Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add needed resources in the clusters for e2e test with AAD-Pod-identity #2895

Closed
JorTurFer opened this issue Apr 9, 2022 · 14 comments
Closed

Add needed resources in the clusters for e2e test with AAD-Pod-identity #2895

JorTurFer opened this issue Apr 9, 2022 · 14 comments
Assignees
@tomkerkhove @v-shenoy
Labels
auth azure All issues concerning integration with Azure enhancement New feature or request testing

Comments

@JorTurFer
Copy link
Member

Proposal

Right now, KEDA supports authentication by Azure MSI in Azure scalers. There are some e2e tests that are ready to test the scaler with this integration, but for that the AAD-Pod-Identity has to be deployed, and the MSI properly configured (and available its ID as secret).
For instance, right now App Insights e2e test is ready (with that test disabled), and Data Explorer also supports this test.

I'd like to have available in both clusters (e2e and pr-e2e) AAD-Pod-Identity deployed and at least 1 MSI with enough permissions in all resources at Azure side for testing all current scalers (even scalers like Azure Queue doesn't have that MSI specific test at this moment)

Use-Case

Improve the trust in the e2e test because they cover more scenarios

Anything else?

No response
@JorTurFer JorTurFer added needs-discussion feature-request All issues for new features that have not been committed to labels Apr 9, 2022
@tomkerkhove tomkerkhove moved this to Proposed in Roadmap - KEDA Core Apr 9, 2022
@JorTurFer JorTurFer added auth azure All issues concerning integration with Azure and removed needs-discussion feature-request All issues for new features that have not been committed to labels Apr 9, 2022
@tomkerkhove tomkerkhove added testing enhancement New feature or request labels Apr 9, 2022
@tomkerkhove
Copy link
Member

Asked @ahmelsayed as I lack the permissions to add AAD Pod Identity.

@tomkerkhove
Copy link
Member

AAD Pod Identity added to cluster thanks to @ahmelsayed

@tomkerkhove tomkerkhove mentioned this issue Apr 29, 2022
Merged
1 task
@JorTurFer JorTurFer mentioned this issue Apr 29, 2022
Merged
1 task
@tomkerkhove
Copy link
Member

Do we have pending actions on this @v-shenoy @JorTurFer ?

@JorTurFer
Copy link
Member Author

I think that all AAD-Pod-Identity resources are needed. We have added the needed resources/e2e-tests for AAD-Workload-Identity (but I'm totally missed on AAD side, @v-shenoy ?)

@v-shenoy
Copy link
Contributor

I am sorry, I did not get you @JorTurFer

@JorTurFer
Copy link
Member Author

AAD-Pod-Identity and AAD-Workload-Identity are 2 different identity pods. Right now we have integration/e2e test for the second one, but for AAD-Pod-Identity we only have the integration, we don't have e2e test because AAD-Pod-Identity it's not ready/configured, right?

@v-shenoy
Copy link
Contributor

Yes. Those are independent and require different configurations. I will have to check and see what all needs to be done for pod identity.

@v-shenoy v-shenoy self-assigned this May 30, 2022
@JorTurFer
Copy link
Member Author

any update here?

@JorTurFer JorTurFer mentioned this issue Sep 11, 2022
Merged
1 task
@v-shenoy
Copy link
Contributor

I'll try to see if I can get this done soon.

@JorTurFer
Copy link
Member Author

JorTurFer commented Sep 11, 2022
edited
Loading

I have followed this doc to spawn add-pod-identity on my own cluster and it's quite easy.

@tomkerkhove
Copy link
Member

What do you need?

@JorTurFer
Copy link
Member Author

We need to spawn aad-pod-identity in the cluster (e.g using the addon) and we need also a managed identity attached to the nodepool with access to the resources. We will need also the client-id as a secret to use it in KEDA deployments.
This is the guide with all the things needed https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity

@tomkerkhove
Copy link
Member

I'll set this up later this week

@JorTurFer
Copy link
Member Author

as AAD-Pod-Identity is already deprecated in favour of Workload Identity, I guess we can close this to not invest effort here

Repository owner moved this from Proposed to Ready To Ship in Roadmap - KEDA Core Dec 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomkerkhove tomkerkhove

@v-shenoy v-shenoy

Labels
auth azure All issues concerning integration with Azure enhancement New feature or request testing
Projects
Roadmap - KEDA Core
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomkerkhove @JorTurFer @v-shenoy