Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add GCP identity authentication when using Pubsub Scaler #2225

Merged
merged 4 commits into from
Nov 3, 2021

Conversation

jmalvarezf-lmes
Copy link
Contributor

Hi,

This tries to partially fix this issue: #2048. Basically the fix consist on using the gcp identity framework so that when you do a request to stackdriver to get the number of undelivered messages, you use the service account associated to the machine (GCE), instead of using a service account in a secret. That allows to use this very useful scaler without creating a service account and a secret and you can use a Cluster Trigger Authentication widely to use the underlying service account. I couldn't create tests, as this relies on being executed on GCP. But I've tested it in our environment and it works.

Hope it is useful for you.

I wait for you to check this, and if it is useful, and you agree, I will change the docs to adapt to this new method.

Regards,

Jose Maria.

Signed-off-by: Jose Maria Alvarez <[email protected]>
Copy link
Member

@zroubalik zroubalik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good! Please update Changelog and modify docs for 2.5. Thanks!

@jmalvarezf-lmes
Copy link
Contributor Author

@zroubalik please check if everything is fine. Thank you!

@tomkerkhove tomkerkhove added this to the v2.5.0 milestone Nov 3, 2021
Copy link
Member

@zroubalik zroubalik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks for the contribution @jmalvarezf-lmes!

@zroubalik zroubalik changed the title Add modifications on gcp pubsub scaler to use underlying compute engi… Add GCP identity authentication when using Pubsub Scaler Nov 3, 2021
@zroubalik zroubalik merged commit 744fa09 into kedacore:main Nov 3, 2021
@jmalvarezf-lmes
Copy link
Contributor Author

You are welcome!

@hermanbanken
Copy link
Contributor

Nice, thanks!

@hermanbanken
Copy link
Contributor

hermanbanken commented Nov 11, 2021

Did I understand correctly how to use it (see docs I attempted to create)?

@jmalvarezf-lmes
Copy link
Contributor Author

@hermanbanken yes, that is the idea. We have it running like this in our environment. We do not use workload identity, but the functionality is exactly the same.

@hermanbanken
Copy link
Contributor

I completely missed kedacore/keda-docs#565... 😅

@zroubalik
Copy link
Member

@hermanbanken lol 😄 but would be nice if you can add your improvements

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants