-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Roadmap: KEDA Scale with Managed Identity #592
Comments
any ETA on this ? |
Anything we can do to increase the priority on this? |
We would really need this feature. Is there any update for it? |
Agreed, this is a bit of a blocker for us moving to ACA |
Yes please, this would be tremendous |
This will be a great improvement for our ACA architecture |
+1 |
are there any particular difficulties implementing that? |
Hi @SophCarp could you please share an ETA ? |
Please can this be sorted out @SophCarp. 1 year on a backlog! |
Needing a SAS-based connection string for KEDA scaling is the only reason I need local authentication enabled on a Service Bus namespace for the solution I'm working on. Everything else authenticates with managed identity. It would be great to add support for that here. |
Needing SAS for KEDA is the reason why we've not moved to ACA or KEDA as yet, I refused to lower security |
Hi everyone, thanks for your patience on this. KEDA support for managed identity is rolling out, docs are getting prepped for publishing, and we will be announcing availability before the end of the month. |
Seems that KEDA got updated already at least in Sweden Central region. Should managed identities already work or is there some wrapper in between that requires also changes @vturecek? |
@Hi-Fi yes this now available in all regions with API version 2024-02-02-preview. I am still waiting on editing and publication of additional documentation, but this should get you started: https://learn.microsoft.com/en-us/azure/container-apps/managed-identity?tabs=portal%2Cdotnet#use-managed-identity-for-scale-rules Thanks for your patience. I'll post links to additional documentation once it is published. Please let us know if you have any feedback. |
Additional documentation is now available: |
I can confirm this is working however the docs on the above links are targeted at Storage Accounts and incorrect for Service Bus queue scaling for example. Instead of the Scale Rule requiring a metadata property called |
@alexpkent the example here shows a Service Bus queue scale rule with the namespace set: https://learn.microsoft.com/en-us/azure/container-apps/scale-app?pivots=azure-cli#example-3 The other examples we have show Azure Storage queues with Where do you see an example Service Bus queue scale rule with |
@vturecek Are there any examples on how to utilize this with the event driven configuration for azure-pipelines KEDA Scaler in Container App Jobs, or is that still not supporting Managed Identity to monitor the queue in Azure DevOps ? and you still need to use PAT there ? |
@haflidif I got this working today after a bit of trial and error as I couldn't see how to do it from the docs. Don't use See this bicep:
Set the org URL in your job secrets as well (just as a direct value, no key vault needed) and you're good to go. I've now completely eliminated PATs in my self hosted agents on Container App Jobs, it's great. |
Awesome 👏 Thank you very much! I'll try it out at keep you updated |
I confirm this works perfectly fine. |
Hi @vturecek, Edit: I also tried putting the identity inside the metadata section, but still no luck. |
@andreaskasc did you update the API version of your ACA resource to 2024-02-02-preview? |
is this only available for cli/api at the minute and not bicep? i cant see a 2024-02-02-preview for bicep and havent been able to get it to work (unless i use cli) |
Yes, I've used it in bicep, I just ignore the warning that it doesn't know about 2024-02-02-preview, it doesn't stop the deployment from going through. |
Thanks, i managed to get it working with bicep + ignoring warning |
Thanks @drdr-vincentvm I made it work with the changed ACA API version. For anyone using the Event Hubs scaler, this is how it is supposed to be: However, since I am using bicep for deployments and this version is not there yet on the bicep module (https://learn.microsoft.com/en-us/azure/templates/microsoft.app/containerapps?pivots=deployment-language-bicep) I will not use it yet. |
Has anyone got this working with Service Bus yet? I'm using version 2024-02-02-preview of the ACA API and the container app provisions without error but it doesn't scale. Scale rule looks like this:
Using that rule, I got warnings in the ACA system log: "error parsing azure service bus metadata: no connection setting given" so I tried adding the secretRef back and just removing the access key from the Service Bus connection information. It still didn't scale, though, so I may not be approaching it right. |
This worked for service bus for me, the only difference I can see if the
|
When will this be released beyond the '-preview' tag? |
@alexpkent, did it work for you when using managed identity to authenticate with the service bus? I don't see an 'identity' property in your rule definiton. |
Yes I am using a user assigned managed identity with 'Azure Service Bus Data Owner' on the service bus, I just didn't include that in the sample above. This identity is then assigned to the ACA Job itself not the ACA Environment. |
Is it possible that you share your bicep code? I'm trying to get it up and running but it's not really working, at least not reliably, for me. It can scale up but then it keeps the agent in Idle status instead of scaling down again. I'm not sure what the actual problem is tho. |
I'm having issue using managed identity for scaling ACA. what I'm experiencing
what I've confirmed
If anyone have clues to this problem, please feel free to give advice. |
What is the status of this? Is there an ETA for Generally Available? |
No ETA yet
The text was updated successfully, but these errors were encountered: