diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 48974815b4b8..06db6a9a0b1f 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -2512,6 +2512,8 @@ Topics: File: nodes-cma-autoscaling-custom-trigger - Name: Understanding custom metrics autoscaler trigger authentications File: nodes-cma-autoscaling-custom-trigger-auth + - Name: Understanding how to add custom metrics autoscalers + File: nodes-cma-autoscaling-custom-adding - Name: Pausing the custom metrics autoscaler File: nodes-cma-autoscaling-custom-pausing - Name: Gathering audit logs @@ -2520,8 +2522,6 @@ Topics: File: nodes-cma-autoscaling-custom-debugging - Name: Viewing Operator metrics File: nodes-cma-autoscaling-custom-metrics - - Name: Understanding how to add custom metrics autoscalers - File: nodes-cma-autoscaling-custom-adding - Name: Removing the Custom Metrics Autoscaler Operator File: nodes-cma-autoscaling-custom-removing - Name: Controlling pod placement onto nodes (scheduling) diff --git a/_topic_maps/_topic_map_osd.yml b/_topic_maps/_topic_map_osd.yml index d883674c62a2..92c930b6fa49 100644 --- a/_topic_maps/_topic_map_osd.yml +++ b/_topic_maps/_topic_map_osd.yml @@ -1016,6 +1016,8 @@ Topics: File: nodes-cma-autoscaling-custom-trigger - Name: Understanding the custom metrics autoscaler trigger authentications File: nodes-cma-autoscaling-custom-trigger-auth + - Name: Understanding how to add custom metrics autoscalers + File: nodes-cma-autoscaling-custom-adding - Name: Pausing the custom metrics autoscaler File: nodes-cma-autoscaling-custom-pausing - Name: Gathering audit logs @@ -1024,8 +1026,6 @@ Topics: File: nodes-cma-autoscaling-custom-debugging - Name: Viewing Operator metrics File: nodes-cma-autoscaling-custom-metrics - - Name: Understanding how to add custom metrics autoscalers - File: nodes-cma-autoscaling-custom-adding - Name: Removing the Custom Metrics Autoscaler Operator File: nodes-cma-autoscaling-custom-removing - Name: Controlling pod placement onto nodes (scheduling) diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml index cb66ebf48a6d..67316c5c7a95 100644 --- a/_topic_maps/_topic_map_rosa.yml +++ b/_topic_maps/_topic_map_rosa.yml @@ -1316,6 +1316,8 @@ Topics: File: nodes-cma-autoscaling-custom-trigger - Name: Understanding the custom metrics autoscaler trigger authentications File: nodes-cma-autoscaling-custom-trigger-auth + - Name: Understanding how to add custom metrics autoscalers + File: nodes-cma-autoscaling-custom-adding - Name: Pausing the custom metrics autoscaler File: nodes-cma-autoscaling-custom-pausing - Name: Gathering audit logs @@ -1324,8 +1326,6 @@ Topics: File: nodes-cma-autoscaling-custom-debugging - Name: Viewing Operator metrics File: nodes-cma-autoscaling-custom-metrics - - Name: Understanding how to add custom metrics autoscalers - File: nodes-cma-autoscaling-custom-adding - Name: Removing the Custom Metrics Autoscaler Operator File: nodes-cma-autoscaling-custom-removing - Name: Controlling pod placement onto nodes (scheduling) diff --git a/_topic_maps/_topic_map_rosa_hcp.yml b/_topic_maps/_topic_map_rosa_hcp.yml index 0498d4b13da3..127f832f3fb0 100644 --- a/_topic_maps/_topic_map_rosa_hcp.yml +++ b/_topic_maps/_topic_map_rosa_hcp.yml @@ -1226,6 +1226,8 @@ Topics: # File: nodes-cma-autoscaling-custom-trigger # - Name: Understanding the custom metrics autoscaler trigger authentications # File: nodes-cma-autoscaling-custom-trigger-auth +# - Name: Understanding how to add custom metrics autoscalers +# File: nodes-cma-autoscaling-custom-adding # - Name: Pausing the custom metrics autoscaler # File: nodes-cma-autoscaling-custom-pausing # - Name: Gathering audit logs @@ -1234,8 +1236,6 @@ Topics: # File: nodes-cma-autoscaling-custom-debugging # - Name: Viewing Operator metrics # File: nodes-cma-autoscaling-custom-metrics -# - Name: Understanding how to add custom metrics autoscalers -# File: nodes-cma-autoscaling-custom-adding # - Name: Removing the Custom Metrics Autoscaler Operator # File: nodes-cma-autoscaling-custom-removing # - Name: Controlling pod placement onto nodes (scheduling) diff --git a/modules/nodes-cma-autoscaling-custom-creating-workload.adoc b/modules/nodes-cma-autoscaling-custom-creating-workload.adoc index 238ba80c1802..18fb6d7b2719 100644 --- a/modules/nodes-cma-autoscaling-custom-creating-workload.adoc +++ b/modules/nodes-cma-autoscaling-custom-creating-workload.adoc @@ -104,12 +104,13 @@ spec: fallback: <11> failureThreshold: 3 replicas: 6 - pollingInterval: 30 <12> + behavior: static <12> + pollingInterval: 30 <13> advanced: - restoreToOriginalReplicaCount: false <13> + restoreToOriginalReplicaCount: false <14> horizontalPodAutoscalerConfig: - name: keda-hpa-scale-down <14> - behavior: <15> + name: keda-hpa-scale-down <15> + behavior: <16> scaleDown: stabilizationWindowSeconds: 300 policies: @@ -117,7 +118,7 @@ spec: value: 100 periodSeconds: 15 triggers: - - type: prometheus <16> + - type: prometheus <17> metadata: serverAddress: https://thanos-querier.openshift-monitoring.svc.cluster.local:9092 namespace: kedatest @@ -125,7 +126,7 @@ spec: threshold: '5' query: sum(rate(http_requests_total{job="test-app"}[1m])) authModes: basic - authenticationRef: <17> + authenticationRef: <18> name: prom-triggerauthentication kind: TriggerAuthentication ---- @@ -139,13 +140,18 @@ spec: <8> Optional: Specifies the maximum number of replicas when scaling up. The default is `100`. <9> Optional: Specifies the minimum number of replicas when scaling down. <10> Optional: Specifies the parameters for audit logs. as described in the "Configuring audit logging" section. -<11> Optional: Specifies the number of replicas to fall back to if a scaler fails to get metrics from the source for the number of times defined by the `failureThreshold` parameter. For more information on fallback behavior, see the link:https://keda.sh/docs/2.7/concepts/scaling-deployments/#fallback[KEDA documentation]. -<12> Optional: Specifies the interval in seconds to check each trigger on. The default is `30`. -<13> Optional: Specifies whether to scale back the target resource to the original replica count after the scaled object is deleted. The default is `false`, which keeps the replica count as it is when the scaled object is deleted. -<14> Optional: Specifies a name for the horizontal pod autoscaler. The default is `keda-hpa-{scaled-object-name}`. -<15> Optional: Specifies a scaling policy to use to control the rate to scale pods up or down, as described in the "Scaling policies" section. -<16> Specifies the trigger to use as the basis for scaling, as described in the "Understanding the custom metrics autoscaler triggers" section. This example uses {product-title} monitoring. -<17> Optional: Specifies a trigger authentication or a cluster trigger authentication. For more information, see _Understanding the custom metrics autoscaler trigger authentication_ in the _Additional resources_ section. +<11> Optional: Specifies the number of replicas to fall back to if a scaler fails to get metrics from the source for the number of times defined by the `failureThreshold` parameter. For more information on fallback behavior, see the link:https://keda.sh/docs/latest/reference/scaledobject-spec/#fallback[KEDA documentation]. +<12> Optional: Specifies the replica count to be used if a fallback occurs. Enter one of the following options or omit the parameter: +* Enter `static` to use the number of replicas specified by the `fallback.replicas` parameter. This is the default. +* Enter `currentReplicas` to maintain the current number of replicas. +* Enter `currentReplicasIfHigher` to maintain the current number of replicas, if that number is higher than the `fallback.replicas` parameter. If the current number of replicas is lower than the `fallback.replicas` parameter, use the `fallback.replicas` value. +* Enter `currentReplicasIfLower` to maintain the current number of replicas, if that number is lower than the `fallback.replicas` parameter. If the current number of replicas is higher than the `fallback.replicas` parameter, use the `fallback.replicas` value. +<13> Optional: Specifies the interval in seconds to check each trigger on. The default is `30`. +<14> Optional: Specifies whether to scale back the target resource to the original replica count after the scaled object is deleted. The default is `false`, which keeps the replica count as it is when the scaled object is deleted. +<15> Optional: Specifies a name for the horizontal pod autoscaler. The default is `keda-hpa-{scaled-object-name}`. +<16> Optional: Specifies a scaling policy to use to control the rate to scale pods up or down, as described in the "Scaling policies" section. +<17> Specifies the trigger to use as the basis for scaling, as described in the "Understanding the custom metrics autoscaler triggers" section. This example uses {product-title} monitoring. +<18> Optional: Specifies a trigger authentication or a cluster trigger authentication. For more information, see _Understanding the custom metrics autoscaler trigger authentication_ in the _Additional resources_ section. * Enter `TriggerAuthentication` to use a trigger authentication. This is the default. * Enter `ClusterTriggerAuthentication` to use a cluster trigger authentication. diff --git a/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc b/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc index 6f8273794994..961f1f3376cc 100644 --- a/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc +++ b/modules/nodes-cma-autoscaling-custom-prometheus-config.adoc @@ -18,7 +18,6 @@ These steps are not required for an external Prometheus source. You must perform the following tasks, as described in this section: * Create a service account. -* Create a secret that generates a token for the service account. * Create the trigger authentication. * Create a role. * Add that role to the service account. @@ -45,7 +44,7 @@ $ oc project <1> * If you are using a trigger authentication, specify the project with the object you want to scale. * If you are using a cluster trigger authentication, specify the `openshift-keda` project. -. Create a service account and token, if your cluster does not have one: +. Create a service account if your cluster does not have one: .. Create a `service account` object by using the following command: + @@ -55,53 +54,6 @@ $ oc create serviceaccount thanos <1> ---- <1> Specifies the name of the service account. -.. Create a `secret` YAML to generate a service account token: -+ -[source,yaml] ----- -apiVersion: v1 -kind: Secret -metadata: - name: thanos-token - annotations: - kubernetes.io/service-account.name: thanos <1> -type: kubernetes.io/service-account-token ----- -<1> Specifies the name of the service account. - -.. Create the secret object by using the following command: -+ -[source,terminal] ----- -$ oc create -f .yaml ----- - -.. Use the following command to locate the token assigned to the service account: -+ -[source,terminal] ----- -$ oc describe serviceaccount thanos <1> ----- -+ -<1> Specifies the name of the service account. -+ --- -.Example output -[source,terminal] ----- -Name: thanos -Namespace: -Labels: -Annotations: -Image pull secrets: thanos-dockercfg-nnwgj -Mountable secrets: thanos-dockercfg-nnwgj -Tokens: thanos-token <1> -Events: - ----- -<1> Use this token in the trigger authentication. --- - . Create a trigger authentication with the service account token: .. Create a YAML file similar to the following: @@ -113,23 +65,18 @@ kind: <1> metadata: name: keda-trigger-auth-prometheus spec: - secretTargetRef: <2> - - parameter: bearerToken <3> - name: thanos-token <4> - key: token <5> - - parameter: ca - name: thanos-token - key: ca.crt + boundServiceAccountToken: <2> + - parameter: bearerToken <3> + serviceAccountName: thanos <4> ---- <1> Specifies one of the following trigger authentication methods: + * If you are using a trigger authentication, specify `TriggerAuthentication`. This example configures a trigger authentication. * If you are using a cluster trigger authentication, specify `ClusterTriggerAuthentication`. + -<2> Specifies that this object uses a secret for authorization. -<3> Specifies the authentication parameter to supply by using the token. -<4> Specifies the name of the token to use. -<5> Specifies the key in the token to use with the specified parameter. +<2> Specifies that this trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint. +<3> Specifies the authentication parameter to supply by using the token. Here, the example uses bearer authentication. +<4> Specifies the name of the service account to use. .. Create the CR object: + @@ -221,3 +168,53 @@ You can now deploy a scaled object or scaled job to enable autoscaling for your * `triggers.metadata.authModes` must be `bearer` * `triggers.metadata.namespace` must be set to the namespace of the object to scale * `triggers.authenticationRef` must point to the trigger authentication resource specified in the previous step + +//// +Hiding, might not need it. If so, place this as step 2. +.. Create a `secret` YAML to generate a service account token: ++ +[source,yaml] +---- +apiVersion: v1 +kind: Secret +metadata: + name: thanos-token + annotations: + kubernetes.io/service-account.name: thanos <1> +type: kubernetes.io/service-account-token +---- +<1> Specifies the name of the service account. + +.. Create the secret object by using the following command: ++ +[source,terminal] +---- +$ oc create -f .yaml +---- + +.. Use the following command to locate the token assigned to the service account: ++ +[source,terminal] +---- +$ oc describe serviceaccount thanos <1> +---- ++ +<1> Specifies the name of the service account. ++ +-- +.Example output +[source,terminal] +---- +Name: thanos +Namespace: +Labels: +Annotations: +Image pull secrets: thanos-dockercfg-nnwgj +Mountable secrets: thanos-dockercfg-nnwgj +Tokens: thanos-token <1> +Events: + +---- +<1> Use this token in the trigger authentication. +-- +//// diff --git a/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc b/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc index 65bafa1ef8cd..b747b5272cc6 100644 --- a/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc +++ b/modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc @@ -12,19 +12,46 @@ You use trigger authentications and cluster trigger authentications by using a c * The Custom Metrics Autoscaler Operator must be installed. -* If you are using a secret, the `Secret` object must exist, for example: +* If you are using a bound service account token, the service account must exist. + +* If you are using a bound service account token, a role-based access control (RBAC) object that enables the Custom Metrics Autoscaler Operator to request service account tokens from the service account must exist. + -.Example secret [source,yaml] ---- -apiVersion: v1 -kind: Secret +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: keda-operator-token-creator + namespace: <1> +rules: +- apiGroups: + - "" + resources: + - serviceaccounts/token + verbs: + - create + resourceNames: + - thanos <2> +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: my-secret -data: - user-name: - password: + name: keda-operator-token-creator-binding + namespace: <3> +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: keda-operator-token-creator +subjects: +- kind: ServiceAccount + name: keda-operator + namespace: openshift-keda ---- +<1> Specifies the namespace of the service account. +<2> Specifies the name of the service account. +<3> Specifies the namespace of the service account. + +* If you are using a secret, the `Secret` object must exist. .Procedure @@ -32,23 +59,22 @@ data: .. Create a YAML file that defines the object: + -.Example trigger authentication with a secret +.Example trigger authentication with a bound service account token [source,yaml] ---- kind: TriggerAuthentication apiVersion: keda.sh/v1alpha1 metadata: name: prom-triggerauthentication - namespace: my-namespace -spec: - secretTargetRef: - - parameter: user-name - name: my-secret - key: USER_NAME - - parameter: password - name: my-secret - key: USER_PASSWORD + namespace: my-namespace <1> + spec: + boundServiceAccountToken: <2> + - parameter: token + serviceAccountName: thanos <3> ---- +<1> Specifies the namespace of the object you want to scale. +<2> Specifies that this trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint. +<3> Specifies the name of the service account to use. .. Create the `TriggerAuthentication` object: + diff --git a/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc b/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc index 23ac009c0b6f..3daaabfbc87a 100644 --- a/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc +++ b/modules/nodes-cma-autoscaling-custom-trigger-prom.adoc @@ -35,6 +35,7 @@ spec: cortexOrgID: my-org <8> ignoreNullValues: "false" <9> unsafeSsl: "false" <10> + timeout: 1000 <11> ---- <1> Specifies Prometheus as the trigger type. <2> Specifies the address of the Prometheus server. This example uses {product-title} monitoring. @@ -51,7 +52,10 @@ spec: * If `false`, the certificate check is performed. This is the default behavior. * If `true`, the certificate check is not performed. + +-- [IMPORTANT] ==== Skipping the check is not recommended. ==== +-- +<11> Optional: Specifies an HTTP request timeout in milliseconds for the HTTP client used by this Prometheus trigger. This value overrides any global timeout setting. diff --git a/modules/nodes-cma-autoscaling-custom-trigger-workload.adoc b/modules/nodes-cma-autoscaling-custom-trigger-workload.adoc new file mode 100644 index 000000000000..af06d44bf739 --- /dev/null +++ b/modules/nodes-cma-autoscaling-custom-trigger-workload.adoc @@ -0,0 +1,41 @@ +// Module included in the following assemblies: +// +// * nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc + +:_mod-docs-content-type: PROCEDURE +[id="nodes-cma-autoscaling-custom-trigger-workload_{context}"] += Understanding the Kubernetes workload trigger + +You can scale pods based on the number of pods matching a specific label selector. + +The Custom Metrics Autoscaler Operator tracks the number of pods with a specific label that are in the same namespace, then calculates a _relation_ based on the number of labeled pods to the pods for the scaled object. Using this relation, the Custom Metrics Autoscaler Operator scales the object according to the scaling policy in the `ScaledObject` or `ScaledJob` specification. + +The pod counts includes pods with a `Succeeded` or `Failed` phase. + +For example, if you have a `frontend` deployment and a `backend` deployment. You can use a `kubernetes-workload` trigger to scale the `backend` deployment based on the number of `frontend` pods. If number of `frontend` pods goes up, the Operator would scale the `backend` pods to maintain the specified ratio. In this example, if there are 10 pods with the `app=frontend` pod selector, the Operator scales the backend pods to 5 in order to maintain the `0.5` ratio set in the scaled object. + +.Example scaled object with a Kubernetes workload trigger +[source,yaml] +---- +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: workload-scaledobject + namespace: my-namespace +spec: + triggers: + - type: kubernetes-workload <1> + metadata: + podSelector: 'app=frontend' <2> + value: '0.5' <3> + activationValue: '3.1' <4> +---- +<1> Specifies a Kubernetes workload trigger. +<2> Specifies one or more pod selectors and/or set-based selectors, separated with commas, to use to get the pod count. +<3> Specifies the target relation between the scaled workload and the number of pods that match the selector. The relation is calculated following the following formula: ++ +---- +relation = (pods that match the selector) / (scaled workload pods) +---- ++ +<4> Optional: Specifies the target value for scaler activation phase. The default is `0`. diff --git a/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc b/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc index 435e24a51475..8d301c33f57a 100644 --- a/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc +++ b/nodes/cma/nodes-cma-autoscaling-custom-trigger-auth.adoc @@ -15,50 +15,47 @@ Alternatively, to share credentials between objects in multiple namespaces, you Trigger authentications and cluster trigger authentication use the same configuration. However, a cluster trigger authentication requires an additional `kind` parameter in the authentication reference of the scaled object. -.Example secret for Basic authentication +.Example trigger authentication that uses a bound service account token [source,yaml] ---- -apiVersion: v1 -kind: Secret +kind: TriggerAuthentication +apiVersion: keda.sh/v1alpha1 metadata: - name: my-basic-secret - namespace: default -data: - username: "dXNlcm5hbWU=" <1> - password: "cGFzc3dvcmQ=" + name: secret-triggerauthentication + namespace: my-namespace <1> +spec: + boundServiceAccountToken: <2> + - parameter: bearerToken + serviceAccountName: thanos <3> ---- -<1> User name and password to supply to the trigger authentication. The values in a `data` stanza must be base-64 encoded. +<1> Specifies the namespace of the object you want to scale. +<2> Specifies that this trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint. +<3> Specifies the name of the service account to use. -.Example trigger authentication using a secret for Basic authentication +.Example cluster trigger authentication that uses a bound service account token [source,yaml] ---- -kind: TriggerAuthentication +kind: ClusterTriggerAuthentication apiVersion: keda.sh/v1alpha1 metadata: - name: secret-triggerauthentication - namespace: my-namespace <1> + name: bound-service-account-token-triggerauthentication <1> spec: - secretTargetRef: <2> - - parameter: username <3> - name: my-basic-secret <4> - key: username <5> - - parameter: password - name: my-basic-secret - key: password + boundServiceAccountToken: <2> + - parameter: bearerToken + serviceAccountName: thanos <3> ---- <1> Specifies the namespace of the object you want to scale. -<2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint. -<3> Specifies the authentication parameter to supply by using the secret. -<4> Specifies the name of the secret to use. -<5> Specifies the key in the secret to use with the specified parameter. +<2> Specifies that this cluster trigger authentication uses a bound service account token for authorization when connecting to the metrics endpoint. +<3> Specifies the name of the service account to use. -.Example cluster trigger authentication with a secret for Basic authentication +.Example trigger authentication that uses a secret for Basic authentication [source,yaml] ---- -kind: ClusterTriggerAuthentication +kind: TriggerAuthentication apiVersion: keda.sh/v1alpha1 -metadata: <1> - name: secret-cluster-triggerauthentication +metadata: + name: secret-triggerauthentication + namespace: my-namespace <1> spec: secretTargetRef: <2> - parameter: username <3> @@ -68,29 +65,27 @@ spec: name: my-basic-secret key: password ---- -<1> Note that no namespace is used with a cluster trigger authentication. +<1> Specifies the namespace of the object you want to scale. <2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint. <3> Specifies the authentication parameter to supply by using the secret. -<4> Specifies the name of the secret to use. +<4> Specifies the name of the secret to use. See the following example secret for Basic authentication. <5> Specifies the key in the secret to use with the specified parameter. -.Example secret with certificate authority (CA) details +.Example secret for Basic authentication [source,yaml] ---- apiVersion: v1 kind: Secret metadata: - name: my-secret - namespace: my-namespace -data: - ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0... <1> - client-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0... <2> - client-key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0t... + name: my-basic-secret + namespace: default +data: + username: "dXNlcm5hbWU=" <1> + password: "cGFzc3dvcmQ=" ---- -<1> Specifies the TLS CA Certificate for authentication of the metrics endpoint. The value must be base-64 encoded. -<2> Specifies the TLS certificates and key for TLS client authentication. The values must be base-64 encoded. +<1> User name and password to supply to the trigger authentication. The values in the `data` stanza must be base-64 encoded. -.Example trigger authentication using a secret for CA details +.Example trigger authentication that uses a secret for CA details [source,yaml] ---- kind: TriggerAuthentication @@ -113,10 +108,10 @@ spec: <4> Specifies the name of the secret to use. <5> Specifies the key in the secret to use with the specified parameter. <6> Specifies the authentication parameter for a custom CA when connecting to the metrics endpoint. -<7> Specifies the name of the secret to use. +<7> Specifies the name of the secret to use. See the following example secret with certificate authority (CA) details. <8> Specifies the key in the secret to use with the specified parameter. -.Example secret with a bearer token +.Example secret with certificate authority (CA) details [source,yaml] ---- apiVersion: v1 @@ -125,11 +120,14 @@ metadata: name: my-secret namespace: my-namespace data: - bearerToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV" <1> + ca-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0... <1> + client-cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0... <2> + client-key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0t... ---- -<1> Specifies a bearer token to use with bearer authentication. The value in a `data` stanza must be base-64 encoded. +<1> Specifies the TLS CA Certificate for authentication of the metrics endpoint. The value must be base-64 encoded. +<2> Specifies the TLS certificates and key for TLS client authentication. The values must be base-64 encoded. -.Example trigger authentication with a bearer token +.Example trigger authentication that uses a bearer token [source,yaml] ---- kind: TriggerAuthentication @@ -146,10 +144,23 @@ spec: <1> Specifies the namespace of the object you want to scale. <2> Specifies that this trigger authentication uses a secret for authorization when connecting to the metrics endpoint. <3> Specifies the type of authentication to use. -<4> Specifies the name of the secret to use. +<4> Specifies the name of the secret to use. See the following example secret for a bearer token. <5> Specifies the key in the token to use with the specified parameter. -.Example trigger authentication with an environment variable +.Example secret for a bearer token +[source,yaml] +---- +apiVersion: v1 +kind: Secret +metadata: + name: my-secret + namespace: my-namespace +data: + bearerToken: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV" <1> +---- +<1> Specifies a bearer token to use with bearer authentication. The value must be base-64 encoded. + +.Example trigger authentication that uses an environment variable [source,yaml] ---- kind: TriggerAuthentication @@ -169,7 +180,7 @@ spec: <4> Specify the name of the environment variable. <5> Optional: Specify a container that requires authentication. The container must be in the same resource as referenced by `scaleTargetRef` in the scaled object. -.Example trigger authentication with pod authentication providers +.Example trigger authentication that uses pod authentication providers [source,yaml] ---- kind: TriggerAuthentication @@ -189,7 +200,8 @@ spec: ifndef::openshift-rosa,openshift-dedicated[] .Additional resources -* For information about {product-title} secrets, see xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[Providing sensitive data to pods]. -endif::openshift-rosa,openshift-dedicated[] +* xref:../../authentication/understanding-and-creating-service-accounts.adoc#understanding-service-accounts[Understanding and creating service accounts] +* xref:../../nodes/pods/nodes-pods-secrets.adoc#nodes-pods-secrets[Providing sensitive data to pods]. +// endif::openshift-rosa,openshift-dedicated[] include::modules/nodes-cma-autoscaling-custom-trigger-auth-using.adoc[leveloffset=+1] diff --git a/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc b/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc index fc7393a796ce..1003e696d1ed 100644 --- a/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc +++ b/nodes/cma/nodes-cma-autoscaling-custom-trigger.adoc @@ -32,3 +32,4 @@ include::modules/nodes-cma-autoscaling-custom-trigger-cpu.adoc[leveloffset=+1] include::modules/nodes-cma-autoscaling-custom-trigger-memory.adoc[leveloffset=+1] include::modules/nodes-cma-autoscaling-custom-trigger-kafka.adoc[leveloffset=+1] include::modules/nodes-cma-autoscaling-custom-trigger-cron.adoc[leveloffset=+1] +include::modules/nodes-cma-autoscaling-custom-trigger-workload.adoc[leveloffset=+1]