Skip to content

RabbitMQ HTTP Triggers ignore provided TLS Configuration #5668

New issue
Jump to bottom
New issue
Jump to bottom
Closed
#5672
Closed
RabbitMQ HTTP Triggers ignore provided TLS Configuration#5668
#5672
Labels
bugSomething isn't working
@nicholass-alcidion

Description

@nicholass-alcidion
nicholass-alcidion
opened on Apr 9, 2024

Report

When configuring a RabbitMQ Trigger with tls=enable and ca=x509cert in the assoicated TriggerAuthentication the provided CA certificate is ignored when the Trigger is in http mode.

This forces the use of unsafeSSL to connect to a TLS only RabbitMQ cluster.

Expected Behavior

Supplied TLS paramters (including CA only) shuold be used for both the HTTP and AMQP connection modes.

Actual Behavior

Trigger fails to active and Events on the ScalledObject and logs from Keda show tls: failed to verify certificate

Steps to Reproduce the Problem

apiVersion: v1
data:
  amqpUri: X==
  httpUri: X==
  tls: ZW5hYmxl
kind: Secret
metadata:
  name: abbitmq-user
  namespace: app
type: opaque
apiVersion: v1
kind: Secret
metadata:
  name: intermediate-ca
  namespace: app
type: kubernetes.io/tls
data:
  ca.crt: PEM Encoded Cluster CA Cert
  tls.crt: PEM Encoded Intermediate CA Cert
  tls.key: PEM Encoded Private
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: rabbitmq
  namespace: app
spec:
  secretTargetRef:
    - parameter: host
      name: rabbitmq-user
      key: httpUri
    - parameter: tls
      name: rabbitmq-user
      key: tls
    - parameter: ca
      name: app-intermediate-ca
      key: "ca.crt"
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
  name: app-component
spec:
  scaleTargetRef:
    name: app-component
  minReplicaCount: 0
  maxReplicaCount: 8
  fallback:
    failureThreshold: 3
    replicas: 2
  triggers:
  - type: rabbitmq
    metadata:
      protocol: http
      queueName: xxxx
      mode: QueueLength
      value: "20"
      vhostName: "xxxx"
    authenticationRef:
      name: rabbitmq
  - type: rabbitmq
    metadata:
      protocol: http
      queueName: xxxx
      mode: MessageRate
      value: "100"
      vhostName: "xxxx"
    authenticationRef:
      name: rabbitmq

Logs from KEDA operator

2024-04-09T04:25:32Z    ERROR   scale_handler   error getting scale decision    {"scaledObject.Namespace": "xxxx", "scaledObject.Name": "xxxx", "scaler": "rabbitMQScaler", "error": "error inspecting rabbitMQ: Get \"https://user:password@rabbitmq.rabbitmq.svc:15671/api/queues/xxxx/xxxx\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}
github.com/kedacore/keda/v2/pkg/scaling.(*scaleHandler).getScalerState
        /workspace/pkg/scaling/scale_handler.go:764
github.com/kedacore/keda/v2/pkg/scaling.(*scaleHandl

KEDA Version

2.13.1

Kubernetes Version

1.29

Platform

Other

Scaler Details

RabbitMQ

Anything else?

No response

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    Roadmap - KEDA Core

    • Status

      Ready To Ship

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions