Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optional TLS verification disablement for Datadog scaler #6253

Closed
SomaSharathSurya opened this issue Oct 21, 2024 · 3 comments
Closed

Optional TLS verification disablement for Datadog scaler #6253

SomaSharathSurya opened this issue Oct 21, 2024 · 3 comments
Labels
feature-request All issues for new features that have not been committed to needs-discussion stale All issues that are marked as stale due to inactivity

Comments

@SomaSharathSurya
Copy link

Proposal

I am using the Datadog scaler as described in the documentation: https://keda.sh/docs/2.14/scalers/datadog/. However, I encountered the following TLS issue.

Error:
error establishing Datadog connection: error connecting to Datadog API endpoint: Get "https://api.datadoghq.com/api/v1/validate": tls: failed to verify certificate: x509: certificate signed by unknown authority

I attempted to disable TLS verification by setting unsafeSsl: 'true' in the scaled object, but din't work. It would be helpful if KEDA could offer a way to disable TLS verification directly from the scaled object configuration. For reference, here is the configuration I used:

triggers:
-  authenticationRef:
      name: trigger-auth
    metadata:
      age: '90'
      metricUnavailableValue: '0'
      query: >
        xxxx
      queryValue: '20'
      unsafeSsl: 'true'
    type: datadog
    useCachedMetrics: true

Other information

  • KEDA version being used: v2.14.0

Use-Case

This feature would enable quick testing in development environment without worrying about certificate validation. It would reduce setup complexity by eliminating the need to manage/modify CA certificates during development phase and minimize dependency on cluster administrators

Is this a feature you are interested in implementing yourself?

No

Anything else?

No response
@SomaSharathSurya SomaSharathSurya added feature-request All issues for new features that have not been committed to needs-discussion labels Oct 21, 2024
@wozniakjan
Copy link
Member

wozniakjan commented Oct 21, 2024
edited
Loading

I'd be curious if this is related to https://docs.datadoghq.com/data_security/guide/tls_cert_chain_of_trust/?tab=g1rootcertificateold,
but worth mentioning, the unsafeSsl param for datadog scaler is not read from metadata but only from authParams

keda/pkg/scalers/datadog_scaler.go

Lines 328 to 335 in 4fdf649

meta.unsafeSsl = false
if val, ok := config.AuthParams["unsafeSsl"]; ok {
unsafeSsl, err := strconv.ParseBool(val)
if err != nil {
return nil, fmt.Errorf("error parsing unsafeSsl: %w", err)
}
meta.unsafeSsl = unsafeSsl
}

@stale Stale
Copy link

stale bot commented Dec 21, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale All issues that are marked as stale due to inactivity label Dec 21, 2024
@stale Stale
Copy link

stale bot commented Dec 29, 2024

This issue has been automatically closed due to inactivity.

@stale stale bot closed this as completed Dec 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request All issues for new features that have not been committed to needs-discussion stale All issues that are marked as stale due to inactivity
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wozniakjan @SomaSharathSurya