Add explanations for validations.keda.sh/hpa-ownership (#1358)

Signed-off-by: June Han <sorrowitsch@gmail.com> Co-authored-by: Zbynek Roubalik <zroubalik@gmail.com>
kedacore · Apr 15, 2024 · 3c47301 · 3c47301
1 parent 09f2857
commit 3c47301
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 2 deletions.
diff --git a/content/docs/2.14/concepts/scaling-deployments.md b/content/docs/2.14/concepts/scaling-deployments.md
@@ -39,8 +39,8 @@ kind: ScaledObject
 metadata:
   name: {scaled-object-name}
   annotations:
-    scaledobject.keda.sh/transfer-hpa-ownership: "true"      # Optional. Use to transfer an existing HPA ownership to this ScaledObject
-    autoscaling.keda.sh/paused-replicas: "0"                # Optional. Use to pause autoscaling of objects
+    scaledobject.keda.sh/transfer-hpa-ownership: "true"     # Optional. Use to transfer an existing HPA ownership to this ScaledObject
+    validations.keda.sh/hpa-ownership: "true"               # Optional. Use to disable HPA ownership validation on this ScaledObject
     autoscaling.keda.sh/paused: "true"                      # Optional. Use to pause autoscaling of objects explicitly
 spec:
   scaleTargetRef:
@@ -413,6 +413,15 @@ spec:
 
 > ⚠️ **NOTE:** You need to specify a custom HPA name in your ScaledObject matching the existing HPA name you want it to manage.
 
+## Disable validations on an existing HPA
+
+You are allowed to disable admission webhooks validations with the following snippet. It grants you better flexibility but also brings vulnerabilities. Do it **at your own risk**.
+
+```yaml
+metadata:
+  annotations:
+    validations.keda.sh/hpa-ownership: "true"
+```
 
 ## Long-running executions
 

diff --git a/content/docs/2.14/operate/admission-webhooks.md b/content/docs/2.14/operate/admission-webhooks.md
@@ -7,3 +7,5 @@ weight = 100
 ## Validation Enforcement
 
 By default, the admission webhooks are registered with `failurePolicy: Ignore`, this won't block the resources creation/update when the admission controller is not available. To ensure that the validation is always required and perform validation, setting `failurePolicy` to `Fail` is required.
+
+In particular, the admission webhooks for HPA ownership validation can be skipped by setting the annotation `validations.keda.sh/hpa-ownership` to `"false"`. Be cautious when doing so as it exposes the system to potential risks.