-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for cluster-scoped trigger authentication #1452
Conversation
…Authentication. This allows creating a single authentication for Keda, for scalers where that makes sense. Signed-off-by: Noah Kantrowitz <[email protected]>
WDYT @zroubalik? I think we've explicitly gone with namespace-scoping since that is typically used as a security boundary but I can see value in having a cluster-wide auth mode. |
If we agree on this, please open a doc PR |
Thanks for the PR btw! |
My specific use case is I want to make a single |
Makes perfect sense, thanks! |
See kedacore/keda-docs#340 (comment) where I would move the |
Thanks for this PR, I can see the need for this feature. I like the way on how this is modelled wrt security (limiting Secrets to only one namespace). |
…Authentication. (kedacore#1452) This allows creating a single authentication for Keda, for scalers where that makes sense. Signed-off-by: Noah Kantrowitz <[email protected]> Co-authored-by: Zbynek Roubalik <[email protected]>
This allows creating a single authentication for Keda, for scalers where that makes sense.
ClusterTriggerAuthentication
objects work just likeTriggerAuthentication
but are not in a specific namespace. SecretRefs in them will looked up in the namespace Keda is running in (overridable via$KEDA_CLUSTER_OBJECT_NAMESPACE
for special cases). In triggers, you setkind: ClusterTriggerAuthentication
.Overall this is modeled on cert-manager's ClusterIssuer and Issuer types. Holding off on adding documentation since I'm not sure of the best way to document this since it is kind of a big feature.
Checklist
Relates to #1469