From d0207b4031ea1ee6473489585d062edafad9fbdb Mon Sep 17 00:00:00 2001
From: Sean Liao <sean.liao@snyk.io>
Date: Thu, 15 Aug 2024 11:38:27 +0800
Subject: [PATCH] istio compatibility with appProtocol: https

Despite Istio docs stating that setting the name of the port to https
should result in the protocol being https (TLS not intercepted),
it doesn't appear to work for us, and only works by explicitly setting
appProtocol.

https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection

Signed-off-by: Sean Liao <sean.liao@snyk.io>
---
 keda/templates/metrics-server/service.yaml | 1 +
 keda/templates/webhooks/service.yaml       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/keda/templates/metrics-server/service.yaml b/keda/templates/metrics-server/service.yaml
index bffbcabf..750b682e 100644
--- a/keda/templates/metrics-server/service.yaml
+++ b/keda/templates/metrics-server/service.yaml
@@ -32,6 +32,7 @@ spec:
     port: {{ .Values.service.portHttps }}
     targetPort: {{ .Values.service.portHttpsTarget }}
     protocol: TCP
+    appProtocol: https
   - name: {{ .Values.prometheus.metricServer.portName }}
     port: {{ .Values.prometheus.metricServer.port }}
     targetPort: {{ .Values.prometheus.metricServer.port }}
diff --git a/keda/templates/webhooks/service.yaml b/keda/templates/webhooks/service.yaml
index 4d933d60..8c40bc34 100644
--- a/keda/templates/webhooks/service.yaml
+++ b/keda/templates/webhooks/service.yaml
@@ -31,6 +31,7 @@ spec:
     port: 443
     protocol: TCP
     targetPort: {{ .Values.webhooks.port | default 9443 }}
+    appProtocol: https
   {{- if .Values.prometheus.webhooks.enabled }}
   - name: {{ .Values.prometheus.webhooks.serviceMonitor.port }}
     port: {{ .Values.prometheus.webhooks.port }}