mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
Custom Metrics Autoscaler Changes for version 2.17.2
This commit is contained in:
Michael Burke
@@ -15,21 +15,40 @@ Alternatively, to share credentials between objects in multiple namespaces, you
|
||||
|
||||
Trigger authentications and cluster trigger authentication use the same configuration. However, a cluster trigger authentication requires an additional `kind` parameter in the authentication reference of the scaled object.
|
||||
|
||||
.Example secret for Basic authentication
|
||||
.Example trigger authentication that uses a bound service account token
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
kind: TriggerAuthentication
|
||||
apiVersion: keda.sh/v1alpha1
|
||||
metadata:
|
||||
name: my-basic-secret
|
||||
namespace: default
|
||||
data:
|
||||
username: "dXNlcm5hbWU=" <1>
|
||||
password: "cGFzc3dvcmQ="
|
||||
name: secret-triggerauthentication
|
||||
namespace: my-namespace <1>
|
||||
spec:
|
||||
boundServiceAccountToken: <2>
|
||||
- parameter: bearerToken
|
||||
serviceAccountName: thanos <3>
|
||||
----
|
||||
<1> User name and password to supply to the trigger authentication. The values in a `data` stanza must be base-64 encoded.
|
||||
<1> Specifies the namespace of the object you want to scale.
|
||||
<2> Specifies that this trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint.
|
||||
<3> Specifies the name of the service account to use.
|
||||
|
||||
.Example trigger authentication using a secret for Basic authentication
|
||||
.Example cluster trigger authentication that uses a bound service account token
|
||||
[source,yaml]
|
||||
----
|
||||
kind: ClusterTriggerAuthentication
|
||||
apiVersion: keda.sh/v1alpha1
|
||||
metadata:
|
||||
name: bound-service-account-token-triggerauthentication <1>
|
||||
spec:
|
||||
boundServiceAccountToken: <2>
|
||||
- parameter: bearerToken
|
||||
serviceAccountName: thanos <3>
|
||||
----
|
||||
<1> Specifies the namespace of the object you want to scale.
|
||||
<2> Specifies that this cluster trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint.
|
||||
<3> Specifies the name of the service account to use.
|
||||
|
||||
.Example trigger authentication that uses a secret for Basic authentication
|
||||
[source,yaml]
|
||||
----
|
||||
kind: TriggerAuthentication
|
||||
@@ -49,48 +68,24 @@ spec:
|
||||
<1> Specifies the namespace of the object you want to scale.
|
||||
<2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint.
|
||||
<3> Specifies the authentication parameter to supply by using the secret.
|
||||
<4> Specifies the name of the secret to use.
|
||||
<4> Specifies the name of the secret to use. See the following example secret for Basic authentication.
|
||||
<5> Specifies the key in the secret to use with the specified parameter.
|
||||
|
||||
.Example cluster trigger authentication with a secret for Basic authentication
|
||||
[source,yaml]
|
||||
----
|
||||
kind: ClusterTriggerAuthentication
|
||||
apiVersion: keda.sh/v1alpha1
|
||||
metadata: <1>
|
||||
name: secret-cluster-triggerauthentication
|
||||
spec:
|
||||
secretTargetRef: <2>
|
||||
- parameter: username <3>
|
||||
name: my-basic-secret <4>
|
||||
key: username <5>
|
||||
- parameter: password
|
||||
name: my-basic-secret
|
||||
key: password
|
||||
----
|
||||
<1> Note that no namespace is used with a cluster trigger authentication.
|
||||
<2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint.
|
||||
<3> Specifies the authentication parameter to supply by using the secret.
|
||||
<4> Specifies the name of the secret to use.
|
||||
<5> Specifies the key in the secret to use with the specified parameter.
|
||||
|
||||
.Example secret with certificate authority (CA) details
|
||||
.Example secret for Basic authentication
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: my-secret
|
||||
namespace: my-namespace
|
||||
data:
|
||||
ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0... <1>
|
||||
client-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0... <2>
|
||||
client-key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0t...
|
||||
name: my-basic-secret
|
||||
namespace: default
|
||||
data:
|
||||
username: "dXNlcm5hbWU=" <1>
|
||||
password: "cGFzc3dvcmQ="
|
||||
----
|
||||
<1> Specifies the TLS CA Certificate for authentication of the metrics endpoint. The value must be base-64 encoded.
|
||||
<2> Specifies the TLS certificates and key for TLS client authentication. The values must be base-64 encoded.
|
||||
<1> User name and password to supply to the trigger authentication. The values in the `data` stanza must be base-64 encoded.
|
||||
|
||||
.Example trigger authentication using a secret for CA details
|
||||
.Example trigger authentication that uses a secret for CA details
|
||||
[source,yaml]
|
||||
----
|
||||
kind: TriggerAuthentication
|
||||
@@ -113,10 +108,10 @@ spec:
|
||||
<4> Specifies the name of the secret to use.
|
||||
<5> Specifies the key in the secret to use with the specified parameter.
|
||||
<6> Specifies the authentication parameter for a custom CA when connecting to the metrics endpoint.
|
||||
<7> Specifies the name of the secret to use.
|
||||
<7> Specifies the name of the secret to use. See the following example secret with certificate authority (CA) details.
|
||||
<8> Specifies the key in the secret to use with the specified parameter.
|
||||
|
||||
.Example secret with a bearer token
|
||||
.Example secret with certificate authority (CA) details
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: v1
|
||||
@@ -125,11 +120,14 @@ metadata:
|
||||
name: my-secret
|
||||
namespace: my-namespace
|
||||
data:
|
||||
bearerToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV" <1>
|
||||
ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0... <1>
|
||||
client-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0... <2>
|
||||
client-key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0t...
|
||||
----
|
||||
<1> Specifies a bearer token to use with bearer authentication. The value in a `data` stanza must be base-64 encoded.
|
||||
<1> Specifies the TLS CA Certificate for authentication of the metrics endpoint. The value must be base-64 encoded.
|
||||
<2> Specifies the TLS certificates and key for TLS client authentication. The values must be base-64 encoded.
|
||||
|
||||
.Example trigger authentication with a bearer token
|
||||
.Example trigger authentication that uses a bearer token
|
||||
[source,yaml]
|
||||
----
|
||||
kind: TriggerAuthentication
|
||||
@@ -146,10 +144,23 @@ spec:
|
||||
<1> Specifies the namespace of the object you want to scale.
|
||||
<2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint.
|
||||
<3> Specifies the type of authentication to use.
|
||||
<4> Specifies the name of the secret to use.
|
||||
<4> Specifies the name of the secret to use. See the following example secret for a bearer token.
|
||||
<5> Specifies the key in the token to use with the specified parameter.
|
||||
|
||||
.Example trigger authentication with an environment variable
|
||||
.Example secret for a bearer token
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: my-secret
|
||||
namespace: my-namespace
|
||||
data:
|
||||
bearerToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV" <1>
|
||||
----
|
||||
<1> Specifies a bearer token to use with bearer authentication. The value must be base-64 encoded.
|
||||
|
||||
.Example trigger authentication that uses an environment variable
|
||||
[source,yaml]
|
||||
----
|
||||
kind: TriggerAuthentication
|
||||
@@ -169,7 +180,7 @@ spec:
|
||||
<4> Specify the name of the environment variable.
|
||||
<5> Optional: Specify a container that requires authentication. The container must be in the same resource as referenced by `scaleTargetRef` in the scaled object.
|
||||
|
||||
.Example trigger authentication with pod authentication providers
|
||||
.Example trigger authentication that uses pod authentication providers
|
||||
[source,yaml]
|
||||
----
|
||||
kind: TriggerAuthentication
|
||||
@@ -189,7 +200,8 @@ spec:
|
||||
// ifndef::openshift-rosa,openshift-dedicated[]
|
||||
.Additional resources
|
||||
|
||||
* For information about {product-title} secrets, see xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[Providing sensitive data to pods].
|
||||
* xref:../../authentication/understanding-and-creating-service-accounts.adoc#understanding-service-accounts[Understanding and creating service accounts]
|
||||
* xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[Providing sensitive data to pods].
|
||||
// endif::openshift-rosa,openshift-dedicated[]
|
||||
|
||||
include::modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc[leveloffset=+1]
|
||||
|
||||
@@ -32,3 +32,4 @@ include::modules/nodes-cma-autoscaling-custom-trigger-cpu.adoc[leveloffset=+1]
|
||||
include::modules/nodes-cma-autoscaling-custom-trigger-memory.adoc[leveloffset=+1]
|
||||
include::modules/nodes-cma-autoscaling-custom-trigger-kafka.adoc[leveloffset=+1]
|
||||
include::modules/nodes-cma-autoscaling-custom-trigger-cron.adoc[leveloffset=+1]
|
||||
include::modules/nodes-cma-autoscaling-custom-trigger-workload.adoc[leveloffset=+1]
|
||||
|
||||
Reference in New Issue
Block a user