From e2d2da4d0d61532d16ceb76a7fec308841f19d8a Mon Sep 17 00:00:00 2001 From: Sean Liao Date: Mon, 9 Sep 2024 10:24:08 +0100 Subject: [PATCH] istio compatibility with appProtocol: https (#678) Despite Istio docs stating that setting the name of the port to https should result in the protocol being https (TLS not intercepted), it doesn't appear to work for us, and only works by explicitly setting appProtocol. https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection Signed-off-by: Sean Liao --- keda/templates/metrics-server/service.yaml | 1 + keda/templates/webhooks/service.yaml | 1 + 2 files changed, 2 insertions(+) diff --git a/keda/templates/metrics-server/service.yaml b/keda/templates/metrics-server/service.yaml index bffbcabf..750b682e 100644 --- a/keda/templates/metrics-server/service.yaml +++ b/keda/templates/metrics-server/service.yaml @@ -32,6 +32,7 @@ spec: port: {{ .Values.service.portHttps }} targetPort: {{ .Values.service.portHttpsTarget }} protocol: TCP + appProtocol: https - name: {{ .Values.prometheus.metricServer.portName }} port: {{ .Values.prometheus.metricServer.port }} targetPort: {{ .Values.prometheus.metricServer.port }} diff --git a/keda/templates/webhooks/service.yaml b/keda/templates/webhooks/service.yaml index 4d933d60..8c40bc34 100644 --- a/keda/templates/webhooks/service.yaml +++ b/keda/templates/webhooks/service.yaml @@ -31,6 +31,7 @@ spec: port: 443 protocol: TCP targetPort: {{ .Values.webhooks.port | default 9443 }} + appProtocol: https {{- if .Values.prometheus.webhooks.enabled }} - name: {{ .Values.prometheus.webhooks.serviceMonitor.port }} port: {{ .Values.prometheus.webhooks.port }}