From 90593cc27072ae3ebb235a9f7d82cad6d9612d26 Mon Sep 17 00:00:00 2001
From: Pedro Jacinto <pedro.jacinto@farfetch.com>
Date: Tue, 25 Feb 2020 14:42:38 +0000
Subject: [PATCH] Add support for storing spring profiles as kubernetes secrets
 Enable deployment rollout on configmap / secret changes Move store.yaml into
 a new configmap as it is already reloaded at runtime

---
 infra/charts/feast/README.md                  |   6 ++++
 .../charts/feast-core/charts/common-0.0.5.tgz | Bin 0 -> 8347 bytes
 .../feast/charts/feast-core/requirements.lock |  15 +++++++++
 .../feast-core/templates/deployment.yaml      |  19 ++++++++---
 .../charts/feast-core/templates/secret.yaml   |  19 +++++++++++
 .../feast/charts/feast-core/values.yaml       |   2 ++
 .../feast-serving/charts/common-0.0.5.tgz     | Bin 0 -> 8347 bytes
 .../charts/feast-serving/requirements.lock    |   9 ++++++
 .../templates/configmap-store.yaml            |  30 ++++++++++++++++++
 .../feast-serving/templates/configmap.yaml    |  19 -----------
 .../feast-serving/templates/deployment.yaml   |  19 +++++++++--
 .../feast-serving/templates/secret.yaml       |  19 +++++++++++
 .../feast/charts/feast-serving/values.yaml    |   2 ++
 infra/charts/feast/requirements.lock          |  16 +++++++---
 14 files changed, 144 insertions(+), 31 deletions(-)
 create mode 100644 infra/charts/feast/charts/feast-core/charts/common-0.0.5.tgz
 create mode 100644 infra/charts/feast/charts/feast-core/requirements.lock
 create mode 100644 infra/charts/feast/charts/feast-core/templates/secret.yaml
 create mode 100644 infra/charts/feast/charts/feast-serving/charts/common-0.0.5.tgz
 create mode 100644 infra/charts/feast/charts/feast-serving/requirements.lock
 create mode 100644 infra/charts/feast/charts/feast-serving/templates/configmap-store.yaml
 create mode 100644 infra/charts/feast/charts/feast-serving/templates/secret.yaml

diff --git a/infra/charts/feast/README.md b/infra/charts/feast/README.md
index e93b687f191..389a0b85d4d 100644
--- a/infra/charts/feast/README.md
+++ b/infra/charts/feast/README.md
@@ -100,7 +100,9 @@ The following table lists the configurable parameters of the Feast chart and the
 | `feast-core.logLevel` | Application logging level | `warn`
 | `feast-core.logType` | Application logging type (`JSON` or `Console`) | `JSON`
 | `feast-core.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}`
+| `feast-core.springSecretProfiles` | Map of profile name to file content for additional Spring profiles. Use this instead of springConfigProfiles if the content contains secrets. | `{}`
 | `feast-core.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""`
+| `feast-core.springSecretProfilesActive` | CSV of profiles to enable from `springSecretProfiles` | `""`
 | `feast-core.livenessProbe.enabled` | Flag to enable liveness probe | `true`
 | `feast-core.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60`
 | `feast-core.livenessProbe.periodSeconds` | How often to perform the probe | `10`
@@ -142,7 +144,9 @@ The following table lists the configurable parameters of the Feast chart and the
 | `feast-serving-online.logLevel` | Application logging level | `warn`
 | `feast-serving-online.logType` | Application logging type (`JSON` or `Console`) | `JSON`
 | `feast-serving-online.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}`
+| `feast-serving-online.springSecretProfiles` | Map of profile name to file content for additional Spring profiles. Use this instead of springConfigProfiles if the content contains secrets. | `{}`
 | `feast-serving-online.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""`
+| `feast-serving-online.springSecretProfilesActive` | CSV of profiles to enable from `springSecretProfiles` | `""`
 | `feast-serving-online.livenessProbe.enabled` | Flag to enable liveness probe | `true`
 | `feast-serving-online.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60`
 | `feast-serving-online.livenessProbe.periodSeconds` | How often to perform the probe | `10`
@@ -184,7 +188,9 @@ The following table lists the configurable parameters of the Feast chart and the
 | `feast-serving-batch.logLevel` | Application logging level | `warn`
 | `feast-serving-batch.logType` | Application logging type (`JSON` or `Console`) | `JSON`
 | `feast-serving-batch.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}`
+| `feast-serving-batch.springSecretProfiles` | Map of profile name to file content for additional Spring profiles. Use this instead of springConfigProfiles if the content contains secrets. | `{}`
 | `feast-serving-batch.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""`
+| `feast-serving-batch.springSecretProfilesActive` | CSV of profiles to enable from `springSecretProfiles` | `""`
 | `feast-serving-batch.livenessProbe.enabled` | Flag to enable liveness probe | `true`
 | `feast-serving-batch.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60`
 | `feast-serving-batch.livenessProbe.periodSeconds` | How often to perform the probe | `10`
diff --git a/infra/charts/feast/charts/feast-core/charts/common-0.0.5.tgz b/infra/charts/feast/charts/feast-core/charts/common-0.0.5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ca0a64ae31477b801f86d8e7ddd4d0adc254deaa
GIT binary patch
literal 8347
zcmV;MAY|VkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYMbKEwvFr3f)75!2^Wht4VM>ji}s#G1v@n&7Saa?hdt=%sk
z42hXRL=p@DN}kwyfBREtTnJv~B3o9HvqDv34G97bpu5pmAmv5D%SX>vM5ts<iu|+N
zFO$h+^5py+|D8-G-G3*iPfq>c`26_f^nCIed;(DVrIw0_&nA<PZKpf9zeph!`-KY0
zcsYg3<A_w1|2at}$$6AfnF>}ZeDn;l1yYSI^P1%uE0>V+qT(ejl>|~|u%dZIg^X6b
zpi@{WRmth2M=P2aiCjemVWlFhq(V-kG0=jrd<u%DtCCAzt+@Q(rGA#Ayodlwq8kZc
zHy@F#B<26knJP)aTJ<Zj&Undc8JXV($)n5m$o}Z5|5Fr8|Cc1Msr*C?U>E(L9G`UQ
z|NP10d-}hNasc1b1*vld1_fZjg{2pnL<jKGib-G+2>ko$_x~I(xG0EHG=l}psjl!X
zO>-hBQl3F0s0b4h6o<L~TS}S%D;0+|uLUStR5?);TQ}s1U)_`AA5tv+`&D`L2AR8{
zi$qno#0z%O|Jiw${?8{*&hP2}F3P)iV|es=WY8dSYY&xRxSyM?9_bV}ce{lqQS?GV
z#;JsYm8>8+P??fSivya0)RF=#;UD#!ijpcSAt!U1%Or}Pza>SLQ{c6#YBh}_fZsX4
zptPc5e4LylrxCyv7g;5!l;hLnBsqR_GC6)SIXV6+iavh?<Lm24gPqX@D=EYs*kh~!
zpsNU4<s_vLe-T6cCWgewxmLu1_hy_6i2p~9|3~`wFZFO;H?+*~?>~B_K1~^*e_k%w
zvLMy1Ndr6O|HnQ0Kbzds|DBW}Lh=Zps@zahM@zV1Wu}z@UGIBRMepAEZQZw0P(?DL
zNDK*FUq|}SDZFcw)V9uJU!&J_tyrEER4i!>hoq`>bIAtqkN!*O_(RJe{Tl`C&glQi
z*?EutPmk~E|1Qcf30eg3^l#+!ckfyo<n?vL3bLeAi1nLaj0%a55<x32nc`v%*VohD
zYeklDeI1+cU)6d3isvj{n=V>4EB{jWS8<`xZeRdfDOE)P9^hA8s409oi3F9r7Acie
z<W2nFq{w~4{w2HzR%WzRa01u+a3<4B!<im^4rxw_fRbK8t}9D!n<PpL7*||eNJzO5
zG*$T;0_g=MkGzDqX^xd?US~JpbHOqlHG}!`CM>T{{~4`vzAk8aYxcmM^ncph{~w>6
z-qZhGlmSE!5MWRMpl=l|^`G+5<?);<;sk<k{fGNV1hS&(Gy-2w{|(?OnO|V_2KNhq
zR26cGUhA48*p^*gL32u^Wn4d+ABJ_khu><hsH^Ni(Z!RM?{ut3)1}Q0lT1SL+s#Xw
zDgIzFr?W~QD(Cd+pO%-GMBJYCzmxutPbXdaKRbVNPycsP29VPt09xfjW%>bH0j6Ig
zqQ8X%CgDqC`U~D3<6Cc&fA`KdfS+J(e3)7DV;s9S0^$tud5DfIs2!zYA8=Eryu9qx
zIv%X`54sL3o$MUj-vloV0}0#skuDrpX})ZO;`!GFU3cDVAoiaWNmD`9{xf3gZ=DWP
z<s;_8H!wI60R;V7X!^d_=Wem|`TwHMbG;^aX8%1o@7sTm@9jT#Q>^{hExP3;5(vne
zDKgL3P?zkt+BkU7xJ$rkP%vLZ%8NNGS-FhViaL?2F&OKIjSV@8qMue2DnTy^%UQXE
zD<(5u0F$6r#8i?XSG>+M;AOsc@)(fu?<1Iuzk({SC1hN|VRD3BWJIpuaC|hvU*_AW
z<O=B9l+p|ypCSY#RaD3%ie3>x3aU`Ti^g6pbW`xdB^82YbP7Kj>#;P0;6+s{nwg<p
zF|`7<ViK0@l9u>zpsiPeF4)^Cn16!`%bd?i-mCW=KGyTouI}o+t`}I({JXh5SI@R5
zO?8}mQdK#l8E}zN0ZdLIUWUEG7tJ3y)GzGk@C7Wx=He*&S)%&?(6I1$P>OXRX&HHZ
zeH}mCV#4=zn=Qw7IsMuT3Wpg>)lp~U;Vw1T2pE3QHS)Jqfxx11v=JA==9iUdHLnGi
z!Q~7;>VGqgDy`kNUhMeBEOQIE{zqNl`X4#50O!dL5Fs{GiGY}vyC1!WoL^A^??H*W
zOyT?t|73;jBp$~-y(DV8ocwlU*$l}t&3yzZHD9o(r#RAJz=@EPXs$snEP+Z5P~~YG
zh=fiT+q_2|FdDIGJ4Rn$kKesRV4vpIioC1~c;aUz82F!7PU-LetXv8zZ!;ETr~Y@`
zjsH47KEAjA-booC1&07PGyc3VU+rW0F&u;~8dI<Bk(4DjmQ!i!1rLn6Fkp$nIyBze
zm^aRxHT_$%bhaN+=M+0ZzcDG76dtU&RGKk%o7T@Qgk#V@jEaKQt>&^)s&X1mMbxUX
zCgIO1Jo09$IY}>QnKd>pttW{~meQ9_HQK_19)uPz|E0Htx5m10;#F>kqw+zMd021L
zTz2{VX3Y9vn^%aL_l~_=DSiI$i1qe1fL-?gv(w`)|35i?a?k(oqO^rExAu?<s<A<<
zfr^wF5t+Bl!-|rOiX?iWf@%-F;r<~=ni}tyR+79X=pul;4A$ii%`TzehmL@94?bvj
z7UwS**eEOjZa^)g{n>vjH`z@8Z-Nc<<7`2@=>Ksq{{PAO<X--}lhUUD73UX$2}u8R
ziWYMby|szw4QW1<wLJN|53Mn0P9Y_EPBX2TJ=`cFA_y_W6_;wvN~uVm#}A|EX}N|=
zlCunff`Y7D(Zvb8rdsz?6pA`mtjZ}?l!gfrh(~d<Mg23q>X)(2RCt7sG}md&2Zm*!
zcVZ7ayc0}amsY5}7{P-}lq!va2oEj-mxqxgFE=?sZk<DIp?}LSKi&+yOaD7QecYk{
z$7lESe>bH~|G4DrcWTWl1TvN?-~tL#;U>PMB^9I<&}&o#xMF#(NfOaEOW+@LZ6B6g
z4afa1n9!<I{5?@B#=RSVep9P-MMb>LT;l-Ui@I(^RnfqVG(v+5j7Ec#d-ivl7tMV9
z6uvS~fd~o<L4T`hsq(dFp`PjO8fhrC7>#^)6a-q`hif&V(pYmv1yg9r4Fe@!8%;8t
zv%LZ;{tJbuzi{dE|J(KbeYS`H@3<HLd3JJgpZ|F$#d5oj@6U6L1sBNc@I7BN?z{wE
zs6ezsj^--QNL9@Y>r22(j|S7A5+qfcuW0^9%5|6|Qjn4@s8rIp@|e_n2eQ|(tZ2#>
zEd4Wk5O2$SxR2*>AFts)9>YJGw{Txi;q7|~!^q~L1>MsHcvJV^O<jLCcKiJqTz-Ev
zle;e)OMm~bsE|x5TB=K)*9A>;!itYF2Jh1U&L$oG?__d3x!?cqqzv%ZVFcKo3--!?
z^9z3SOn-BeC~%UdRLbvpMy;o89Oi;}kW!j7HQQm_LC%K>{{F4jqJ(p+NyUZNaR!=|
zTJ7zqF@dM7Rn;{0EGJS1RS)TJ$o+PGa%A8Q9~nnq92>5gOS-YjCg|HB#bMyVz@Hm-
z)xni-*!cs+E4^u;-flK&H+C&I>DNQB(UQz_n!%x#s5Vx5%cNrE5)tR<Lmh;hQMd0d
zyx*Wc8|42c(DpWu0@-E%KYiS_|DQcMz32aTQU<tyMS$%L|20<Hhr_FNMW^sXMSiR4
z-f6&L@cIYvfnW&taROV*5dEXw@9yHiCXdg0{{Q32$vyqwMH!?$g8;i20M@!urXO;G
zK!Wi-tt%_>*aTlK{<Ttk%^Mrh1fYmmQe}diYz;|snkp`gyti+f;EgTXo9F8zm{l|1
zch0T)^pC*arTusEq?iA3c5;3n|8pm$?d@t1)wu4=pX!R^>0iy+T`2DxPac@G4_W7`
z9g|H;AVQF}F&hg??FnPkXpG-zWg_LJqHmRZ;^-!{Hgju#lW>?(ts-EU!O^x)(1dkp
zw85ioUc`_tcPTj!8bI`0!3&I#Jakb;hdyKO2-`S<_ibY&90h$;`HogjcDG_<G!M-p
z1@P(S_hlq~`Zt=>UFQD|_<tTx?$7_blQKXR76E+Psmp~hWosg7P-RDgt*<<kHR?0*
zO$%XU^p>>QUGX?}T-9azfg{QZD>miF2K557#$cZ8u5nwF%7Y;rN>HsDGP#9Q<>58m
zY_zrnEG8IZ2cX6%WeP1Swf>d~ROVV0@69WJrDFMivZ8sxmL(VT_WRf+|D7Lq`TxoJ
z`ThA1cTx`E6;X<c62m(U2Ef&dmf+8Ku1I=8mb5tzR@N2jX&_fL&(Y5d1ySjWmCKP<
zsfc2i6!Tny=cLS{11Raz9F25n{Khmh-thnLD1jf!d=0$BFEvP-#o@6^NtAs1`ps*_
z1&t2eA=JM-dkq;AGD?<AJ;MJR@S|k@yLg2EcMn#}NBV#6r@Sm5H4V*4dQn$+pskEP
zPvlh<eV)w8Mf7>1iYog2|Bnvf7a|z1CA|3dxr~xZ@Ly@FqJ(9XJTmnJ|MjoP=PdpI
z`26X&-#<@^>{Ilyo&L|BoSvO^=>Pc1@jd<DNpVy#g`ZZ`L^A#z4{!&Jhp-x*$>3)a
zGAh}!q?u+G1-YQW6i^}=6&U@q<~2r%Yu14}qC4&#TQ(ty(i|RJ34V#%idMpyV${a(
z2)f8=s$fo~^1(t<t9C)4kbx(omo(>9K}$7?3UZ;D6;rSvQnlf^5=_~+CEfeM0sO=&
z8AVTFL9alu${c%r#l?k*C{imoEm1UvZz!Zh&_$ga&R9!4=e90WlU;~#yU19Vxs0hY
zhdH~TFdNP>o*g9-=xJYLIJ**TxugQ>@`{v-W>8m4LG%o90V{GzfvXi2AX!F%E*3O3
zQ(2lwqKv0C&IDXxI2O!)eE!epPhUSDzkK@r^BEA?3*@rKFEb-Qx-%XA!OBcVQ83$0
zT-YTMj4D*={TUD!y8Z}tS(q8Oz)Vm2?6o3FPugp$W=Zrf7heXFHy{*TDi;}s4Vlb>
zD?J~2R&%N(uA)Y=e2q(l>l3LJEo?AY3zX1EA?P5&7InJnV@YJedow4JrElC($I^l-
zn|@?sR*mF2zj8Q+iLn;xdBzs&=+{~*xYDE0RZ2>;5rWQZrPovAkm8W?Y7Ip2y38Qw
z3cH(gmQ#VF&_lG4>qYgjG^5mw7rHA8e-OQgQ;3Ef3!Pfg2(2T&%Atm5xzf{;k`m_B
zNcKlK!~k2EY`(!zJ6hW8i^wMDx7r=y#8MOUJ&mH-Y_=vvK5QQK2Gqlxq0J>O)+Wf%
zy*cVxaJn_H!U3LUuirPu5WB#_8LS&@Sy4epK$E2wY?^elgW%M;1EWaQQt@JHo<;}u
zxVQuG=IR5J*J~}*Urt)e&ulh}qL<t)2L?#C2R>`2#F3i1;=x%47%e}>6%m{(XEuYw
zTGk}b*Dy<FM_A=)$0BB99}(A9)MW>oZWzj8ex@`#%vr(g(Uq1!zvE4dIhzY2);`oS
zz%-3J7;LFDrjkf=$eaQZOJqt0n`U}>XP$BDb}(*Kb7(FuED<2C;lVPcRH9C`o*EHA
z)Zn7ADY~{TFig5^Ad8O<Hp?V7&pDGCCn{b_HqTAStDt2@g`2g8)*R<)F9Xs%6-!;8
zl<Q_n6L@OqQ%{eibYuospna4n&0^LOC32070COpU0P-KrN-dxsVYf36P22rs%`o#a
zdQQ?6Finzr;%H`Q*0*o=_f)XCNl#cJL;^CZ2+LtkbAE-J#X)a2cg=B=D7tlYIEV$;
zd{vLonk7t>t)pLb79BpzYt6r3yc)qvo?*WG2>!`Q_6^BNnNo2C1<9y2BGrQErJZX^
z8Sp*LqA|QA1<jC#VYX7Ln)y#@2D~(HzMLQ+#?u6nD%|LHIGe7oM|=61W@e94DNcj8
z$+%<@WE{;Ao6XEMxi!sEnjgw=@#>x3T(?#2gVS}#x*0eKm~}XA<X?&d$uc~R3WJh8
zYli*G0T_2%!xn5tj!jZDu0_EWPkBDo;%e^Qm4><R*%2I=dyu3Z#SFim`CMqrPWucv
z37nm>XgNDi&U?;IeB`RLf>bi7|J7Hgy${SY?;PE8D9YXX(wRKBHm<#)=?nM1@pwGw
zAl{6CS9HDy{)M$Z9R04YuHa9Fepgple<1eh-eH@keOR=?G=Vw4q<tyojk@A*T(5Gf
z1$#R8Q0T3RAkMf)cB@9EfE5}JQYtM6Dctaf#23~cFrWWQQ>_E7Sh|Y5G_|5;KAi~0
zq;Ctw;~Wj+z{>=_*PYw>Qmmk(Xy&keX46<qCWjR)6Zoc9ev@|>jxZyuWVr53*@0P)
zscqd#$9D3V47m2zh>H-{!{d>08?wVPCy$y8K>KJsNsbe<s7=D(Pb|;rAQ?j#9bx|%
zW1@<qu<+s7buz#~@07s}&%~yI42;?Ysd(`MS=b-D9F8tOU^V&-<;L{hpAn?`Kn841
zqV9-+!HYg`@RDF4(j@S+mb*(ztSGqRJR50Zsx@bub<f_O!J(uSN-cz2R(F&{(Kl<y
z#YdL(8>;|{nO2%=;DeA;SQfoYtkYY_EYeJDwuf|Q4KQ|F%_TQ-owdq1^hG_Xk>a(0
z$roV~amkhcFtDRYqk*L>OoGm8R9&3?XcQqggp|~7f6#1-rJAAIOB*Ymp#z{qwZ>gn
zfWl~yyIsqjqGfopd2e$MUT)soyJw?sRq7k$8Px0j;a+CEvK4)1A3o!Csk;8-E{-=S
z*GBOG6*ucT&zedapx_*h$YLXDOZHsA>_-C~8qeT`f)&p*vv?cyBX6(4%}qIhqd9yv
z8pF>>My(q*Q0s7NAAW(4^;1!oBd?YP-MU$Ihydmjmv`ZA{+L3!WaV4SR+dwcN^4<;
z=LC0tyjZ;C>Xo39mddmmjp6y*Mw%&msu_`iKK4(tmU?Rq6D=ECowe4^dbfYf{tw`F
z`|gAt*BA^R1<>4TvSnC7wWDnjkz2pqJ!(%V;aGEaNlPl_E5YYDP>llLQDw#z9;R0{
z*T0aA-SC?&a;+288p0mb!;R2stvijeHrmE36o-mewYAn#c*V2V6-^(?W&u$+H3qa=
zk|m9X?6Hy+EGNPdz3~)yR3G(?#AOx<x}XB1RJtZ(+qdkjk)baKmJzjgiR?}NzR+$M
zjRx&Xe`GjL5<QimCzkP2?{j(uMt<kas9={`_(pF-hmp<wzK<MJZ?sX%jbvCIPJr)!
zq<NFs1M578%G@=?N`sNcXY|lrj!I<Iw&0=h4iCjHfmc)z#c>hrPTY)A&?S>ftVdw4
zM<kI;X-5FK@OLZ1)6%S;!#loc%vd;oxJXU%Jw;xLhIqs69VF7tv|ojX5)<Q?pjn?)
zjsh7aLK)?fiZwKF@^F|EXnDy5FO7lsY3bpe1-A*$^z1~<TtbRa=bT?a&Mrc}>o<|1
zEu_7HY}`ItNq}h0w)`)x>M0ygCWXCaroh&ZPrm$~Mcrh<ZFN0sXmmMIm)^i`7>30b
zwG!xCL1mAKoKX=H?FM~spX+tD>KqO84b_h3=`PLV26{%&)kj?C(*bzbHfAp!L(G^4
zGKDU^3&lFZg@vNKrMS}CCS2*B*V@yWz=!j7MgkD1T@L*IZDmcfoty`=8r{9@<ALp@
z%DPEusKu2wCAiY1o~GG$%I*Gb42aw2LYKa{ZJ!T_+of?`qP%S)Lxa6pSwC!qo+@{y
z0}8i>IfV@NW-3o``%F)SYTj)Y3_G{iICA-&)^Z9d(Wpe!ik8Iv`nAqk^NyEv3h&46
zc;w`7ET=O0jw*;3ET_kbdaL3={pJUE6xRl`lY?Yu@69FQ=2q|!`0ibyTUnQ%ijZ^p
zhquVMnvS}tXHo}y4lNtjuo>xG<ip+=XWEoE!!?%|Ip8VB7uy`=O-5xK#ooQM$AH8s
zQ8B!S`QtNMruGDGyY^cvIh5F1X+Jy-zxil{{rAb=CINW%Cj#=zcdII0f203fz4-1w
z)%?4k>u1ZazxK0&m0P*4I}CkT2SPiaesYUAYrAOW({{1fo{-%^U-z`7GK7&aOLl1l
zaROH~&&LLNGMK$^?K!j_Sq;I&iUcmwj+*VdYzc-|F4D^#h0VAq0N<Rk>ATKD4|OOn
zn%Ah_ap`QEIQwJUW0Lcf<U<F^U-<B*gz-o2VDU63QigVmb~TmDF-h?p1|@15y93j8
zzs==U(>4ral^Ywj2XYgbxR^I!2L3qp9yf4rHnW4?QSAE@+RiHgLPGgu6W^mi+f+z`
z_R%fUpzEY}Yk<24U>N<j-UqPj{Qp4!dUbo!WFrZB9Nme5;O}VLgvecnGkD_0EQ+?j
z?-IU^?n7T|G#fljCfr$hpqy{zN6~EHtdZF?irxpJDAovmhwt_&-=gufLe2bU<$d%X
z#+wRkd3U=7;TXy`a`W-86-9#t7w90+oEj5{NRWgCHoXd7EMP%$Nk<+>n#8M_akrxV
zqx3mMz)Gno$$D_KPPKveFnb+5m>FyLrzl-Gf+L4;KAz%lDD;B`7yViIL~!64Ma^4y
zt$*{yC+mL`9NqM>7Yn<;WFy!_z4kCiBRHEl*&+N`nc#ElsbbP%nu8-6mL_1QG_jkj
zv}B85w3=U9f|!EdeL4p-O)-?Xb%fOvexxM(mtcziP@?x&uiO;A{EpptlizSAQ*X;3
zuD4kL*m2g=jpXiaXMk;$ng@Xhcksaqx454V1F+#xvT<)&_dRn=FZ|$fUK({`zp1_=
zLNSuV(^oIx2Q;tCDEilmmYBhy<?A3SziZtmYgjOQ<6`5hGxUW1h((=);*pQ5MJv7Z
zu|XA0ZE)xF^70oVqUdL71ab4*H|2enjcwn#H6<&moGqNqc&#D0pzAS`Y82RuF_S>k
z6lOO#PXsy_jam#uS^^Ig<e&ctKiyx~*M`~1{$@{1MQ-1S(z%;aFVHj^hP{0$v;jZ<
z&-0&O$41#lP`7^CHeJL|fBO6LmrrAet)6V)h>hyrANepJN|I!+)xd$d-OR<mXy^ku
z+FnU*%v$Z52G(xf=2~M{hOReu1urr-qwBn}p;65=;IJ%DH~_;;8)`Ja`_$O-Njiem
zwH(HH8ytH72D!BrAN~R~X93+#aQ%}EEb^HrvHPPSmBGKGCdGYgi+F~BZOa^V6jzt2
z#o+;!<0H_yH_$D|BD6;n4ZV!on5}_tG{zg8DBy<M;A&`a+APt9dsEw~i7s8V`wZ!9
z*4_MJs@qNt?UN{CJJqU2Qwq$<Gp7~Jyjs+Ub%!u6sTu_$v}?!i^#0NuD_fgmolyY!
z+2vxkvpn2B(OG5xxS^Bgeh^~XwYNw&C&|wc@n*1KG|wVdw$6Wd_hDG~JxcPJLaE0Q
z5X#;cf_cmgf~MF4r48j22(31-a*@{<3&BEyJb*Bk&~K$UwGVs2e&#aR@F4N)>xT(?
zN1}F^IWb8?o+ivO@KRyio?Wga>fcBmOI{esHI7_1zP&Klp8npwQ97;!9ml>dMx)Cn
zpuKxxbUc>z0^7ES!FRGCje|QfXNzmr(C@Dr$HDWa;Y!AB<%f6K-*`NZ4w`^77juC<
znia3Au^x|~1r6=El9By1h~FRCJT7w`dAuT3wH{Zb%t(w=Z)`{L6&G2BhEUr>P;u;E
zhV0s>LxyQ=coe$PYZaWI1-Av*P;|&Cxug=l(#wTGFeHzfS_rI3Gi1Nh%;5?vml}QQ
zCW*`%%6vMf)~YoZcJV6ws<bgHolU#haRU<B`;OycJ(j9oEQVqv`)tDHHxF|Q_tvNY
zB~GZPtOh~tUC)wU(sJx)Dw24KjxhpaTt(^mnoT3dc96St&Lhinuj}-$iXLEfTe7MQ
zaJ#Q(^|whk%xEL_hi$fWRM*(}*L;%Auilz=Y=BcPIk2MAlas-GZ5X_{PXO<-Fo*It
zu~#O@=ZfaJ{&&7^ETmm-)5}^lIp^$>LP6fLqAnn(<x;H%DWY{{#t2P6=VzVd!GSI1
z=G#el*T{}tW1mAIZ*{}yY!<h+G2C=hxWR_-QJcZgM)1dP0-IR<|55h7i?!dFtvji#
zL#qC<lkgj2MZ)xkzg8L=3FJNRRPJ8pFDSM0zO}n0idWOtiIMoUFCh6i3)D2+uF~AM
zWA&mjc<`+^EOCi_7j*pyk<MnEyYvfJFLY=QR1RLdFIJpiOtI%fd8F&;2Z!<qd3ZBv
zojc=3VN)Y>ndQjl%(b?-t;xUJ&gM1eNyds-F)HlMp}lrTm@{t7IvcV$Z_reQVIH03
zYQ63)=236Ubmxcq@y!`;5<ab4pkrpXcMKLp8MBVLV{mS+7{n(fOE0FNXu2x7<kgDH
zA-DB{i-PDc8OPtjS)@}SB3-ddih&4vtu=eHcb7&{WkU4&xcVPj%V-BT?B}(%M1uf{
zd$#o!f;V>Z*ci&=wxv7{4~vOI3%qM4FuJ>Y8w-1HqrbUv?rv^u<~0r{HXfSUIGD<K
z3bCC`(@1RQT|b{QZl85-XpMvEjuBb=vxakhhm+JAB`$H8S865I=3EKf`2G1UjiVcn
zI-toi8H$YL!ax0$&u2&IRyCOcyg7~tPua2Hx!tOu1dlDEYhWdgI`U%i%*@ej1hZfe
z`e#cxG^}W*m%!@svLoHOD>{Q<0RIS7ElP>mzZI}jaZK(Fxa}^!HiifK)9KgdhSC^O
zGKTor7?gRL#Sovw5UUjv`tQ>%$8$HAiDIMUouaxUfa5qaolSLT5%x9Jef2ld&NZIh
zNeSKzUNO39axf#rKsLyt2kt!IIXWZ^Hzy(*po&ctVX47?YssNE8HhD)X~G~<7@vmz
zrAt~el(Mx1Wwe-bX*R=~Z+-4+>4sg5TGvePo|<i}r`=Y6(C*UJZb-9x?8K;G`J3E5
zq&6#lkATXQRL03Yr%_IqBsb?~1-3L?gnfhr2f$ue#p0;`=5m1$yxD^DnGvxpfG|5w
zPLk8{oGOx>pMP<Da(XtiIXoEuVUE`sgkiz?xb^iL{k7@$u+c|nUtmOmR>X2MelKn7
lnJ|Ml^1{(y@mR+Da$oMtefi|&{{;X5|Nqkw2W$Ye003Q6T!8=p

literal 0
HcmV?d00001

diff --git a/infra/charts/feast/charts/feast-core/requirements.lock b/infra/charts/feast/charts/feast-core/requirements.lock
new file mode 100644
index 00000000000..ff153c242e2
--- /dev/null
+++ b/infra/charts/feast/charts/feast-core/requirements.lock
@@ -0,0 +1,15 @@
+dependencies:
+- name: postgresql
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 6.5.5
+- name: kafka
+  repository: https://kubernetes-charts-incubator.storage.googleapis.com
+  version: 0.20.1
+- name: common
+  repository: https://kubernetes-charts-incubator.storage.googleapis.com
+  version: 0.0.5
+- name: prometheus-statsd-exporter
+  repository: ""
+  version: 0.1.2
+digest: sha256:03806d8d6fc3ffd70c5ca1026544277b69de361180a384c5b45eb110f0080baa
+generated: "2020-02-13T17:50:23.985561Z"
diff --git a/infra/charts/feast/charts/feast-core/templates/deployment.yaml b/infra/charts/feast/charts/feast-core/templates/deployment.yaml
index df834b6749e..daa69f4782c 100644
--- a/infra/charts/feast/charts/feast-core/templates/deployment.yaml
+++ b/infra/charts/feast/charts/feast-core/templates/deployment.yaml
@@ -18,8 +18,12 @@ spec:
       release: {{ .Release.Name }}
   template:
     metadata:
-      {{- if .Values.prometheus.enabled }}
       annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- if .Values.springSecretProfiles }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        {{- end }}
+      {{- if .Values.prometheus.enabled }}
       {{ $config := index .Values "application.yaml" }}
         prometheus.io/path: /metrics
         prometheus.io/port: "{{ $config.server.port }}"
@@ -37,8 +41,14 @@ spec:
 
       volumes:
       - name: {{ template "feast-core.fullname" . }}-config
-        configMap:
-          name: {{ template "feast-core.fullname" . }}
+        projected:
+          sources:
+            - configMap:
+                name: {{ template "feast-core.fullname" . }}
+            {{- if .Values.springSecretProfiles }}
+            - secret:
+                name: {{ template "feast-core.fullname" . }}
+            {{- end }}
       {{- if .Values.gcpServiceAccount.useExistingSecret }}
       - name: {{ template "feast-core.fullname" . }}-gcpserviceaccount
         secret:
@@ -89,7 +99,8 @@ spec:
         - -jar
         - {{ .Values.jarPath | quote }}
         - "--spring.config.location=file:{{ .Values.springConfigMountPath }}/"
-        {{- $profilesArray := splitList "," .Values.springConfigProfilesActive -}}
+        {{- $combinedProfiles := printf "%s,%s" .Values.springConfigProfilesActive .Values.springSecretProfilesActive -}}
+        {{- $profilesArray := splitList "," $combinedProfiles -}}
         {{- $profilesArray = append $profilesArray (.Values.postgresql.enabled | ternary "bundled-postgresql" "") -}}
         {{- $profilesArray = append $profilesArray (.Values.kafka.enabled | ternary "bundled-kafka" "") -}}
         {{- $profilesArray = append $profilesArray (index .Values "prometheus-statsd-exporter" "enabled" | ternary "bundled-statsd" "") -}}
diff --git a/infra/charts/feast/charts/feast-core/templates/secret.yaml b/infra/charts/feast/charts/feast-core/templates/secret.yaml
new file mode 100644
index 00000000000..dc4883dd4d6
--- /dev/null
+++ b/infra/charts/feast/charts/feast-core/templates/secret.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.springSecretProfiles -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "feast-core.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "feast-core.name" . }}
+    component: core
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{- range $name, $content := .Values.springSecretProfiles }}
+  application-{{ $name }}.yaml: |
+{{- toYaml $content | b64enc | nindent 4 }}
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/infra/charts/feast/charts/feast-core/values.yaml b/infra/charts/feast/charts/feast-core/values.yaml
index 077906dc35d..2224a591a99 100644
--- a/infra/charts/feast/charts/feast-core/values.yaml
+++ b/infra/charts/feast/charts/feast-core/values.yaml
@@ -120,12 +120,14 @@ application.yaml:
           port: 8125
 
 springConfigProfiles: {}
+springSecretProfiles: {}
 #  db: |
 #    spring:
 #      datasource:
 #        driverClassName: org.postgresql.Driver
 #        url: jdbc:postgresql://${DB_HOST:127.0.0.1}:${DB_PORT:5432}/${DB_DATABASE:postgres}
 springConfigProfilesActive: ""
+springSecretProfilesActive: ""
 # springConfigMountPath is the directory path where application.yaml will be
 # mounted in the container.
 springConfigMountPath: /etc/feast/feast-core
diff --git a/infra/charts/feast/charts/feast-serving/charts/common-0.0.5.tgz b/infra/charts/feast/charts/feast-serving/charts/common-0.0.5.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ca0a64ae31477b801f86d8e7ddd4d0adc254deaa
GIT binary patch
literal 8347
zcmV;MAY|VkiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMYMbKEwvFr3f)75!2^Wht4VM>ji}s#G1v@n&7Saa?hdt=%sk
z42hXRL=p@DN}kwyfBREtTnJv~B3o9HvqDv34G97bpu5pmAmv5D%SX>vM5ts<iu|+N
zFO$h+^5py+|D8-G-G3*iPfq>c`26_f^nCIed;(DVrIw0_&nA<PZKpf9zeph!`-KY0
zcsYg3<A_w1|2at}$$6AfnF>}ZeDn;l1yYSI^P1%uE0>V+qT(ejl>|~|u%dZIg^X6b
zpi@{WRmth2M=P2aiCjemVWlFhq(V-kG0=jrd<u%DtCCAzt+@Q(rGA#Ayodlwq8kZc
zHy@F#B<26knJP)aTJ<Zj&Undc8JXV($)n5m$o}Z5|5Fr8|Cc1Msr*C?U>E(L9G`UQ
z|NP10d-}hNasc1b1*vld1_fZjg{2pnL<jKGib-G+2>ko$_x~I(xG0EHG=l}psjl!X
zO>-hBQl3F0s0b4h6o<L~TS}S%D;0+|uLUStR5?);TQ}s1U)_`AA5tv+`&D`L2AR8{
zi$qno#0z%O|Jiw${?8{*&hP2}F3P)iV|es=WY8dSYY&xRxSyM?9_bV}ce{lqQS?GV
z#;JsYm8>8+P??fSivya0)RF=#;UD#!ijpcSAt!U1%Or}Pza>SLQ{c6#YBh}_fZsX4
zptPc5e4LylrxCyv7g;5!l;hLnBsqR_GC6)SIXV6+iavh?<Lm24gPqX@D=EYs*kh~!
zpsNU4<s_vLe-T6cCWgewxmLu1_hy_6i2p~9|3~`wFZFO;H?+*~?>~B_K1~^*e_k%w
zvLMy1Ndr6O|HnQ0Kbzds|DBW}Lh=Zps@zahM@zV1Wu}z@UGIBRMepAEZQZw0P(?DL
zNDK*FUq|}SDZFcw)V9uJU!&J_tyrEER4i!>hoq`>bIAtqkN!*O_(RJe{Tl`C&glQi
z*?EutPmk~E|1Qcf30eg3^l#+!ckfyo<n?vL3bLeAi1nLaj0%a55<x32nc`v%*VohD
zYeklDeI1+cU)6d3isvj{n=V>4EB{jWS8<`xZeRdfDOE)P9^hA8s409oi3F9r7Acie
z<W2nFq{w~4{w2HzR%WzRa01u+a3<4B!<im^4rxw_fRbK8t}9D!n<PpL7*||eNJzO5
zG*$T;0_g=MkGzDqX^xd?US~JpbHOqlHG}!`CM>T{{~4`vzAk8aYxcmM^ncph{~w>6
z-qZhGlmSE!5MWRMpl=l|^`G+5<?);<;sk<k{fGNV1hS&(Gy-2w{|(?OnO|V_2KNhq
zR26cGUhA48*p^*gL32u^Wn4d+ABJ_khu><hsH^Ni(Z!RM?{ut3)1}Q0lT1SL+s#Xw
zDgIzFr?W~QD(Cd+pO%-GMBJYCzmxutPbXdaKRbVNPycsP29VPt09xfjW%>bH0j6Ig
zqQ8X%CgDqC`U~D3<6Cc&fA`KdfS+J(e3)7DV;s9S0^$tud5DfIs2!zYA8=Eryu9qx
zIv%X`54sL3o$MUj-vloV0}0#skuDrpX})ZO;`!GFU3cDVAoiaWNmD`9{xf3gZ=DWP
z<s;_8H!wI60R;V7X!^d_=Wem|`TwHMbG;^aX8%1o@7sTm@9jT#Q>^{hExP3;5(vne
zDKgL3P?zkt+BkU7xJ$rkP%vLZ%8NNGS-FhViaL?2F&OKIjSV@8qMue2DnTy^%UQXE
zD<(5u0F$6r#8i?XSG>+M;AOsc@)(fu?<1Iuzk({SC1hN|VRD3BWJIpuaC|hvU*_AW
z<O=B9l+p|ypCSY#RaD3%ie3>x3aU`Ti^g6pbW`xdB^82YbP7Kj>#;P0;6+s{nwg<p
zF|`7<ViK0@l9u>zpsiPeF4)^Cn16!`%bd?i-mCW=KGyTouI}o+t`}I({JXh5SI@R5
zO?8}mQdK#l8E}zN0ZdLIUWUEG7tJ3y)GzGk@C7Wx=He*&S)%&?(6I1$P>OXRX&HHZ
zeH}mCV#4=zn=Qw7IsMuT3Wpg>)lp~U;Vw1T2pE3QHS)Jqfxx11v=JA==9iUdHLnGi
z!Q~7;>VGqgDy`kNUhMeBEOQIE{zqNl`X4#50O!dL5Fs{GiGY}vyC1!WoL^A^??H*W
zOyT?t|73;jBp$~-y(DV8ocwlU*$l}t&3yzZHD9o(r#RAJz=@EPXs$snEP+Z5P~~YG
zh=fiT+q_2|FdDIGJ4Rn$kKesRV4vpIioC1~c;aUz82F!7PU-LetXv8zZ!;ETr~Y@`
zjsH47KEAjA-booC1&07PGyc3VU+rW0F&u;~8dI<Bk(4DjmQ!i!1rLn6Fkp$nIyBze
zm^aRxHT_$%bhaN+=M+0ZzcDG76dtU&RGKk%o7T@Qgk#V@jEaKQt>&^)s&X1mMbxUX
zCgIO1Jo09$IY}>QnKd>pttW{~meQ9_HQK_19)uPz|E0Htx5m10;#F>kqw+zMd021L
zTz2{VX3Y9vn^%aL_l~_=DSiI$i1qe1fL-?gv(w`)|35i?a?k(oqO^rExAu?<s<A<<
zfr^wF5t+Bl!-|rOiX?iWf@%-F;r<~=ni}tyR+79X=pul;4A$ii%`TzehmL@94?bvj
z7UwS**eEOjZa^)g{n>vjH`z@8Z-Nc<<7`2@=>Ksq{{PAO<X--}lhUUD73UX$2}u8R
ziWYMby|szw4QW1<wLJN|53Mn0P9Y_EPBX2TJ=`cFA_y_W6_;wvN~uVm#}A|EX}N|=
zlCunff`Y7D(Zvb8rdsz?6pA`mtjZ}?l!gfrh(~d<Mg23q>X)(2RCt7sG}md&2Zm*!
zcVZ7ayc0}amsY5}7{P-}lq!va2oEj-mxqxgFE=?sZk<DIp?}LSKi&+yOaD7QecYk{
z$7lESe>bH~|G4DrcWTWl1TvN?-~tL#;U>PMB^9I<&}&o#xMF#(NfOaEOW+@LZ6B6g
z4afa1n9!<I{5?@B#=RSVep9P-MMb>LT;l-Ui@I(^RnfqVG(v+5j7Ec#d-ivl7tMV9
z6uvS~fd~o<L4T`hsq(dFp`PjO8fhrC7>#^)6a-q`hif&V(pYmv1yg9r4Fe@!8%;8t
zv%LZ;{tJbuzi{dE|J(KbeYS`H@3<HLd3JJgpZ|F$#d5oj@6U6L1sBNc@I7BN?z{wE
zs6ezsj^--QNL9@Y>r22(j|S7A5+qfcuW0^9%5|6|Qjn4@s8rIp@|e_n2eQ|(tZ2#>
zEd4Wk5O2$SxR2*>AFts)9>YJGw{Txi;q7|~!^q~L1>MsHcvJV^O<jLCcKiJqTz-Ev
zle;e)OMm~bsE|x5TB=K)*9A>;!itYF2Jh1U&L$oG?__d3x!?cqqzv%ZVFcKo3--!?
z^9z3SOn-BeC~%UdRLbvpMy;o89Oi;}kW!j7HQQm_LC%K>{{F4jqJ(p+NyUZNaR!=|
zTJ7zqF@dM7Rn;{0EGJS1RS)TJ$o+PGa%A8Q9~nnq92>5gOS-YjCg|HB#bMyVz@Hm-
z)xni-*!cs+E4^u;-flK&H+C&I>DNQB(UQz_n!%x#s5Vx5%cNrE5)tR<Lmh;hQMd0d
zyx*Wc8|42c(DpWu0@-E%KYiS_|DQcMz32aTQU<tyMS$%L|20<Hhr_FNMW^sXMSiR4
z-f6&L@cIYvfnW&taROV*5dEXw@9yHiCXdg0{{Q32$vyqwMH!?$g8;i20M@!urXO;G
zK!Wi-tt%_>*aTlK{<Ttk%^Mrh1fYmmQe}diYz;|snkp`gyti+f;EgTXo9F8zm{l|1
zch0T)^pC*arTusEq?iA3c5;3n|8pm$?d@t1)wu4=pX!R^>0iy+T`2DxPac@G4_W7`
z9g|H;AVQF}F&hg??FnPkXpG-zWg_LJqHmRZ;^-!{Hgju#lW>?(ts-EU!O^x)(1dkp
zw85ioUc`_tcPTj!8bI`0!3&I#Jakb;hdyKO2-`S<_ibY&90h$;`HogjcDG_<G!M-p
z1@P(S_hlq~`Zt=>UFQD|_<tTx?$7_blQKXR76E+Psmp~hWosg7P-RDgt*<<kHR?0*
zO$%XU^p>>QUGX?}T-9azfg{QZD>miF2K557#$cZ8u5nwF%7Y;rN>HsDGP#9Q<>58m
zY_zrnEG8IZ2cX6%WeP1Swf>d~ROVV0@69WJrDFMivZ8sxmL(VT_WRf+|D7Lq`TxoJ
z`ThA1cTx`E6;X<c62m(U2Ef&dmf+8Ku1I=8mb5tzR@N2jX&_fL&(Y5d1ySjWmCKP<
zsfc2i6!Tny=cLS{11Raz9F25n{Khmh-thnLD1jf!d=0$BFEvP-#o@6^NtAs1`ps*_
z1&t2eA=JM-dkq;AGD?<AJ;MJR@S|k@yLg2EcMn#}NBV#6r@Sm5H4V*4dQn$+pskEP
zPvlh<eV)w8Mf7>1iYog2|Bnvf7a|z1CA|3dxr~xZ@Ly@FqJ(9XJTmnJ|MjoP=PdpI
z`26X&-#<@^>{Ilyo&L|BoSvO^=>Pc1@jd<DNpVy#g`ZZ`L^A#z4{!&Jhp-x*$>3)a
zGAh}!q?u+G1-YQW6i^}=6&U@q<~2r%Yu14}qC4&#TQ(ty(i|RJ34V#%idMpyV${a(
z2)f8=s$fo~^1(t<t9C)4kbx(omo(>9K}$7?3UZ;D6;rSvQnlf^5=_~+CEfeM0sO=&
z8AVTFL9alu${c%r#l?k*C{imoEm1UvZz!Zh&_$ga&R9!4=e90WlU;~#yU19Vxs0hY
zhdH~TFdNP>o*g9-=xJYLIJ**TxugQ>@`{v-W>8m4LG%o90V{GzfvXi2AX!F%E*3O3
zQ(2lwqKv0C&IDXxI2O!)eE!epPhUSDzkK@r^BEA?3*@rKFEb-Qx-%XA!OBcVQ83$0
zT-YTMj4D*={TUD!y8Z}tS(q8Oz)Vm2?6o3FPugp$W=Zrf7heXFHy{*TDi;}s4Vlb>
zD?J~2R&%N(uA)Y=e2q(l>l3LJEo?AY3zX1EA?P5&7InJnV@YJedow4JrElC($I^l-
zn|@?sR*mF2zj8Q+iLn;xdBzs&=+{~*xYDE0RZ2>;5rWQZrPovAkm8W?Y7Ip2y38Qw
z3cH(gmQ#VF&_lG4>qYgjG^5mw7rHA8e-OQgQ;3Ef3!Pfg2(2T&%Atm5xzf{;k`m_B
zNcKlK!~k2EY`(!zJ6hW8i^wMDx7r=y#8MOUJ&mH-Y_=vvK5QQK2Gqlxq0J>O)+Wf%
zy*cVxaJn_H!U3LUuirPu5WB#_8LS&@Sy4epK$E2wY?^elgW%M;1EWaQQt@JHo<;}u
zxVQuG=IR5J*J~}*Urt)e&ulh}qL<t)2L?#C2R>`2#F3i1;=x%47%e}>6%m{(XEuYw
zTGk}b*Dy<FM_A=)$0BB99}(A9)MW>oZWzj8ex@`#%vr(g(Uq1!zvE4dIhzY2);`oS
zz%-3J7;LFDrjkf=$eaQZOJqt0n`U}>XP$BDb}(*Kb7(FuED<2C;lVPcRH9C`o*EHA
z)Zn7ADY~{TFig5^Ad8O<Hp?V7&pDGCCn{b_HqTAStDt2@g`2g8)*R<)F9Xs%6-!;8
zl<Q_n6L@OqQ%{eibYuospna4n&0^LOC32070COpU0P-KrN-dxsVYf36P22rs%`o#a
zdQQ?6Finzr;%H`Q*0*o=_f)XCNl#cJL;^CZ2+LtkbAE-J#X)a2cg=B=D7tlYIEV$;
zd{vLonk7t>t)pLb79BpzYt6r3yc)qvo?*WG2>!`Q_6^BNnNo2C1<9y2BGrQErJZX^
z8Sp*LqA|QA1<jC#VYX7Ln)y#@2D~(HzMLQ+#?u6nD%|LHIGe7oM|=61W@e94DNcj8
z$+%<@WE{;Ao6XEMxi!sEnjgw=@#>x3T(?#2gVS}#x*0eKm~}XA<X?&d$uc~R3WJh8
zYli*G0T_2%!xn5tj!jZDu0_EWPkBDo;%e^Qm4><R*%2I=dyu3Z#SFim`CMqrPWucv
z37nm>XgNDi&U?;IeB`RLf>bi7|J7Hgy${SY?;PE8D9YXX(wRKBHm<#)=?nM1@pwGw
zAl{6CS9HDy{)M$Z9R04YuHa9Fepgple<1eh-eH@keOR=?G=Vw4q<tyojk@A*T(5Gf
z1$#R8Q0T3RAkMf)cB@9EfE5}JQYtM6Dctaf#23~cFrWWQQ>_E7Sh|Y5G_|5;KAi~0
zq;Ctw;~Wj+z{>=_*PYw>Qmmk(Xy&keX46<qCWjR)6Zoc9ev@|>jxZyuWVr53*@0P)
zscqd#$9D3V47m2zh>H-{!{d>08?wVPCy$y8K>KJsNsbe<s7=D(Pb|;rAQ?j#9bx|%
zW1@<qu<+s7buz#~@07s}&%~yI42;?Ysd(`MS=b-D9F8tOU^V&-<;L{hpAn?`Kn841
zqV9-+!HYg`@RDF4(j@S+mb*(ztSGqRJR50Zsx@bub<f_O!J(uSN-cz2R(F&{(Kl<y
z#YdL(8>;|{nO2%=;DeA;SQfoYtkYY_EYeJDwuf|Q4KQ|F%_TQ-owdq1^hG_Xk>a(0
z$roV~amkhcFtDRYqk*L>OoGm8R9&3?XcQqggp|~7f6#1-rJAAIOB*Ymp#z{qwZ>gn
zfWl~yyIsqjqGfopd2e$MUT)soyJw?sRq7k$8Px0j;a+CEvK4)1A3o!Csk;8-E{-=S
z*GBOG6*ucT&zedapx_*h$YLXDOZHsA>_-C~8qeT`f)&p*vv?cyBX6(4%}qIhqd9yv
z8pF>>My(q*Q0s7NAAW(4^;1!oBd?YP-MU$Ihydmjmv`ZA{+L3!WaV4SR+dwcN^4<;
z=LC0tyjZ;C>Xo39mddmmjp6y*Mw%&msu_`iKK4(tmU?Rq6D=ECowe4^dbfYf{tw`F
z`|gAt*BA^R1<>4TvSnC7wWDnjkz2pqJ!(%V;aGEaNlPl_E5YYDP>llLQDw#z9;R0{
z*T0aA-SC?&a;+288p0mb!;R2stvijeHrmE36o-mewYAn#c*V2V6-^(?W&u$+H3qa=
zk|m9X?6Hy+EGNPdz3~)yR3G(?#AOx<x}XB1RJtZ(+qdkjk)baKmJzjgiR?}NzR+$M
zjRx&Xe`GjL5<QimCzkP2?{j(uMt<kas9={`_(pF-hmp<wzK<MJZ?sX%jbvCIPJr)!
zq<NFs1M578%G@=?N`sNcXY|lrj!I<Iw&0=h4iCjHfmc)z#c>hrPTY)A&?S>ftVdw4
zM<kI;X-5FK@OLZ1)6%S;!#loc%vd;oxJXU%Jw;xLhIqs69VF7tv|ojX5)<Q?pjn?)
zjsh7aLK)?fiZwKF@^F|EXnDy5FO7lsY3bpe1-A*$^z1~<TtbRa=bT?a&Mrc}>o<|1
zEu_7HY}`ItNq}h0w)`)x>M0ygCWXCaroh&ZPrm$~Mcrh<ZFN0sXmmMIm)^i`7>30b
zwG!xCL1mAKoKX=H?FM~spX+tD>KqO84b_h3=`PLV26{%&)kj?C(*bzbHfAp!L(G^4
zGKDU^3&lFZg@vNKrMS}CCS2*B*V@yWz=!j7MgkD1T@L*IZDmcfoty`=8r{9@<ALp@
z%DPEusKu2wCAiY1o~GG$%I*Gb42aw2LYKa{ZJ!T_+of?`qP%S)Lxa6pSwC!qo+@{y
z0}8i>IfV@NW-3o``%F)SYTj)Y3_G{iICA-&)^Z9d(Wpe!ik8Iv`nAqk^NyEv3h&46
zc;w`7ET=O0jw*;3ET_kbdaL3={pJUE6xRl`lY?Yu@69FQ=2q|!`0ibyTUnQ%ijZ^p
zhquVMnvS}tXHo}y4lNtjuo>xG<ip+=XWEoE!!?%|Ip8VB7uy`=O-5xK#ooQM$AH8s
zQ8B!S`QtNMruGDGyY^cvIh5F1X+Jy-zxil{{rAb=CINW%Cj#=zcdII0f203fz4-1w
z)%?4k>u1ZazxK0&m0P*4I}CkT2SPiaesYUAYrAOW({{1fo{-%^U-z`7GK7&aOLl1l
zaROH~&&LLNGMK$^?K!j_Sq;I&iUcmwj+*VdYzc-|F4D^#h0VAq0N<Rk>ATKD4|OOn
zn%Ah_ap`QEIQwJUW0Lcf<U<F^U-<B*gz-o2VDU63QigVmb~TmDF-h?p1|@15y93j8
zzs==U(>4ral^Ywj2XYgbxR^I!2L3qp9yf4rHnW4?QSAE@+RiHgLPGgu6W^mi+f+z`
z_R%fUpzEY}Yk<24U>N<j-UqPj{Qp4!dUbo!WFrZB9Nme5;O}VLgvecnGkD_0EQ+?j
z?-IU^?n7T|G#fljCfr$hpqy{zN6~EHtdZF?irxpJDAovmhwt_&-=gufLe2bU<$d%X
z#+wRkd3U=7;TXy`a`W-86-9#t7w90+oEj5{NRWgCHoXd7EMP%$Nk<+>n#8M_akrxV
zqx3mMz)Gno$$D_KPPKveFnb+5m>FyLrzl-Gf+L4;KAz%lDD;B`7yViIL~!64Ma^4y
zt$*{yC+mL`9NqM>7Yn<;WFy!_z4kCiBRHEl*&+N`nc#ElsbbP%nu8-6mL_1QG_jkj
zv}B85w3=U9f|!EdeL4p-O)-?Xb%fOvexxM(mtcziP@?x&uiO;A{EpptlizSAQ*X;3
zuD4kL*m2g=jpXiaXMk;$ng@Xhcksaqx454V1F+#xvT<)&_dRn=FZ|$fUK({`zp1_=
zLNSuV(^oIx2Q;tCDEilmmYBhy<?A3SziZtmYgjOQ<6`5hGxUW1h((=);*pQ5MJv7Z
zu|XA0ZE)xF^70oVqUdL71ab4*H|2enjcwn#H6<&moGqNqc&#D0pzAS`Y82RuF_S>k
z6lOO#PXsy_jam#uS^^Ig<e&ctKiyx~*M`~1{$@{1MQ-1S(z%;aFVHj^hP{0$v;jZ<
z&-0&O$41#lP`7^CHeJL|fBO6LmrrAet)6V)h>hyrANepJN|I!+)xd$d-OR<mXy^ku
z+FnU*%v$Z52G(xf=2~M{hOReu1urr-qwBn}p;65=;IJ%DH~_;;8)`Ja`_$O-Njiem
zwH(HH8ytH72D!BrAN~R~X93+#aQ%}EEb^HrvHPPSmBGKGCdGYgi+F~BZOa^V6jzt2
z#o+;!<0H_yH_$D|BD6;n4ZV!on5}_tG{zg8DBy<M;A&`a+APt9dsEw~i7s8V`wZ!9
z*4_MJs@qNt?UN{CJJqU2Qwq$<Gp7~Jyjs+Ub%!u6sTu_$v}?!i^#0NuD_fgmolyY!
z+2vxkvpn2B(OG5xxS^Bgeh^~XwYNw&C&|wc@n*1KG|wVdw$6Wd_hDG~JxcPJLaE0Q
z5X#;cf_cmgf~MF4r48j22(31-a*@{<3&BEyJb*Bk&~K$UwGVs2e&#aR@F4N)>xT(?
zN1}F^IWb8?o+ivO@KRyio?Wga>fcBmOI{esHI7_1zP&Klp8npwQ97;!9ml>dMx)Cn
zpuKxxbUc>z0^7ES!FRGCje|QfXNzmr(C@Dr$HDWa;Y!AB<%f6K-*`NZ4w`^77juC<
znia3Au^x|~1r6=El9By1h~FRCJT7w`dAuT3wH{Zb%t(w=Z)`{L6&G2BhEUr>P;u;E
zhV0s>LxyQ=coe$PYZaWI1-Av*P;|&Cxug=l(#wTGFeHzfS_rI3Gi1Nh%;5?vml}QQ
zCW*`%%6vMf)~YoZcJV6ws<bgHolU#haRU<B`;OycJ(j9oEQVqv`)tDHHxF|Q_tvNY
zB~GZPtOh~tUC)wU(sJx)Dw24KjxhpaTt(^mnoT3dc96St&Lhinuj}-$iXLEfTe7MQ
zaJ#Q(^|whk%xEL_hi$fWRM*(}*L;%Auilz=Y=BcPIk2MAlas-GZ5X_{PXO<-Fo*It
zu~#O@=ZfaJ{&&7^ETmm-)5}^lIp^$>LP6fLqAnn(<x;H%DWY{{#t2P6=VzVd!GSI1
z=G#el*T{}tW1mAIZ*{}yY!<h+G2C=hxWR_-QJcZgM)1dP0-IR<|55h7i?!dFtvji#
zL#qC<lkgj2MZ)xkzg8L=3FJNRRPJ8pFDSM0zO}n0idWOtiIMoUFCh6i3)D2+uF~AM
zWA&mjc<`+^EOCi_7j*pyk<MnEyYvfJFLY=QR1RLdFIJpiOtI%fd8F&;2Z!<qd3ZBv
zojc=3VN)Y>ndQjl%(b?-t;xUJ&gM1eNyds-F)HlMp}lrTm@{t7IvcV$Z_reQVIH03
zYQ63)=236Ubmxcq@y!`;5<ab4pkrpXcMKLp8MBVLV{mS+7{n(fOE0FNXu2x7<kgDH
zA-DB{i-PDc8OPtjS)@}SB3-ddih&4vtu=eHcb7&{WkU4&xcVPj%V-BT?B}(%M1uf{
zd$#o!f;V>Z*ci&=wxv7{4~vOI3%qM4FuJ>Y8w-1HqrbUv?rv^u<~0r{HXfSUIGD<K
z3bCC`(@1RQT|b{QZl85-XpMvEjuBb=vxakhhm+JAB`$H8S865I=3EKf`2G1UjiVcn
zI-toi8H$YL!ax0$&u2&IRyCOcyg7~tPua2Hx!tOu1dlDEYhWdgI`U%i%*@ej1hZfe
z`e#cxG^}W*m%!@svLoHOD>{Q<0RIS7ElP>mzZI}jaZK(Fxa}^!HiifK)9KgdhSC^O
zGKTor7?gRL#Sovw5UUjv`tQ>%$8$HAiDIMUouaxUfa5qaolSLT5%x9Jef2ld&NZIh
zNeSKzUNO39axf#rKsLyt2kt!IIXWZ^Hzy(*po&ctVX47?YssNE8HhD)X~G~<7@vmz
zrAt~el(Mx1Wwe-bX*R=~Z+-4+>4sg5TGvePo|<i}r`=Y6(C*UJZb-9x?8K;G`J3E5
zq&6#lkATXQRL03Yr%_IqBsb?~1-3L?gnfhr2f$ue#p0;`=5m1$yxD^DnGvxpfG|5w
zPLk8{oGOx>pMP<Da(XtiIXoEuVUE`sgkiz?xb^iL{k7@$u+c|nUtmOmR>X2MelKn7
lnJ|Ml^1{(y@mR+Da$oMtefi|&{{;X5|Nqkw2W$Ye003Q6T!8=p

literal 0
HcmV?d00001

diff --git a/infra/charts/feast/charts/feast-serving/requirements.lock b/infra/charts/feast/charts/feast-serving/requirements.lock
new file mode 100644
index 00000000000..c08ed1a2554
--- /dev/null
+++ b/infra/charts/feast/charts/feast-serving/requirements.lock
@@ -0,0 +1,9 @@
+dependencies:
+- name: redis
+  repository: https://kubernetes-charts.storage.googleapis.com
+  version: 9.5.0
+- name: common
+  repository: https://kubernetes-charts-incubator.storage.googleapis.com
+  version: 0.0.5
+digest: sha256:2428bcc6aa1c3bda3829720decf833bc99e65da5e1933665e89d3003c44f91eb
+generated: "2020-02-13T17:50:36.99567Z"
diff --git a/infra/charts/feast/charts/feast-serving/templates/configmap-store.yaml b/infra/charts/feast/charts/feast-serving/templates/configmap-store.yaml
new file mode 100644
index 00000000000..2f8d81bee64
--- /dev/null
+++ b/infra/charts/feast/charts/feast-serving/templates/configmap-store.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "feast-serving.fullname" . }}-store
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "feast-serving.name" . }}
+    component: serving
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  store.yaml: |
+    {{- $store := index .Values "store.yaml"}}
+
+    {{- if and .Values.redis.enabled (eq $store.type "REDIS") }}
+
+    {{- if eq .Values.redis.master.service.type "ClusterIP" }}
+    {{- $newConfig := dict "redis_config" (dict "host" (printf "%s-redis-headless" .Release.Name) "port" .Values.redis.redisPort) }}
+    {{- $config := mergeOverwrite $store $newConfig }}
+    {{- end }}
+
+    {{- if and (eq .Values.redis.master.service.type "LoadBalancer") (not (empty .Values.redis.master.service.loadBalancerIP)) }}
+    {{- $newConfig := dict "redis_config" (dict "host" .Values.redis.master.service.loadBalancerIP "port" .Values.redis.redisPort) }}
+    {{- $config := mergeOverwrite $store $newConfig }}
+    {{- end }}
+
+    {{- end }}
+
+    {{- toYaml $store | nindent 4 }}
diff --git a/infra/charts/feast/charts/feast-serving/templates/configmap.yaml b/infra/charts/feast/charts/feast-serving/templates/configmap.yaml
index 934216a9d5f..3775d9f5629 100644
--- a/infra/charts/feast/charts/feast-serving/templates/configmap.yaml
+++ b/infra/charts/feast/charts/feast-serving/templates/configmap.yaml
@@ -28,25 +28,6 @@ data:
           port: 6379
 {{- end }}
 
-  store.yaml: |
-{{- $store := index .Values "store.yaml"}}
-
-{{- if and .Values.redis.enabled (eq $store.type "REDIS") }}
-
-{{- if eq .Values.redis.master.service.type "ClusterIP" }}
-{{- $newConfig := dict "redis_config" (dict "host" (printf "%s-redis-headless" .Release.Name) "port" .Values.redis.redisPort) }}
-{{- $config := mergeOverwrite $store $newConfig }}
-{{- end }}
-
-{{- if and (eq .Values.redis.master.service.type "LoadBalancer") (not (empty .Values.redis.master.service.loadBalancerIP)) }}
-{{- $newConfig := dict "redis_config" (dict "host" .Values.redis.master.service.loadBalancerIP "port" .Values.redis.redisPort) }}
-{{- $config := mergeOverwrite $store $newConfig }}
-{{- end }}
-
-{{- end }}
-
-{{- toYaml $store | nindent 4 }}
-
 {{- range $name, $content := .Values.springConfigProfiles }}
   application-{{ $name }}.yaml: |
 {{- toYaml $content | nindent 4 }}
diff --git a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml
index 64dd3955d0c..1a2e6727583 100644
--- a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml
+++ b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml
@@ -19,6 +19,10 @@ spec:
   template:
     metadata:
       annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- if .Values.springSecretProfiles }}
+        checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }}
+        {{- end }}
       {{- if .Values.prometheus.enabled }}
       {{ $config := index .Values "application.yaml" }}
         prometheus.io/path: /metrics
@@ -37,8 +41,16 @@ spec:
 
       volumes:
       - name: {{ template "feast-serving.fullname" . }}-config
-        configMap:
-          name: {{ template "feast-serving.fullname" . }}
+        projected:
+          sources:
+            - configMap:
+                name: {{ template "feast-serving.fullname" . }}
+            - configMap:
+                name: {{ template "feast-serving.fullname" . }}-store
+            {{- if .Values.springSecretProfiles }}
+            - secret:
+                name: {{ template "feast-serving.fullname" . }}
+            {{- end }}
       {{- if .Values.gcpServiceAccount.useExistingSecret }}
       - name: {{ template "feast-serving.fullname" . }}-gcpserviceaccount
         secret:
@@ -82,7 +94,8 @@ spec:
         - -jar
         - {{ .Values.jarPath | quote }}
         - "--spring.config.location=file:{{ .Values.springConfigMountPath }}/"
-        {{- $profilesArray := splitList "," .Values.springConfigProfilesActive -}}
+        {{- $combinedProfiles := printf "%s,%s" .Values.springConfigProfilesActive .Values.springSecretProfilesActive -}}
+        {{- $profilesArray := splitList "," $combinedProfiles -}}
         {{- $profilesArray = append $profilesArray (.Values.core.enabled | ternary "bundled-core" "") -}}
         {{- $profilesArray = append $profilesArray (eq (include "bq_store_and_no_job_options" .) "true" | ternary "bundled-redis" "") -}}
         {{- $profilesArray = compact $profilesArray -}}
diff --git a/infra/charts/feast/charts/feast-serving/templates/secret.yaml b/infra/charts/feast/charts/feast-serving/templates/secret.yaml
new file mode 100644
index 00000000000..941101ee4b9
--- /dev/null
+++ b/infra/charts/feast/charts/feast-serving/templates/secret.yaml
@@ -0,0 +1,19 @@
+{{- if .Values.springSecretProfiles -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "feast-serving.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: {{ template "feast-serving.name" . }}
+    component: serving
+    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+type: Opaque
+data:
+{{- range $name, $content := .Values.springSecretProfiles }}
+  application-{{ $name }}.yaml: |
+{{- toYaml $content | b64enc | nindent 4 }}
+{{- end }}
+{{- end -}}
\ No newline at end of file
diff --git a/infra/charts/feast/charts/feast-serving/values.yaml b/infra/charts/feast/charts/feast-serving/values.yaml
index 52d10cd7440..fc06c1ae579 100644
--- a/infra/charts/feast/charts/feast-serving/values.yaml
+++ b/infra/charts/feast/charts/feast-serving/values.yaml
@@ -105,12 +105,14 @@ application.yaml:
 #     version: "*"
 
 springConfigProfiles: {}
+springSecretProfiles: {}
 #  db: |
 #    spring:
 #      datasource:
 #        driverClassName: org.postgresql.Driver
 #        url: jdbc:postgresql://${DB_HOST:127.0.0.1}:${DB_PORT:5432}/${DB_DATABASE:postgres}
 springConfigProfilesActive: ""
+springSecretProfilesActive: ""
 # springConfigMountPath is the directory path where application.yaml and
 # store.yaml will be mounted in the container.
 springConfigMountPath: /etc/feast/feast-serving
diff --git a/infra/charts/feast/requirements.lock b/infra/charts/feast/requirements.lock
index e441790dc76..d9aeab16516 100644
--- a/infra/charts/feast/requirements.lock
+++ b/infra/charts/feast/requirements.lock
@@ -1,6 +1,12 @@
 dependencies:
-- name: common
-  repository: https://kubernetes-charts-incubator.storage.googleapis.com
-  version: 0.0.5
-digest: sha256:935bfb09e9ed90ff800826a7df21adaabe3225511c3ad78df44e1a5a60e93f14
-generated: 2019-12-10T14:47:49.57569Z
+- name: feast-core
+  repository: ""
+  version: 0.4.4
+- name: feast-serving
+  repository: ""
+  version: 0.4.4
+- name: feast-serving
+  repository: ""
+  version: 0.4.4
+digest: sha256:1f812168f656d4725f80f52fcf2f919603ca4c69a9b48d62d55ea9271bf4755b
+generated: "2020-02-25T14:15:39.256627Z"