RHOAIENG-12337: Add KServe Logger TLS bundle support

[ruivieira]

Refer to RHOAIENG-12337.

This PR adds support for KServe's InferenceLogger TLS CA bundles.

If a KServe InferenceService is deployed in the same namespace as the TrustyAIService, the operator will:

• Check the configured CA bundle for logging in the global KServe inferenceservice-config CM.
• If the there isn't a CA bundle defined, the operator will add a non-TLS logger to the IS (i.e. http://...)
• If there is a CA bundle defined:
  • If it is already present in the namespace, will be mounted at /etc/tls/kserve on the service and specified with the env var KSERVE_LOGGER_CA_CERT
  • If there is no CA bundle CM defined, it will be created by operator (using OpenShift Serving Certificates) with CM name and CA name as in the global KServe config and mounted on the service as above
  • A TLS logger URL will be created (i.e. https://...)

[openshift-ci-robot]

@ruivieira: This pull request references RHOAIENG-12337 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.18.0" version, but no target version was set.

In response to this:

Refer to RHOAIENG-12337.

This PR adds support for KServe's InferenceLogger TLS CA bundles.

If a KServe InferenceService is deployed in the same namespace as the TrustyAIService, the operator will:

• Check the configured CA bundle for logging in the global KServe inferenceservice-config CM.
• If the there isn't a CA bundle defined, the operator will add a non-TLS logger to the IS (i.e. http://...)
• If there is a CA bundle defined:
• If it is already present in the namespace, will be mounted at /etc/tls/kserve on the service and specified with the env var KSERVE_LOGGER_CA_CERT
• If there is no CA bundle CM defined, it will be created by operator (using OpenShift Serving Certificates) with CM name and CA name as in the global KServe config and mounted on the service as above
• A TLS logger URL will be created (i.e. https://...)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-merge-robot]

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.