Open joclegg opened 2 years ago
karpikpl
commented
5 months ago Hey,
is there any update on this issue?
the comment about TriggerAuthentication is 3 years old.
The external scaler example now references secrets? https://keda.sh/docs/2.14/scalers/external/#authentication-parameters
karpikpl
commented
5 months ago I've been trying to understand if I can deploy the scaler with TriggerAuthentication since I cannot find anything in KEDA docs that would say it's not supported for external scalers.
# Create KEDA scaled object to scale order processor application.
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: azure-cosmosdb-auth
spec:
podIdentity:
provider: azure-workload
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: cosmosdb-order-processor-scaledobject
namespace: cosmosdb-order-processor
spec:
pollingInterval: 20
scaleTargetRef:
name: cosmosdb-order-processor
triggers:
- type: external
authenticationRef:
name: azure-cosmosdb-auth # authenticationRef would need either podIdentity or define a connection parameter
metadata:
scalerAddress: external-scaler-azure-cosmos-db.cosmosdb-order-processor:4050
endpoint: https://{Cosmos DB Account Name}.documents.azure.com:443/ # update as per your environment
databaseId: StoreDatabase
containerId: OrderContainer
LeaseEndpoint: https://{Cosmos DB Account Name}.documents.azure.com:443/ # update as per your environment
leaseDatabaseId: StoreDatabase
leaseContainerId: OrderProcessorLeases
processorName: OrderProcessorIt looks like Azure Workload Identity is supported in KEDA. The only thing missing is the actual support in code that I tried adding in #68.
State of the code is little confusing though:
Add support for using pod identity binding to access the cosmos db via account endpoint only.
Use-Case
Our cosmos dbs are set up to only use AD for access. We would like to create a role with the access that this scaler will need and use that and the account endpoint for access. We would then not need to have connection strings in configuration.