From e19e46b63396655b35919ad747ef9f50e945503a Mon Sep 17 00:00:00 2001 From: Max Cao Date: Fri, 29 Nov 2024 16:33:03 -0800 Subject: [PATCH] Add docs for bound service account token trigger authentication Signed-off-by: Max Cao --- .../bound-service-account-token.md | 14 ++++++++++++++ content/docs/2.17/concepts/authentication.md | 15 ++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 content/docs/2.17/authentication-providers/bound-service-account-token.md diff --git a/content/docs/2.17/authentication-providers/bound-service-account-token.md b/content/docs/2.17/authentication-providers/bound-service-account-token.md new file mode 100644 index 000000000..4623a17a3 --- /dev/null +++ b/content/docs/2.17/authentication-providers/bound-service-account-token.md @@ -0,0 +1,14 @@ ++++ +title = "Bound service account token" ++++ + +You can pull a service account token into the trigger by defining the `serviceAccountName` of the Kubernetes ServiceAccount and token `expiry` duration. + +```yaml +boundServiceAccountToken: # Optional. + - parameter: connectionString # Required - Defined by the scale trigger + serviceAccountName: my-keda-service-account # Required. + expiry: 1h # Required. +``` + +**Assumptions:** `namespace` is in the same resource as referenced by `scaleTargetRef.name` in the ScaledObject, unless specified otherwise. diff --git a/content/docs/2.17/concepts/authentication.md b/content/docs/2.17/concepts/authentication.md index d751e01ec..ca8b509cb 100644 --- a/content/docs/2.17/concepts/authentication.md +++ b/content/docs/2.17/concepts/authentication.md @@ -240,6 +240,19 @@ secretTargetRef: # Optional. **Assumptions:** `namespace` is in the same resource as referenced by `scaleTargetRef.name` in the ScaledObject, unless specified otherwise. +### Bound service account token + +You can pull a service account token into the trigger by defining the `serviceAccountName` of the Kubernetes ServiceAccount and token `expiry` duration. + +```yaml +boundServiceAccountToken: # Optional. + - parameter: connectionString # Required - Defined by the scale trigger + serviceAccountName: my-keda-service-account # Required. + expiry: 1h # Required. +``` + +**Assumptions:** `namespace` is in the same resource as referenced by `scaleTargetRef.name` in the ScaledObject, unless specified otherwise. + ### Hashicorp Vault secret(s) You can pull one or more Hashicorp Vault secrets into the trigger by defining the authentication metadata such as Vault `address` and the `authentication` method (token | kubernetes). If you choose kubernetes auth method you should provide `role` and `mount` as well. @@ -425,4 +438,4 @@ You can tell KEDA to use EKS Pod Identity Webhook via `podIdentity.provider`. ```yaml podIdentity: provider: aws-eks # Optional. Default: none -``` \ No newline at end of file +```