Add support for cluster-scoped trigger authentication #1452
Conversation
…Authentication. This allows creating a single authentication for Keda, for scalers where that makes sense. Signed-off-by: Noah Kantrowitz <noah@coderanger.net>
|
WDYT @zroubalik? I think we've explicitly gone with namespace-scoping since that is typically used as a security boundary but I can see value in having a cluster-wide auth mode. |
|
If we agree on this, please open a doc PR |
|
Thanks for the PR btw! |
|
My specific use case is I want to make a single |
|
Makes perfect sense, thanks! |
|
See kedacore/keda-docs#340 (comment) where I would move the |
|
Thanks for this PR, I can see the need for this feature. I like the way on how this is modelled wrt security (limiting Secrets to only one namespace). |
…Authentication. (kedacore#1452) This allows creating a single authentication for Keda, for scalers where that makes sense. Signed-off-by: Noah Kantrowitz <noah@coderanger.net> Co-authored-by: Zbynek Roubalik <726523+zroubalik@users.noreply.github.com>
This allows creating a single authentication for Keda, for scalers where that makes sense.
ClusterTriggerAuthenticationobjects work just likeTriggerAuthenticationbut are not in a specific namespace. SecretRefs in them will looked up in the namespace Keda is running in (overridable via$KEDA_CLUSTER_OBJECT_NAMESPACEfor special cases). In triggers, you setkind: ClusterTriggerAuthentication.Overall this is modeled on cert-manager's ClusterIssuer and Issuer types. Holding off on adding documentation since I'm not sure of the best way to document this since it is kind of a big feature.
Checklist
Relates to #1469