When not running on OpenShift, use the certificate generation/rotation
built in to the KEDA operator, and use its single certificate and the
CA certificate which signed it for all of the following:
KEDA operator's gRPC service
Metrics Server (adapter) API service endpoint
Validating admission webhook service endpoint
Client certificate used by the adapter to authenticate against the gRPC service
When running on OpenShift, use OpenShift-generated certificates (and the
cluster's service CA for validation) for each of the following services:
KEDA operator's gRPC service
Metrics Server (adapter) API service endpoint
Validating admission webhook service endpoint
The OLM operator generates CA and a gRPC client certificate for:
The adapter to authenticate itself to the KEDA operator (key/cert)
The KEDA operator's gRPC service to verify clients (the adapter) (CA
cert)
Checklist
[X] Commits are signed with Developer Certificate of Origin (DCO)
jkyros
commented
1 year ago
When not running on OpenShift, use the certificate generation/rotation built in to the KEDA operator, and use its single certificate and the CA certificate which signed it for all of the following:
When running on OpenShift, use OpenShift-generated certificates (and the cluster's service CA for validation) for each of the following services:
The OLM operator generates CA and a gRPC client certificate for:
Checklist