keda: Scaler requires Auth Trigger to be in the same namespace as ScaledObject

A clear and concise description of what the bug is.

Expected Behavior

Expect “authenticationRef” to be able to reference TriggerAuthentication object from another namespace using DNS naming of the service (see https://stackoverflow.com/a/44329470 for example)

Actual Behavior

TriggerAuthentication object is defined in ‘default’ namespace, while ScaledObject is defined in another namespace (‘test’). Creating ScaledObject results in errors in keda-operator:

"level":"error","ts":1592866654.0380845,"logger":"scalehandler","msg":"Error getting triggerAuth","triggerAuthRef.Name":"keda-trigger-auth-kafka-credential","error":"TriggerAuthentication.keda.k8s.io \"keda-trigger-auth-kafka-credential\" not found".......

Steps to Reproduce the Problem

  1. Create Secret and TriggerAuthentication objects in ‘default’ namespace
  2. Create new namespace to hold ScaledObject
  3. Create a ScaledObject in the newly created namespace

Specifications

  • KEDA Version: Latest installed Jun 22, 2020 via Helm
  • Platform & Version: Azure Kubernetes Service (AKS)
  • Kubernetes Version: v1.16.9
  • Scaler(s): Kafka

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 15 (8 by maintainers)

Most upvoted comments

You can now use ClusterTriggerAuthentication objects for cross-ns credentials. I think we can probably close this?

+4
coderanger on Jun 17, 2021

@tomkerkhove @zroubalik This is currently a blocker to us using auth with the Prometheue scaler, as Openshift operator cannot run without auth & tls and uses the Prometheus svc account token for auth. We can implement a workaround which replicates the svc account token to every namespace that needs metrics autoscaling but it feels very dirty and insecure.

This format makes a lot of sense https://github.com/kedacore/keda/issues/864#issuecomment-636957248

+3
adrianchifor on Jun 17, 2021

@adrianchifor feel free to send a PR on https://github.com/kedacore/keda-docs but this applies to all scalers.

Instead we should maybe link to the conceptual docs instead of scoping to the TA CRD.

+1
tomkerkhove on Jun 17, 2021

@tomkerkhove you are right (and I personally prefer the current desing).

+1
zroubalik on Jun 23, 2020
Read more comments on GitHub
← keda: Scaled object panics in deref of nil target ref
keda: Scaling from 0->N doesn't get initiated on time/at all →