Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: allow configuring min tls for grpc #1497

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions content/docs/2.17/operate/cluster.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,16 @@ The gRPC Metrics Service is part of the KEDA Operator deployment and serves scal
| metrics-service-address | keda-operator.keda.svc.cluster.local:9666 | The address of the gRPC Metrics Service Server |
| metrics-service-grpc-authority | "" | Host Authority override for the Metrics Service if the Host Authority is not the same as the address used for the gRPC Metrics Service Server. This is required for mutual TLS when the identity of the adapter server as presented in its TLS certificate is not the same as the metrics-service-address |

By default, KEDA uses TLS1.3 as a minimum TLS version for GRPC client/server. However, if you need to support another version you can configure it by using the environment variable `KEDA_GRPC_MIN_TLS_VERSION`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
By default, KEDA uses TLS1.3 as a minimum TLS version for GRPC client/server. However, if you need to support another version you can configure it by using the environment variable `KEDA_GRPC_MIN_TLS_VERSION`.
# gRPC TLS min version
By default, KEDA uses TLS1.3 as a minimum TLS version for GRPC client/server. However, if you need to support another version you can configure it by using the environment variable `KEDA_GRPC_MIN_TLS_VERSION`.


For example:

```yaml
- env:
KEDA_GRPC_MIN_TLS_VERSION: TLS12
```


## Configure `MaxConcurrentReconciles` for Controllers

To implement internal controllers KEDA uses the [controller-runtime project](https://github.com/kubernetes-sigs/controller-runtime), that enables configuration of [MaxConcurrentReconciles property](https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/controller#Options), ie. the maximum number of concurrent reconciles which can be run for a controller.
Expand Down