Skip to content

Commit

Permalink
add grpc authority head override command-line flag
Browse files Browse the repository at this point in the history 
Signed-off-by: Ali Aqel <[email protected]>
  • Loading branch information
@aliaqel-stripe
aliaqel-stripe committed Jan 31, 2024
1 parent cd57dd9 commit 98dd5f1
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 9 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ Here is an overview of all new **experimental** features:

### Improvements

- **General**: Add command-line flag in Adapter to allow override of GRPC Authority Header ([#5449](https://github.com/kedacore/keda/issues/5449))
- **General**: Add OPENTELEMETRY flag in e2e test YAML ([#5375](https://github.com/kedacore/keda/issues/5375))

### Fixes
Expand Down
18 changes: 10 additions & 8 deletions cmd/adapter/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,13 @@ type Adapter struct {
var logger = klogr.New().WithName("keda_metrics_adapter")

var (
adapterClientRequestQPS float32
adapterClientRequestBurst int
metricsAPIServerPort int
disableCompression bool
metricsServiceAddr string
profilingAddr string
adapterClientRequestQPS float32
adapterClientRequestBurst int
metricsAPIServerPort int
disableCompression bool
metricsServiceAddr string
profilingAddr string
metricsServiceGRPCAuthority string
)

func (a *Adapter) makeProvider(ctx context.Context) (provider.ExternalMetricsProvider, <-chan struct{}, error) {
Expand Down Expand Up @@ -123,7 +124,7 @@ func (a *Adapter) makeProvider(ctx context.Context) (provider.ExternalMetricsPro
}

logger.Info("Connecting Metrics Service gRPC client to the server", "address", metricsServiceAddr)
grpcClient, err := metricsservice.NewGrpcClient(metricsServiceAddr, a.SecureServing.ServerCert.CertDirectory)
grpcClient, err := metricsservice.NewGrpcClient(metricsServiceAddr, a.SecureServing.ServerCert.CertDirectory, metricsServiceGRPCAuthority)
if err != nil {
logger.Error(err, "error connecting Metrics Service gRPC client to the server", "address", metricsServiceAddr)
return nil, nil, err
Expand Down Expand Up @@ -232,7 +233,8 @@ func main() {
cmd.Flags().StringVar(&cmd.Message, "msg", "starting adapter...", "startup message")
cmd.Flags().AddGoFlagSet(flag.CommandLine) // make sure we get the klog flags
cmd.Flags().IntVar(&metricsAPIServerPort, "port", 8080, "Set the port for the metrics API server")
cmd.Flags().StringVar(&metricsServiceAddr, "metrics-service-address", generateDefaultMetricsServiceAddr(), "The address of the gRPRC Metrics Service Server.")
cmd.Flags().StringVar(&metricsServiceAddr, "metrics-service-address", generateDefaultMetricsServiceAddr(), "The address of the GRPC Metrics Service Server.")
cmd.Flags().StringVar(&metricsServiceGRPCAuthority, "metrics-service-grpc-authority", "", "Host Authority override for the Metrics Service if the Host Authority is not the same as the address used for the GRPC Metrics Service Server.")
cmd.Flags().StringVar(&profilingAddr, "profiling-bind-address", "", "The address the profiling would be exposed on.")
cmd.Flags().Float32Var(&adapterClientRequestQPS, "kube-api-qps", 20.0, "Set the QPS rate for throttling requests sent to the apiserver")
cmd.Flags().IntVar(&adapterClientRequestBurst, "kube-api-burst", 30, "Set the burst for throttling requests sent to the apiserver")
Expand Down
10 changes: 9 additions & 1 deletion pkg/metricsservice/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ type GrpcClient struct {
connection *grpc.ClientConn
}

func NewGrpcClient(url, certDir string) (*GrpcClient, error) {
func NewGrpcClient(url, certDir, authority string) (*GrpcClient, error) {
defaultConfig := `{
"methodConfig": [{
"timeout": "3s",
Expand All @@ -57,6 +57,14 @@ func NewGrpcClient(url, certDir string) (*GrpcClient, error) {
grpc.WithTransportCredentials(creds),
grpc.WithDefaultServiceConfig(defaultConfig),
}

if authority != "" {
// If an Authority header override is specified, add it to the client so it is set on every request.
// This is useful when the address used to dial the GRPC server does not match any hosts provided in the TLS certificate's
// SAN
opts = append(opts, grpc.WithAuthority(authority))
}

conn, err := grpc.Dial(url, opts...)
if err != nil {
return nil, err
Expand Down

0 comments on commit 98dd5f1

Please sign in to comment.