Replies: 1 comment
-
The KEDA operator is doing this AFAIK.
Why is that confusing? That's the same pattern KEDA uses. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I am new to Keda, and I'm struggling to find the answer to the question: which pod does
podIdentity
refer to in the docs? For instance:The Authentication concept documentation mentions:
Do we mean:
keda-operator
)? Or,Option (2) feels a bit unlikely, since I imagine the scaler polling is happening elsewhere, and we'd somehow need to grant access to that scaler-poller workload to use another pod's service account. Is this even possible?
I was also confused by this ticket, which seems to indicate some other use case or similar misunderstanding perhaps 🤷 . FWIW, I was able to associate the keda-operator service account with the GCP workload identity. But, I only tried using the
ScaledJob
so far; perhaps there is an issue with scaling a Deployment with theScaledObject
, I intend to try and report back if it is so.Below are more examples of documentation that I came across.
EKS Pod Identity docs say:
Similarly in Kiam Pod Identity:
And GCP Workload Identity:
Lastly, Azure seems unique in that allows picking the identity to use:
This is made somewhat more confusing by the fact that Azure recently archived https://github.com/Azure/aad-pod-identity and are redirecting users to https://azure.github.io/azure-workload-identity/docs/ which seems a bit more inline with the other's in the above list...
For what it's worth, I am fairly comfortable with the concept of pod identity, and I have been using managed kubernetes on GCP (GKE) for a few years, and we manage our workload authentication with workload identity.
Beta Was this translation helpful? Give feedback.
All reactions