TriggerAuthentication AWS Secret Manager podIdentity is not working.
KEDA is not using ROLE provided in awsSecretManager.podIdentity.roleArn .
Even tried with awsSecretManager.identityOwner.workload ,but still KEDA is not using ROLE NAME provided in workload Service account annotation.
Even though awsSecretManager.podIdentity.roleArn is set, KEDA is still using IAM role which the KEDA operator uses
Expected Behavior
Expected Behavior is when ,
awsSecretManager.podIdentity.roleArn is set ,KEDA should use that role to make call to AWS secret manager to get secret value
OR when awsSecretManager.podIdentity.identityOwner is set to workload then KEDA should use role name used in service account associated with workload pod to make call to AWS secret manager to get secret value
Actual Behavior
Even though awsSecretManager.podIdentity.roleArn is set, KEDA is still using IAM role which the KEDA operator uses to get secret vale from AWS secret manager.
Same behavior is observed even when we set awsSecretManager.podIdentity.identityOwner to workload
Steps to Reproduce the Problem
1.Create TriggerAuthentication with AWS Secret Manager as Authentication provider, sample below. The role in "roleArn" is in different AWS account and TriggerAuthentication is in different AWS EKS cluster
Report
TriggerAuthentication AWS Secret Manager podIdentity is not working.
KEDA is not using ROLE provided in awsSecretManager.podIdentity.roleArn .
Even tried with awsSecretManager.identityOwner.workload ,but still KEDA is not using ROLE NAME provided in workload Service account annotation.
Even though awsSecretManager.podIdentity.roleArn is set, KEDA is still using IAM role which the KEDA operator uses
Expected Behavior
Expected Behavior is when ,
Actual Behavior
Even though awsSecretManager.podIdentity.roleArn is set, KEDA is still using IAM role which the KEDA operator uses to get secret vale from AWS secret manager. Same behavior is observed even when we set awsSecretManager.podIdentity.identityOwner to workload
Steps to Reproduce the Problem
1.Create TriggerAuthentication with AWS Secret Manager as Authentication provider, sample below. The role in "roleArn" is in different AWS account and TriggerAuthentication is in different AWS EKS cluster
2.Create ScaledObject, sample below
3.Create sample deploy with name "app1" ,this is the target for scaledobject
Logs from KEDA operator
KEDA Version
2.13.0
Kubernetes Version
1.28
Platform
Amazon Web Services
Scaler Details
postgresql
Anything else?
Below 2 are running in one AWS EKS cluster Account
AWS secret manger holding secrets is in different AWS account
I am trying cross account same region integration between KEDA and AWS secret manager