Add needed resources in the clusters for e2e test with AAD-Pod-identity #2895
Comments
JorTurFer
added
needs-discussion
feature-request
JorTurFer
added
auth
azure
|
Asked @ahmelsayed as I lack the permissions to add AAD Pod Identity. |
|
AAD Pod Identity added to cluster thanks to @ahmelsayed |
|
Do we have pending actions on this @v-shenoy @JorTurFer ? |
|
I think that all AAD-Pod-Identity resources are needed. We have added the needed resources/e2e-tests for AAD-Workload-Identity (but I'm totally missed on AAD side, @v-shenoy ?) |
|
I am sorry, I did not get you @JorTurFer |
|
AAD-Pod-Identity and AAD-Workload-Identity are 2 different identity pods. Right now we have integration/e2e test for the second one, but for AAD-Pod-Identity we only have the integration, we don't have e2e test because AAD-Pod-Identity it's not ready/configured, right? |
|
Yes. Those are independent and require different configurations. I will have to check and see what all needs to be done for pod identity. |
|
any update here? |
|
I'll try to see if I can get this done soon. |
|
I have followed this doc to spawn add-pod-identity on my own cluster and it's quite easy. |
|
What do you need? |
|
We need to spawn aad-pod-identity in the cluster (e.g using the addon) and we need also a managed identity attached to the nodepool with access to the resources. We will need also the client-id as a secret to use it in KEDA deployments. |
|
I'll set this up later this week |
|
as AAD-Pod-Identity is already deprecated in favour of Workload Identity, I guess we can close this to not invest effort here |
Proposal
Right now, KEDA supports authentication by Azure MSI in Azure scalers. There are some e2e tests that are ready to test the scaler with this integration, but for that the AAD-Pod-Identity has to be deployed, and the MSI properly configured (and available its ID as secret).
For instance, right now App Insights e2e test is ready (with that test disabled), and Data Explorer also supports this test.
I'd like to have available in both clusters (e2e and pr-e2e) AAD-Pod-Identity deployed and at least 1 MSI with enough permissions in all resources at Azure side for testing all current scalers (even scalers like Azure Queue doesn't have that MSI specific test at this moment)
Use-Case
Improve the trust in the e2e test because they cover more scenarios
Anything else?
No response
The text was updated successfully, but these errors were encountered: