-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove not required insecureSkipTLSVerify #564
Conversation
Signed-off-by: Frank Kloeker <f.kloeker@telekom.de>
Hello, |
I think that we can merge this for next version if we can include this PR in KEDA code: open-policy-agent/cert-controller#160 |
You can work around this in argocd by ignoring the field in the Application or ApplicationSet example:
|
I think that it's time to merge this 😄 |
Signed-off-by: Frank Kloeker <f.kloeker@telekom.de> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es>
…uing KEDA TLS certificates (#530) * feat(keda): ✨ Allow providing own cert-manager issuer in TLS certificate Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * docs(keda): 📝 Generate Helm docs Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * fix(keda): 🐛 Inject CA from cert-manager Certificate when providing own Issuer Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * refactor(keda): ♻️ Refactor values format Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * revert(keda): ⏪ Revert unnecessary auto-formatting Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * chore: Improve the CI on PRs to be more efficient (#540) Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * fix(http-add-on): Refactor the chart for next version (#523) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * feat(add-on): Supporting streamInterval configuration (#541) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * chore(add-on): Ship Release 0.6.0 (#543) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * chore: update versions in README.md (#546) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * feat: update crd to allow vault secret to handle write operation (#548) Signed-off-by: Loïs Postula <lois@postu.la> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Fix the svc name of webhook to avoid breaking istio (#551) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Show only logs with a severity level of ERROR or higher in the stderr (#506) Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Support profiling for keda components (#549) Signed-off-by: yuval weber <yuval199985@gmail.com> Signed-off-by: unknown <yuval199985@gmail.com> Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Fix TriggerAuthentication - added configuration for validation webhook (#553) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * fix: Declare missing port in KEDA operator (#552) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Allow image registry override for all keda components (#557) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * docs: Clarify that contributors do not have to ship Helm chart (#573) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * add disable-compression arg for both operator and metrics-server (#554) Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * feat: Introduce CloudEventSources CRD and adding ClusterName parameter (#572) * Add CloudEventSources Crd and ClustetName Parameter Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> * Update Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> * Update Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> * Update keda/values.yaml Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com> Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> * Fix Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> * Update Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> * Revert unnecessary update Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> --------- Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * store 2.12.1 package at `main` (#577) Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * fix: restore http-add-on chart 0.6.0 indexing (#579) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * fix(add-on): Use 'main' tag for KEDA installation during CI (#582) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * set securityContext for http-add-on chart (#561) Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Fix http-add-on operator resources (#567) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Fix http-add-on verbosity configuration (#568) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * chore: Adjust RBAC with code (#585) * chore: Adjust RBAC with code Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> * fix typo Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> --------- Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * fix: Don't recreate CA with 8 months until it expires (#586) Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * feat(ClusterRole): Add RBAC rule to allow access to `LimitRange` (#588) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * remove not required insecureSkipTLSVerify (#564) Signed-off-by: Frank Kloeker <f.kloeker@telekom.de> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Update templates/webhooks deployment (#590) Align deployment for extraVolumes and extraVolumesMount for fix problem Error: YAML parse error on keda/templates/webhooks/deployment.yaml: error converting YAML to JSON: yaml: line 96: did not find expected key Signed-off-by: ferndem <39851927+ferndem@users.noreply.github.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Fix Prometheus metrics handling for the operator. (#555) The current state of the Helm chart is slightly confusing, because: - There's no easy way to really disable prometheus metrics -- `--enable-prometheus-metrics` defaults to true anthe current code either emits `--enable-prometheus-metrics=true` or nothing at all (making it `true` once again). - The `http` container port is actually a `metrics` port (by convention from .e.g. webhook), but is present regardless of whether Prometheus metrics are enabled or not. To make it less confusing, this PR proposes renaming it. Signed-off-by: Milan Plzik <milan.plzik@grafana.com> Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Fix Remove app.kubernetes.io/instance label in crd (#556) Signed-off-by: choisungwook <kgg1959@naver.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Support crd-specific annotations (#584) * support crd-specific annotations Signed-off-by: Adam Walford <adamw@speechmatics.com> * update readme Signed-off-by: Adam Walford <adamw@speechmatics.com> * update docs using helm-docs Signed-off-by: Adam Walford <adamw@speechmatics.com> --------- Signed-off-by: Adam Walford <adamw@speechmatics.com> Co-authored-by: Adam Walford <adamw@speechmatics.com> Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Add ciliumnetworkpolicies (#558) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Add tlsConfig for ServiceMonitor (#591) Co-authored-by: guicholeo <leo.sanchez@resideo.com> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * Release 2.13.0 (#593) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * fix: Ship v2.13.1 with missing RoleBinding (#595) Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * chore(add-on): Apply HTTP Add-on changes on Helm chart (#598) Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * chore(add-on): Release v0.7.0 (#599) Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> * refactor: Unify cert-manager annotations Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> --------- Signed-off-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> Signed-off-by: Jorge Turrado <jorge_turrado@hotmail.es> Signed-off-by: Jorge Turrado <jorge.turrado@scrm.lidl> Signed-off-by: Loïs Postula <lois@postu.la> Signed-off-by: Adarsh-verma-14 <t_adarsh.verma@india.nec.com> Signed-off-by: yuval weber <yuval199985@gmail.com> Signed-off-by: unknown <yuval199985@gmail.com> Signed-off-by: SpiritZhou <iammrzhouzhenghan@gmail.com> Signed-off-by: Zbynek Roubalik <zroubalik@gmail.com> Signed-off-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Signed-off-by: Frank Kloeker <f.kloeker@telekom.de> Signed-off-by: ferndem <39851927+ferndem@users.noreply.github.com> Signed-off-by: Milan Plzik <milan.plzik@grafana.com> Signed-off-by: choisungwook <kgg1959@naver.com> Signed-off-by: Adam Walford <adamw@speechmatics.com> Co-authored-by: Dmytro Kovalenko <zerodayyy@zerodayyy.xyz> Co-authored-by: Jorge Turrado Ferrero <Jorge_turrado@hotmail.es> Co-authored-by: Loïs Postula <lois@postu.la> Co-authored-by: Roy Gao <137811914+congzhegao@users.noreply.github.com> Co-authored-by: Adarsh Verma <113962919+Adarsh-verma-14@users.noreply.github.com> Co-authored-by: yuval weber <yuval199985@gmail.com> Co-authored-by: Tom Kerkhove <kerkhove.tom@gmail.com> Co-authored-by: Radek Fojtik <68660951+radekfojtik@users.noreply.github.com> Co-authored-by: Quentin Bisson <quentin.bisson@gmail.com> Co-authored-by: SpiritZhou <iammrzhouzhenghan@gmail.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com> Co-authored-by: Frank Kloeker <eumel@arcor.de> Co-authored-by: Andrew <35912177+aballman@users.noreply.github.com> Co-authored-by: Bhargav Ravuri <bhargav.ravuri@infracloud.io> Co-authored-by: ferndem <39851927+ferndem@users.noreply.github.com> Co-authored-by: Milan Plžík <4592597+mplzik@users.noreply.github.com> Co-authored-by: choisungwook <sungwook0724@lguplus.co.kr> Co-authored-by: Adam Walford <34867732+awalford16@users.noreply.github.com> Co-authored-by: Adam Walford <adamw@speechmatics.com> Co-authored-by: guicholeo <leo.sanchez@resideo.com> Co-authored-by: Jan Wozniak <wozniak.jan@gmail.com>
As mentioned here and discussed here the setting of
insecureSkipTLSVerify
in apiservice.apiregistration.k8s.io will disturb CI/CD pipelines like ArgoCD or, just in our case, Fleet. The adding ofcaBundle
will removeinsecureSkipTLSVerify
automatically in the cluster. Fleet will state in "modified" instead of "active". Removing this field in Helm solves the issue.Checklist
Fixes kedacore/keda#4732
hint: Helm has also this genCa function to generate certificate