Relevant Code Part:
|
|
|
// +optional |
|
IdentityID *string `json:"identityId"` |
|
|
|
// +optional |
|
// Set identityTenantId to override the default Azure tenant id. If this is set, then the IdentityID must also be set |
|
IdentityTenantID *string `json:"identityTenantId"` |
|
|
|
// +optional |
|
// Set identityAuthorityHost to override the default Azure authority host. If this is set, then the IdentityTenantID must also be set |
|
IdentityAuthorityHost *string `json:"identityAuthorityHost"` |
|
|
|
// +kubebuilder:validation:Optional |
|
// RoleArn sets the AWS RoleArn to be used. Mutually exclusive with IdentityOwner |
|
RoleArn *string `json:"roleArn"` |
|
|
|
// +kubebuilder:validation:Enum=keda;workload |
|
// +optional |
|
// IdentityOwner configures which identity has to be used during auto discovery, keda or the scaled workload. Mutually exclusive with roleArn |
|
IdentityOwner *string `json:"identityOwner"` |
According to the documentation here:
https://keda.sh/docs/2.17/concepts/authentication/#pod-authentication-providers
you should be able to set the provider field to gcp and it will work, provided the Kubernetes service account has the correct permissions assigned via GCP Workload Federation (or the appropriate name for this).
However, when I use that struct/API in my operator like this:
// For this, the KEDA operator service account needs the monitoring.viewer role in GCP
resources = append(resources, &keda.TriggerAuthentication{
TypeMeta: metav1.TypeMeta{
APIVersion: "keda.sh/v1alpha1",
Kind: "TriggerAuthentication",
},
ObjectMeta: metav1.ObjectMeta{
Name: "keda-gcp-pod-identity",
Namespace: universe.Name,
},
Spec: keda.TriggerAuthenticationSpec{
PodIdentity: &keda.AuthPodIdentity{
Provider: keda.PodIdentityProviderGCP,
},
},
})the missing omitempty tags in the keda.AuthPodIdentity fields cause the JSON to include "null" values. This results in an error:
server-side applying resource *v1alpha1.TriggerAuthentication 'keda-gcp-pod-identity': TriggerAuthentication.keda.sh "keda-gcp-pod-identity" is invalid: [spec.podIdentity.roleArn: Invalid value: "null"
(The error message a bit shortened, It gives me that for all the other values as well.)
Relevant Code Part:
keda/apis/keda/v1alpha1/triggerauthentication_types.go
Lines 143 to 162 in 033f46d
According to the documentation here:
https://keda.sh/docs/2.17/concepts/authentication/#pod-authentication-providers
you should be able to set the
providerfield togcpand it will work, provided the Kubernetes service account has the correct permissions assigned via GCP Workload Federation (or the appropriate name for this).However, when I use that struct/API in my operator like this:
the missing
omitemptytags in thekeda.AuthPodIdentityfields cause the JSON to include"null"values. This results in an error:(The error message a bit shortened, It gives me that for all the other values as well.)