From a25e400fd5c78748c2c866badc395fb917911ba9 Mon Sep 17 00:00:00 2001
From: Sean Liao <sean.liao@snyk.io>
Date: Thu, 15 Aug 2024 11:38:27 +0800
Subject: [PATCH] istio compatibility with appProtocol: https

Despite Istio docs stating that setting the name of the port to https
should result in the protocol being https (TLS not intercepted),
it doesn't appear to work for us, and only works by explicitly setting
appProtocol.

https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/#explicit-protocol-selection

Signed-off-by: Sean Liao <sean.liao@snyk.io>
---
 keda/templates/metrics-server/service.yaml | 1 +
 keda/templates/webhooks/service.yaml       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/keda/templates/metrics-server/service.yaml b/keda/templates/metrics-server/service.yaml
index bffbcabf..750b682e 100644
--- a/keda/templates/metrics-server/service.yaml
+++ b/keda/templates/metrics-server/service.yaml
@@ -32,6 +32,7 @@ spec:
     port: {{ .Values.service.portHttps }}
     targetPort: {{ .Values.service.portHttpsTarget }}
     protocol: TCP
+    appProtocol: https
   - name: {{ .Values.prometheus.metricServer.portName }}
     port: {{ .Values.prometheus.metricServer.port }}
     targetPort: {{ .Values.prometheus.metricServer.port }}
diff --git a/keda/templates/webhooks/service.yaml b/keda/templates/webhooks/service.yaml
index 4d933d60..86014c73 100644
--- a/keda/templates/webhooks/service.yaml
+++ b/keda/templates/webhooks/service.yaml
@@ -31,6 +31,7 @@ spec:
     port: 443
     protocol: TCP
     targetPort: {{ .Values.webhooks.port | default 9443 }}
+	appProtocol: https
   {{- if .Values.prometheus.webhooks.enabled }}
   - name: {{ .Values.prometheus.webhooks.serviceMonitor.port }}
     port: {{ .Values.prometheus.webhooks.port }}