kedacore · JorTurFer · Sep 2, 2022 · Sep 2, 2022 · Sep 2, 2022 · Sep 2, 2022
@@ -45,6 +45,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio
 ### Improvements
 
 - **General:** Add explicit seccompProfile type to securityContext config ([#3561](https://github.com/kedacore/keda/issues/3561))
+- **Prometheus Scaler:** Introduce skipping of certificate check for unsigned certs ([#2310](https://github.com/kedacore/keda/issues/2310))
 
 ### Fixes
 

@@ -29,6 +29,7 @@ const (
 	promCortexScopeOrgID    = "cortexOrgID"
 	promCortexHeaderKey     = "X-Scope-OrgID"
 	ignoreNullValues        = "ignoreNullValues"
+	unsafeSsl               = "unsafeSsl"
 )
 
 var (
@@ -57,6 +58,7 @@ type prometheusMetadata struct {
 	// change to false/f if can not accept prometheus return null values
 	// https://github.com/kedacore/keda/issues/3065
 	ignoreNullValues bool
+	unsafeSsl        bool
 }
 
 type promQueryResult struct {
@@ -85,7 +87,7 @@ func NewPrometheusScaler(config *ScalerConfig) (Scaler, error) {
 		return nil, fmt.Errorf("error parsing prometheus metadata: %s", err)
 	}
 
-	httpClient := kedautil.CreateHTTPClient(config.GlobalHTTPTimeout, false)
+	httpClient := kedautil.CreateHTTPClient(config.GlobalHTTPTimeout, meta.unsafeSsl)
 
 	if meta.prometheusAuth != nil && (meta.prometheusAuth.CA != "" || meta.prometheusAuth.EnableTLS) {
 		// create http.RoundTripper with auth settings from ScalerConfig
@@ -166,6 +168,16 @@ func parsePrometheusMetadata(config *ScalerConfig) (meta *prometheusMetadata, er
 		meta.ignoreNullValues = ignoreNullValues
 	}
 
+	meta.unsafeSsl = false
+	if val, ok := config.TriggerMetadata[unsafeSsl]; ok && val != "" {
+		unsafeSslValue, err := strconv.ParseBool(val)
+		if err != nil {
+			return nil, fmt.Errorf("error parsing %s: %s", unsafeSsl, err)
+		}
+
+		meta.unsafeSsl = unsafeSslValue
+	}
+
 	meta.scalerIndex = config.ScalerIndex
 
 	// parse auth configs from ScalerConfig

@@ -46,6 +46,8 @@ var testPromMetadata = []parsePrometheusMetadataTestData{
 	{map[string]string{"serverAddress": "http://localhost:9090", "metricName": "http_requests_total", "threshold": "100", "query": ""}, true},
 	// ignoreNullValues with wrong value
 	{map[string]string{"serverAddress": "http://localhost:9090", "metricName": "http_requests_total", "threshold": "100", "query": "up", "ignoreNullValues": "xxxx"}, true},
+
+	{map[string]string{"serverAddress": "https://localhost:9090", "metricName": "http_requests_total", "threshold": "100", "query": "up", "unsafeSsl": "true"}, false},
 }
 
 var prometheusMetricIdentifiers = []prometheusMetricIdentifier{
@@ -141,6 +143,7 @@ type prometheusQromQueryResultTestData struct {
 	expectedValue    float64
 	isError          bool
 	ignoreNullValues bool
+	unsafeSsl        bool
 }
 
 var testPromQueryResult = []prometheusQromQueryResultTestData{
@@ -151,6 +154,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    0,
 		isError:          false,
 		ignoreNullValues: true,
+		unsafeSsl:        false,
 	},
 	{
 		name:             "no values",
@@ -159,6 +163,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    0,
 		isError:          false,
 		ignoreNullValues: true,
+		unsafeSsl:        true,
 	},
 	{
 		name:             "no values but shouldn't ignore",
@@ -167,6 +172,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    -1,
 		isError:          true,
 		ignoreNullValues: false,
+		unsafeSsl:        false,
 	},
 	{
 		name:             "value is empty list",
@@ -175,6 +181,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    0,
 		isError:          false,
 		ignoreNullValues: true,
+		unsafeSsl:        true,
 	},
 	{
 		name:             "value is empty list but shouldn't ignore",
@@ -183,6 +190,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    -1,
 		isError:          true,
 		ignoreNullValues: false,
+		unsafeSsl:        false,
 	},
 	{
 		name:             "valid value",
@@ -191,6 +199,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    2,
 		isError:          false,
 		ignoreNullValues: true,
+		unsafeSsl:        true,
 	},
 	{
 		name:             "not enough values",
@@ -199,6 +208,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    -1,
 		isError:          true,
 		ignoreNullValues: true,
+		unsafeSsl:        true,
 	},
 	{
 		name:             "multiple results",
@@ -207,6 +217,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    -1,
 		isError:          true,
 		ignoreNullValues: true,
+		unsafeSsl:        true,
 	},
 	{
 		name:             "error status response",
@@ -215,6 +226,7 @@ var testPromQueryResult = []prometheusQromQueryResultTestData{
 		expectedValue:    -1,
 		isError:          true,
 		ignoreNullValues: true,
+		unsafeSsl:        true,
 	},
 }
 
@@ -233,6 +245,7 @@ func TestPrometheusScalerExecutePromQuery(t *testing.T) {
 				metadata: &prometheusMetadata{
 					serverAddress:    server.URL,
 					ignoreNullValues: testData.ignoreNullValues,
+					unsafeSsl:        testData.unsafeSsl,
 				},
 				httpClient: http.DefaultClient,
 				logger:     logr.Discard(),