search

kedacore / keda

KEDA is a Kubernetes-based Event Driven Autoscaling component. It provides event driven scale for any container running in Kubernetes
https://keda.sh
Apache License 2.0
8.38k stars 1.06k forks source link

Service bus scaler whith workload-identity (override) #5824

Closed ehrnst closed 4 months ago

ehrnst commented 4 months ago

Report

https://github.com/kedacore/keda/discussions/4943

Referencing the above discussion which is old but never answered. I encountered the same issue today when setting up a service bus scaler, and using triggerAuthentication to override which identity is used - i want to use the same identity which is used by the deployment

heres a snippet of my helm chart for the deployment

apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: admin-fileprocessing-auth
spec:
  podIdentity:
    provider: azure-workload
    identityId: <ObjectId of the managed identity>
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
  name: admin-fileprocessing-green
  labels:
    app: <value>
    chart: <value>
spec:
  scaleTargetRef:
    name: <value>
  minReplicaCount: {{ .Values.keda.fileProcessing.minReplicaCount }}
  maxReplicaCount: {{ .Values.keda.fileProcessing.maxReplicaCount }}
  triggers:
  - type: azure-servicebus
    authenticationRef:
      name: admin-fileprocessing-auth
    metadata:
      topicName: {{ .Values.keda.fileProcessing.topicName }}
      subscriptionName: {{ .Values.keda.fileProcessing.subscriptionName }}
      namespace: {{ .Values.keda.fileProcessing.sbusNamespaceGreen }}
      messageCount: {{ .Values.keda.fileProcessing.messageCount | quote  }

Expected Behavior

For keda to read queue length

Actual Behavior

error sources must contain at least one TokenCredential

Steps to Reproduce the Problem

  1. set up trigger auth
  2. override the credential
  3. deploy

Logs from KEDA operator

2024-05-24T12:00:57Z    ERROR   scale_handler   error getting metric for trigger    {"scaledObject.Namespace": "dev", "scaledObject.Name": "admin-fileprocessing-blue", "trigger": "azureServiceBusScaler", "error": "sources must contain at least one TokenCredential"}

KEDA Version

2.14.0

Kubernetes Version

1.27

Platform

Microsoft Azure

Scaler Details

Azure service bus

Anything else?

No response

JorTurFer commented 4 months ago

Hello, Could you share the whole logs? Based on the code, I'd expect an error with the message error starting azure workload-identity token provider providing more info about the issue if something has happened.

tomkerkhove commented 4 months ago

Also, I think identityId: <ObjectId of the managed identity> should be client ID instead

ehrnst commented 4 months ago

@tomkerkhove @JorTurFer I suspect we have other issues with the keda-installation. Trying to move from self-installed to AKS addon. if the issue persist, i will re-open. Thanks!