Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove not required insecureSkipTLSVerify #564

Merged
merged 1 commit into from
Jan 17, 2024

Conversation

eumel8
Copy link
Contributor

@eumel8 eumel8 commented Nov 15, 2023

As mentioned here and discussed here the setting of insecureSkipTLSVerify in apiservice.apiregistration.k8s.io will disturb CI/CD pipelines like ArgoCD or, just in our case, Fleet. The adding of caBundle will remove insecureSkipTLSVerify automatically in the cluster. Fleet will state in "modified" instead of "active". Removing this field in Helm solves the issue.

Checklist

  • I have verified that my change is according to the deprecations & breaking changes policy
  • Commits are signed with Developer Certificate of Origin (DCO - learn more)
  • README is updated with new configuration values (if applicable) learn more
  • A PR is opened to update KEDA core (repo) (if applicable, ie. when deployment manifests are modified)

Fixes kedacore/keda#4732

hint: Helm has also this genCa function to generate certificate

Signed-off-by: Frank Kloeker <f.kloeker@telekom.de>
@eumel8 eumel8 requested a review from a team as a code owner November 15, 2023 22:23
@JorTurFer
Copy link
Member

Hello,
We have to merge this in next versions, but currently the reason for having the field is to enforce the false value because cert-controller doesn't remove it when it sets the caBundle and it conflicts

@JorTurFer
Copy link
Member

I think that we can merge this for next version if we can include this PR in KEDA code: open-policy-agent/cert-controller#160

@BojanZelic
Copy link

You can work around this in argocd by ignoring the field in the Application or ApplicationSet

example:

syncPolicy:
  syncOptions:
    - RespectIgnoreDifferences=true
ignoreDifferences:
  - group: apiregistration.k8s.io
    kind: APIService
    jqPathExpressions:
      - .spec.insecureSkipTLSVerify

@JorTurFer
Copy link
Member

JorTurFer commented Jan 17, 2024

I think that it's time to merge this 😄
Thanks for your contribution! ❤️

@JorTurFer JorTurFer enabled auto-merge (squash) January 17, 2024 21:03
@JorTurFer JorTurFer merged commit 641f2b0 into kedacore:main Jan 17, 2024
37 checks passed
JorTurFer pushed a commit to guicholeo/keda that referenced this pull request Jan 18, 2024
Signed-off-by: Frank Kloeker <f.kloeker@telekom.de>
Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
JorTurFer added a commit that referenced this pull request Jan 30, 2024
…uing KEDA TLS certificates (#530)

* feat(keda): ✨ Allow providing own cert-manager issuer in TLS certificate

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* docs(keda): 📝 Generate Helm docs

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix(keda): 🐛 Inject CA from cert-manager Certificate when providing own Issuer

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* refactor(keda): ♻️ Refactor values format

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* revert(keda): ⏪ Revert unnecessary auto-formatting

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore: Improve the CI on PRs to be more efficient (#540)

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix(http-add-on): Refactor the chart for next version (#523)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat(add-on): Supporting streamInterval configuration (#541)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore(add-on): Ship Release 0.6.0 (#543)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore: update versions in README.md (#546)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat: update crd to allow vault secret to handle write operation (#548)

Signed-off-by: Loïs Postula <lois@postu.la>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix the svc name of webhook to avoid breaking istio (#551)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Show only logs with a severity level of ERROR or higher in the stderr (#506)

Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Support profiling for keda components (#549)

Signed-off-by: yuval weber <yuval199985@gmail.com>
Signed-off-by: unknown <yuval199985@gmail.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix TriggerAuthentication - added configuration for validation webhook (#553)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: Declare missing port in KEDA operator (#552)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Allow image registry override for all keda components (#557)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* docs: Clarify that contributors do not have to ship Helm chart (#573)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* add  disable-compression arg for both operator and metrics-server (#554)

Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat: Introduce CloudEventSources CRD and adding ClusterName parameter (#572)

* Add CloudEventSources Crd and ClustetName Parameter

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update keda/values.yaml

Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Fix

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

* Revert unnecessary update

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>

---------

Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* store 2.12.1 package at `main` (#577)

Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: restore http-add-on chart 0.6.0 indexing (#579)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix(add-on): Use 'main' tag for KEDA installation during CI (#582)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* set securityContext for http-add-on chart (#561)

Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix http-add-on operator resources (#567)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix http-add-on verbosity configuration (#568)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore: Adjust RBAC with code (#585)

* chore: Adjust RBAC with code

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>

* fix typo

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>

---------

Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: Don't recreate CA with 8 months until it expires (#586)

Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* feat(ClusterRole): Add RBAC rule to allow access to `LimitRange` (#588)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* remove not required insecureSkipTLSVerify (#564)

Signed-off-by: Frank Kloeker <f.kloeker@telekom.de>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Update templates/webhooks deployment (#590)

Align deployment for extraVolumes and extraVolumesMount for fix problem Error: YAML parse error on keda/templates/webhooks/deployment.yaml: error converting YAML to JSON: yaml: line 96: did not find expected key

Signed-off-by: ferndem <39851927+ferndem@users.noreply.github.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix Prometheus metrics handling for the operator. (#555)

The current state of the Helm chart is slightly confusing, because:
- There's no easy way to really disable prometheus metrics --
  `--enable-prometheus-metrics` defaults to true anthe current code
  either emits `--enable-prometheus-metrics=true` or nothing at all
  (making it `true` once again).
- The `http` container port is actually a `metrics` port (by convention
  from .e.g. webhook), but is present regardless of whether Prometheus
  metrics are enabled or not. To make it less confusing, this PR
  proposes renaming it.

Signed-off-by: Milan Plzik <milan.plzik@grafana.com>
Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Fix Remove app.kubernetes.io/instance label in crd (#556)

Signed-off-by: choisungwook <kgg1959@naver.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Support crd-specific annotations (#584)

* support crd-specific annotations

Signed-off-by: Adam Walford <adamw@speechmatics.com>

* update readme

Signed-off-by: Adam Walford <adamw@speechmatics.com>

* update docs using helm-docs

Signed-off-by: Adam Walford <adamw@speechmatics.com>

---------

Signed-off-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Add ciliumnetworkpolicies (#558)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Add tlsConfig for ServiceMonitor (#591)

Co-authored-by: guicholeo <leo.sanchez@resideo.com>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* Release 2.13.0 (#593)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* fix: Ship v2.13.1 with missing RoleBinding (#595)

Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore(add-on): Apply HTTP Add-on changes on Helm chart (#598)

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* chore(add-on): Release v0.7.0 (#599)

Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

* refactor: Unify cert-manager annotations

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>

---------

Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>
Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl>
Signed-off-by: Loïs Postula <lois@postu.la>
Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com>
Signed-off-by: yuval weber <yuval199985@gmail.com>
Signed-off-by: unknown <yuval199985@gmail.com>
Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com>
Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Signed-off-by: Frank Kloeker <f.kloeker@telekom.de>
Signed-off-by: ferndem <39851927+ferndem@users.noreply.github.com>
Signed-off-by: Milan Plzik <milan.plzik@grafana.com>
Signed-off-by: choisungwook <kgg1959@naver.com>
Signed-off-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz>
Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es>
Co-authored-by: Loïs Postula <lois@postu.la>
Co-authored-by: Roy Gao <137811914+congzhegao@users.noreply.github.com>
Co-authored-by: Adarsh Verma <113962919+Adarsh-verma-14@users.noreply.github.com>
Co-authored-by: yuval weber <yuval199985@gmail.com>
Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com>
Co-authored-by: Radek Fojtik <68660951+radekfojtik@users.noreply.github.com>
Co-authored-by: Quentin Bisson <quentin.bisson@gmail.com>
Co-authored-by: SpiritZhou <iammrzhouzhenghan@gmail.com>
Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>
Co-authored-by: Frank Kloeker <eumel@arcor.de>
Co-authored-by: Andrew <35912177+aballman@users.noreply.github.com>
Co-authored-by: Bhargav Ravuri <bhargav.ravuri@infracloud.io>
Co-authored-by: ferndem <39851927+ferndem@users.noreply.github.com>
Co-authored-by: Milan Plžík <4592597+mplzik@users.noreply.github.com>
Co-authored-by: choisungwook <sungwook0724@lguplus.co.kr>
Co-authored-by: Adam Walford <34867732+awalford16@users.noreply.github.com>
Co-authored-by: Adam Walford <adamw@speechmatics.com>
Co-authored-by: guicholeo <leo.sanchez@resideo.com>
Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Got insecureSkipTLSVerify conflict with caBundle issue after install Keda
3 participants