Provide guidance how to use Azure AD Pod Identity with KEDA (#22)

.github/workflows/push-images.yml

@@ -0,0 +1,21 @@
+name: Push Docker Images
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  shipments:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Docker Login
+      uses: docker/login-action@v1.6.0
+      with:
+        registry: ghcr.io
+        username: kedacore
+        password: ${{ secrets.CONTAINER_REGISTRY_KEY }}
+    - name: Build the Docker image
+      run: docker build ./src/ --file ./src/Keda.Samples.Dotnet.OrderProcessor/Dockerfile --tag ghcr.io/kedacore/sample-dotnet-worker-servicebus-queue:latest
+    - name: Push the Docker image
+      run: docker push ghcr.io/kedacore/sample-dotnet-worker-servicebus-queue:latest

README.md

@@ -4,6 +4,8 @@ A simple Docker container written in .NET that will receive messages from a Serv
 The message processor will receive a single message at a time (per instance), and sleep for 2 second to simulate performing work. When adding a massive amount of queue messages, KEDA will drive the container to scale out according to the event source (Service Bus Queue).
 
 We provide samples for the following scenarios:
+
+- [**Process Azure Service Bus Queue by using Azure AD Pod Identity**](pod-identity.md)
 - [**Process Azure Service Bus Queue by using connection string authentication**](connection-string-scenario.md)
 
 > 💡 *If you want to learn how to scale this sample with KEDA 1.0, feel free to read about it [here](https://github.com/kedacore/sample-dotnet-worker-servicebus-queue/tree/keda-v1.0).*

connection-string-scenario.md

@@ -18,7 +18,7 @@ metadata:
   name: order-processor-scaler
   labels:
     app: order-processor
-    deploymentName: order-processor
+    name: order-processor
 spec:
   scaleTargetRef:
     name: order-processor
@@ -99,7 +99,7 @@ Once the authorization rule is created, we can list the connection string as fol
 }
 ```
 
-Create a base64 representation of the connection string and update our Kubernetes secret in `deploy/deploy-app.yaml`:
+Create a base64 representation of the connection string and update our Kubernetes secret in `deploy/connection-string/deploy-app.yaml`:
 
 ```cli
 ❯ echo -n "<connection string>" | base64
@@ -117,7 +117,7 @@ namespace "keda-dotnet-sample" created
 Before we can connect to our queue, we need to create a secret which contains the Service Bus connection string to the queue.
 
 ```cli
-❯ kubectl apply -f deploy/deploy-app.yaml --namespace keda-dotnet-sample
+❯ kubectl apply -f deploy/connection-string/deploy-app.yaml --namespace keda-dotnet-sample
 deployment.apps/order-processor created
 secret/secrets-order-consumer created
 ```
@@ -154,7 +154,7 @@ We have our secret configured, defined a `TriggerAuthentication` for KEDA to aut
 Now let's create everything:
 
 ```cli
-❯ kubectl apply -f .\deploy\deploy-autoscaling.yaml --namespace keda-dotnet-sample
+❯ kubectl apply -f .\deploy/connection-string/deploy-autoscaling.yaml --namespace keda-dotnet-sample
 triggerauthentication.keda.sh/trigger-auth-service-bus-orders created
 secret/secrets-order-consumer configured
 scaledobject.keda.sh/order-processor-scaler created
@@ -297,8 +297,8 @@ You'll need to wait a short while until the public IP is created and shown in th
 ### Delete the application
 
 ```cli
-❯ kubectl delete -f deploy/deploy-autoscaling.yaml --namespace keda-dotnet-sample
-❯ kubectl delete -f deploy/deploy-app.yaml --namespace keda-dotnet-sample
+❯ kubectl delete -f deploy/connection-string/deploy-autoscaling.yaml --namespace keda-dotnet-sample
+❯ kubectl delete -f deploy/connection-string/deploy-app.yaml --namespace keda-dotnet-sample
 ❯ kubectl delete namespace keda-dotnet-sample
 ```
 
@@ -311,7 +311,7 @@ You'll need to wait a short while until the public IP is created and shown in th
 ### Uninstall KEDA
 
 ```cli
-❯ helm delete --purge keda
+❯ helm uninstall keda --namespace keda
 ❯ kubectl delete customresourcedefinition  scaledobjects.keda.sh
 ❯ kubectl delete customresourcedefinition  triggerauthentications.keda.sh
 ❯ kubectl delete namespace keda

deploy/deploy-app.yaml → deploy/connection-string/deploy-app.yaml

@@ -15,13 +15,17 @@ spec:
     spec:
       containers:
       - name: order-processor
-        image: kedasamples/sample-dotnet-worker-servicebus-queue
+        image: ghcr.io/kedacore/sample-dotnet-worker-servicebus-queue:latest
         env:
+        - name: KEDA_SERVICEBUS_AUTH_MODE
+          value: ConnectionString
         - name: KEDA_SERVICEBUS_QUEUE_CONNECTIONSTRING
           valueFrom:
             secretKeyRef:
              name: secrets-order-consumer
              key: servicebus-connectionstring
+        - name: KEDA_SERVICEBUS_QUEUE_NAME
+          value: orders
 ---
 apiVersion: v1
 kind: Secret

deploy/managed-identity/deploy-app-autoscaling.yaml

@@ -0,0 +1,25 @@
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: trigger-auth-service-bus-orders
+spec:
+  podIdentity:
+    provider: azure
+---
+apiVersion: keda.sh/v1alpha1 
+kind: ScaledObject
+metadata:
+  name: order-scaler
+spec:
+  scaleTargetRef:
+    name: order-processor
+  # minReplicaCount: 0 Change to define how many minimum replicas you want
+  maxReplicaCount: 10
+  triggers:
+  - type: azure-servicebus
+    metadata:
+      namespace: <namespace-name>
+      queueName: orders
+      messageCount: '5'
+    authenticationRef:
+      name: trigger-auth-service-bus-orders

deploy/managed-identity/deploy-app-with-managed-identity.yaml

@@ -0,0 +1,47 @@
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentity
+metadata:
+  name: <app-identity-name>
+  annotations:
+    aadpodidentity.k8s.io/Behavior: namespaced
+spec:
+  type: 0 # 0 means User-assigned MSI
+  resourceID: <app-identity-resource-id>
+  clientID: <app-identity-id>
+---
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentityBinding
+metadata:
+  name: <app-identity-name>-binding
+spec:
+  azureIdentity: <app-identity-name>
+  selector: order-processor
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: order-processor
+  labels:
+    app: order-processor
+spec:
+  selector:
+    matchLabels:
+      app: order-processor
+  template:
+    metadata:
+      labels:
+        app: order-processor
+        aadpodidbinding: order-processor
+    spec:
+      containers:
+      - name: order-processor
+        image: ghcr.io/kedacore/sample-dotnet-worker-servicebus-queue:latest
+        env:
+        - name: KEDA_SERVICEBUS_AUTH_MODE
+          value: ManagedIdentity
+        - name: KEDA_SERVICEBUS_HOST_NAME
+          value: <namespace-name>.servicebus.windows.net
+        - name: KEDA_SERVICEBUS_QUEUE_NAME
+          value: orders
+        - name: KEDA_SERVICEBUS_IDENTITY_USERASSIGNEDID
+          value: <app-identity-id>

deploy/managed-identity/deploy-autoscaling-infrastructure.yaml

@@ -0,0 +1,16 @@
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentity
+metadata:
+  name: <autoscaler-identity-name>
+spec:
+  type: 0 # 0 means User-assigned MSI
+  resourceID: <autoscaler-identity-resource-id>
+  clientID: <autoscaler-identity-id>
+---
+apiVersion: aadpodidentity.k8s.io/v1
+kind: AzureIdentityBinding
+metadata:
+  name: <autoscaler-identity-name>-binding
+spec:
+  azureIdentity: <autoscaler-identity-name>
+  selector: app-autoscaler