Add Support for Trust Server SSL Certificate (unsafe ssl) for RabbitMQ Scaler #4448
Assignees
Labels
feature-request
All issues for new features that have not been committed to
help wanted
Looking for support from community
needs-discussion
Comments
jade-lucas
added
feature-request
|
@JorTurFer this is the stuff we talked about, right? |
|
This is related, yes (it's not the same because I wanted to integrate the CAs, but we can do both at once) |
|
@zroubalik @JorTurFer this seems similar to the issue that I closed yesterday where I add an extra arg |
6 tasks
7 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposal
Currently TLS is hardcoded to not allow unsafe ssl. This is not ideal for environments that use VIPs, load balancers, wild carded ssl certs, etc. Purposing to add support for the unsafeSsl option for the RabbitMQ scaler. This would help keep parity with other scalers, stay inline with the documentation (https://keda.sh/docs/2.10/operate/security/), and also keep behavior similar to other RabbitMQ clients SDKs. More specifically support for trusting the server ssl certificate. Other RabbitMQ Client SDKs allow you to require ssl, but also allow you to trust the server ssl certificate or only do CA verify.
Use-Case
Allows us to use keda in our environment. We have a load balancer sitting in front of our RMQ cluster that does ssl pass through. Meaning there is no ssl termination at the load balancer. This means that the host attribute in ssl certs coming back from the cluster don't align the host being called by the client, which fails full ssl verification.
Is this a feature you are interested in implementing yourself?
No
Anything else?
No response
The text was updated successfully, but these errors were encountered: