Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for cluster-scoped trigger authentication #1452

Merged
merged 2 commits into from
Jan 6, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@
### New
- Can use Pod Identity with Azure Event Hub scaler ([#994](https://github.com/kedacore/keda/issues/994))
- Introducing InfluxDB scaler ([#1239](https://github.com/kedacore/keda/issues/1239))
- Add Redis cluster support for Redis list and Redis streams scalers.
- Add Redis cluster support for Redis list and Redis streams scalers ([#1437](https://github.com/kedacore/keda/pull/1437))
- Global authentication credentials can be managed using ClusterTriggerAuthentication objects ([#1452](https://github.com/kedacore/keda/pull/1452))

### Improvements
- Support add ScaledJob's label to its job ([#1311](https://github.com/kedacore/keda/issues/1311))
Expand Down
5 changes: 4 additions & 1 deletion api/v1alpha1/scaledobject_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -107,10 +107,13 @@ type ScaledObjectList struct {
Items []ScaledObject `json:"items"`
}

// ScaledObjectAuthRef points to the TriggerAuthentication object that
// ScaledObjectAuthRef points to the TriggerAuthentication or ClusterTriggerAuthentication object that
// is used to authenticate the scaler with the environment
type ScaledObjectAuthRef struct {
Name string `json:"name"`
// Kind of the resource being referred to. Defaults to TriggerAuthentication.
// +optional
Kind string `json:"kind,omitempty"`
}

func init() {
Expand Down
26 changes: 26 additions & 0 deletions api/v1alpha1/triggerauthentication_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,31 @@ import (

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// ClusterTriggerAuthentication defines how a trigger can authenticate globally
// +genclient
// +genclient:nonNamespaced
// +kubebuilder:resource:path=clustertriggerauthentications,scope=Cluster,shortName=cta;clustertriggerauth
// +kubebuilder:printcolumn:name="PodIdentity",type="string",JSONPath=".spec.podIdentity.provider"
// +kubebuilder:printcolumn:name="Secret",type="string",JSONPath=".spec.secretTargetRef[*].name"
// +kubebuilder:printcolumn:name="Env",type="string",JSONPath=".spec.env[*].name"
type ClusterTriggerAuthentication struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

Spec TriggerAuthenticationSpec `json:"spec"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// ClusterTriggerAuthenticationList contains a list of ClusterTriggerAuthentication
type ClusterTriggerAuthenticationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata"`
Items []ClusterTriggerAuthentication `json:"items"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

// TriggerAuthentication defines how a trigger can authenticate
// +genclient
// +kubebuilder:resource:path=triggerauthentications,scope=Namespaced,shortName=ta;triggerauth
Expand Down Expand Up @@ -130,5 +155,6 @@ type VaultSecret struct {
}

func init() {
SchemeBuilder.Register(&ClusterTriggerAuthentication{}, &ClusterTriggerAuthenticationList{})
SchemeBuilder.Register(&TriggerAuthentication{}, &TriggerAuthenticationList{})
}
58 changes: 58 additions & 0 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

153 changes: 153 additions & 0 deletions config/crd/bases/keda.sh_clustertriggerauthentications.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,153 @@

---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: clustertriggerauthentications.keda.sh
spec:
group: keda.sh
names:
kind: ClusterTriggerAuthentication
listKind: ClusterTriggerAuthenticationList
plural: clustertriggerauthentications
shortNames:
- cta
- clustertriggerauth
singular: clustertriggerauthentication
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.podIdentity.provider
name: PodIdentity
type: string
- jsonPath: .spec.secretTargetRef[*].name
name: Secret
type: string
- jsonPath: .spec.env[*].name
name: Env
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterTriggerAuthentication defines how a trigger can authenticate
globally
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TriggerAuthenticationSpec defines the various ways to authenticate
properties:
env:
items:
description: AuthEnvironment is used to authenticate using environment
variables in the destination ScaleTarget spec
properties:
containerName:
type: string
name:
type: string
parameter:
type: string
required:
- name
- parameter
type: object
type: array
hashiCorpVault:
description: HashiCorpVault is used to authenticate using Hashicorp
Vault
properties:
address:
type: string
authentication:
description: VaultAuthentication contains the list of Hashicorp
Vault authentication methods
type: string
credential:
description: Credential defines the Hashicorp Vault credentials
depending on the authentication method
properties:
serviceAccount:
type: string
token:
type: string
type: object
mount:
type: string
role:
type: string
secrets:
items:
description: VaultSecret defines the mapping between the path
of the secret in Vault to the parameter
properties:
key:
type: string
parameter:
type: string
path:
type: string
required:
- key
- parameter
- path
type: object
type: array
required:
- address
- authentication
- secrets
type: object
podIdentity:
description: AuthPodIdentity allows users to select the platform native
identity mechanism
properties:
provider:
description: PodIdentityProvider contains the list of providers
type: string
required:
- provider
type: object
secretTargetRef:
items:
description: AuthSecretTargetRef is used to authenticate using a
reference to a secret
properties:
key:
type: string
name:
type: string
parameter:
type: string
required:
- key
- name
- parameter
type: object
type: array
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
7 changes: 6 additions & 1 deletion config/crd/bases/keda.sh_scaledjobs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6363,8 +6363,13 @@ spec:
properties:
authenticationRef:
description: ScaledObjectAuthRef points to the TriggerAuthentication
object that is used to authenticate the scaler with the environment
or ClusterTriggerAuthentication object that is used to authenticate
the scaler with the environment
properties:
kind:
description: Kind of the resource being referred to. Defaults
to TriggerAuthentication.
type: string
name:
type: string
required:
Expand Down
7 changes: 6 additions & 1 deletion config/crd/bases/keda.sh_scaledobjects.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -224,8 +224,13 @@ spec:
properties:
authenticationRef:
description: ScaledObjectAuthRef points to the TriggerAuthentication
object that is used to authenticate the scaler with the environment
or ClusterTriggerAuthentication object that is used to authenticate
the scaler with the environment
properties:
kind:
description: Kind of the resource being referred to. Defaults
to TriggerAuthentication.
type: string
name:
type: string
required:
Expand Down
Loading