.ipynb](./03-Uninstall.ipynb)**  
+   Uninstalls Feast, the Feast Operator, and the PostgreSQL deployments set up in this demo.
+
+## How to Run the Demo
+
+1. **Clone the Repository**
+
+   ```shell
+   https://github.com/feast-dev/feast.git
+   cd examples/operator-postgres-tls-demo
+   ```
+2. Start Jupyter Notebook or JupyterLab from the repository root:
+
+```shell
+jupyter notebook
+```
+3. Execute the Notebooks
+Run the notebooks in the order listed above. Each notebook contains step-by-step instructions and code to deploy, test, and eventually clean up the demo components.
+
+
+## Troubleshooting
+* **Cluster Resources:**
+Verify that your Kubernetes cluster has adequate resources before starting the demo.
+
+* **Logs & Diagnostics:**
+If you encounter issues, check the logs for the PostgreSQL and Feast pods. This can help identify problems related to TLS configurations or resource constraints.
@@ -2,34 +2,33 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: postgres-secret
-  namespace: default
   labels:
     app: postgres
 stringData:
-  POSTGRES_DB: mydatabase
+  POSTGRES_DB: feast
   POSTGRES_USER: admin
   POSTGRES_PASSWORD: password
+  POSTGRES_HOST: postgresql.feast.svc.cluster.local
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: feast-data-stores
-  namespace: default
 stringData:
   sql: |
-    path: postgresql+psycopg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgresql.default.svc.cluster.local:5432/${POSTGRES_DB}?sslmode=require&sslrootcert=/var/lib/postgresql/certs/ca.crt&sslcert=/var/lib/postgresql/certs/tls.crt&sslkey=/var/lib/postgresql/certs/tls.key
+    path: postgresql+psycopg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:5432/${POSTGRES_DB}?sslmode=verify-full&sslrootcert=/var/lib/postgresql/certs/ca.crt&sslcert=/var/lib/postgresql/certs/tls.crt&sslkey=/var/lib/postgresql/certs/tls.key
     cache_ttl_seconds: 60
     sqlalchemy_config_kwargs:
         echo: false
         pool_pre_ping: true
   postgres: |
-    host: postgresql.default.svc.cluster.local
+    host: ${POSTGRES_HOST}
     port: 5432
     database: ${POSTGRES_DB}
     db_schema: public
     user: ${POSTGRES_USER}
     password: ${POSTGRES_PASSWORD}
-    sslmode: require
+    sslmode: verify-full
     sslkey_path: /var/lib/postgresql/certs/tls.key
     sslcert_path: /var/lib/postgresql/certs/tls.crt
     sslrootcert_path: /var/lib/postgresql/certs/ca.crt
@@ -38,7 +37,6 @@ apiVersion: feast.dev/v1alpha1
 kind: FeatureStore
 metadata:
   name: sample-db-ssl
-  namespace: default
 spec:
   feastProject: postgres_tls_sample
   services:

@@ -0,0 +1,84 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: postgres-secret
+  labels:
+    app: postgres
+stringData:
+  POSTGRES_DB: feast
+  POSTGRES_USER: admin
+  POSTGRES_PASSWORD: password
+  POSTGRES_HOST: postgresql.feast.svc.cluster.local
+  FEAST_CA_CERT_FILE_PATH: /var/lib/postgresql/certs/ca.crt
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: feast-data-stores
+stringData:
+  sql: |
+    path: postgresql+psycopg://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:5432/${POSTGRES_DB}?sslmode=verify-full&sslrootcert=system&sslcert=/var/lib/postgresql/certs/tls.crt&sslkey=/var/lib/postgresql/certs/tls.key
+    cache_ttl_seconds: 60
+    sqlalchemy_config_kwargs:
+        echo: false
+        pool_pre_ping: true
+  postgres: |
+    host: ${POSTGRES_HOST}
+    port: 5432
+    database: ${POSTGRES_DB}
+    db_schema: public
+    user: ${POSTGRES_USER}
+    password: ${POSTGRES_PASSWORD}
+    sslmode: verify-full
+    sslkey_path: /var/lib/postgresql/certs/tls.key
+    sslcert_path: /var/lib/postgresql/certs/tls.crt
+    sslrootcert_path: system
+---
+apiVersion: feast.dev/v1alpha1
+kind: FeatureStore
+metadata:
+  name: sample-db-ssl
+spec:
+  feastProject: postgres_tls_sample_env_ca
+  services:
+    volumes:
+      - name: postgres-certs
+        secret:
+          secretName: postgresql-client-certs
+          items:
+            - key: ca.crt
+              path: ca.crt
+              mode: 0644  # Readable by all, required by PostgreSQL
+            - key: tls.crt
+              path: tls.crt
+              mode: 0644  # Required for the client certificate
+            - key: tls.key
+              path: tls.key
+              mode: 0640  # Required for the private key
+    offlineStore:
+      persistence:
+        store:
+          type: postgres
+          secretRef:
+            name: feast-data-stores
+    onlineStore:
+      persistence:
+        store:
+          type: postgres
+          secretRef:
+            name: feast-data-stores
+      server:
+        volumeMounts:
+          - name: postgres-certs
+            mountPath: /var/lib/postgresql/certs
+            readOnly: true
+        envFrom:
+          - secretRef:
+              name: postgres-secret
+    registry:
+      local:
+        persistence:
+          store:
+            type: sql
+            secretRef:
+              name: feast-data-stores