Skip to content

External Scaler: support server TLS w/o custom CA #6606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 6, 2025
Merged

External Scaler: support server TLS w/o custom CA #6606

merged 1 commit into from
Mar 6, 2025

Conversation

gautierdelorme
Copy link
Contributor

@gautierdelorme gautierdelorme commented Mar 5, 2025
edited
Loading

Currently TLS is enabled only if the ScaledObject's trigger contains a custom CA certificate or enable client TLS. Else it does not use the default TLS config that includes CAs already loaded by the Operator. This is a problem if we have an external scaler presenting a TLS certificate that should be accepted by the Operator without requiring client TLS.

To keep the change backward compatible I've added a new enableTLS parameter that can be set to "true" to enable TLS w/o client TLS or custom CA. The parameter name is consistent with other scalers (e.g. Metrics API, Redis, Kafka...).

Checklist

Relates to kedacore/keda-docs#1547

@gautierdelorme gautierdelorme requested a review from a team as a code owner March 5, 2025 13:54
@gautierdelorme gautierdelorme force-pushed the enable-tls-external-scaler branch from 242c79d to b736e42 Compare March 5, 2025 13:55
gautierdelorme added a commit to gautierdelorme/keda-docs that referenced this pull request Mar 5, 2025
@gautierdelorme
External Scaler: add enableTLS parameter
8628069 
Relates to kedacore/keda#6606

Signed-off-by: Gautier Delorme <gautier.delorme@gmail.com>
@gautierdelorme gautierdelorme mentioned this pull request Mar 5, 2025
Merged
1 task
@gautierdelorme
External Scaler: support server TLS w/o custom CA
31877e2 
Currently TLS is enabled only if the ScaledObject's trigger contains a
custom CA certificate or enable client TLS. Else it does not use the
default TLS config that includes CAs already loaded by the Operator.
This is a problem if we have an external scaler presenting a TLS
certificate that should be accepted by the Operator without requiring
client TLS.

To keep the change backward compatible I've added a new `enableTLS`
parameter that can be set to `"true"` to enable TLS w/o client TLS or
custom CA. The parameter name is consistent with other scalers (e.g.
Metrics API, Redis, Kafka...).

Signed-off-by: Gautier Delorme <gautier.delorme@gmail.com>
@gautierdelorme gautierdelorme force-pushed the enable-tls-external-scaler branch from b736e42 to 31877e2 Compare March 5, 2025 14:13
@JorTurFer
Copy link
Member

JorTurFer commented Mar 5, 2025
edited by github-actions bot
Loading

/run-e2e external
Update: You can check the progress here

zroubalik
zroubalik approved these changes Mar 6, 2025
View reviewed changes
Copy link
Member

@zroubalik zroubalik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

There's minor comment on the docs PR, we can merge this one once the docs PR is fixed.

gautierdelorme added a commit to gautierdelorme/keda-docs that referenced this pull request Mar 6, 2025
@gautierdelorme
External Scaler: add enableTLS parameter
b9baf88 
Relates to kedacore/keda#6606

Signed-off-by: Gautier Delorme <gautier.delorme@gmail.com>
zroubalik pushed a commit to kedacore/keda-docs that referenced this pull request Mar 6, 2025
@gautierdelorme
External Scaler: add enableTLS parameter (#1547)
cdc1705 
Relates to kedacore/keda#6606

Signed-off-by: Gautier Delorme <gautier.delorme@gmail.com>
@zroubalik zroubalik merged commit a636275 into kedacore:main Mar 6, 2025
20 checks passed
@gautierdelorme gautierdelorme deleted the enable-tls-external-scaler branch March 6, 2025 08:21
mittalvaibhav1 pushed a commit to mittalvaibhav1/keda that referenced this pull request Apr 26, 2025
@gautierdelorme @mittalvaibhav1
External Scaler: support server TLS w/o custom CA (kedacore#6606)
e79938b 
Currently TLS is enabled only if the ScaledObject's trigger contains a
custom CA certificate or enable client TLS. Else it does not use the
default TLS config that includes CAs already loaded by the Operator.
This is a problem if we have an external scaler presenting a TLS
certificate that should be accepted by the Operator without requiring
client TLS.

To keep the change backward compatible I've added a new `enableTLS`
parameter that can be set to `"true"` to enable TLS w/o client TLS or
custom CA. The parameter name is consistent with other scalers (e.g.
Metrics API, Redis, Kafka...).

Signed-off-by: Gautier Delorme <gautier.delorme@gmail.com>
Signed-off-by: mittalvaibhav1 <mittalvaibhavandroid@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zroubalik zroubalik zroubalik approved these changes

@JorTurFer JorTurFer JorTurFer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gautierdelorme @JorTurFer @zroubalik