Skip to content

Add AWS Parameter Store support to TriggerAuthentication CRDs #840

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
stegojulia wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add AWS Parameter Store support to TriggerAuthentication CRDs #840

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 144 additions & 8 deletions keda/templates/crds/crd-clustertriggerauthentications.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,9 @@
{{- if .Values.crds.install }}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.20.0
{{- if (or .Values.crds.additionalAnnotations .Values.additionalAnnotations) }}
{{- toYaml (merge .Values.crds.additionalAnnotations .Values.additionalAnnotations) | nindent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ .Values.operator.name }}
{{- include "keda.crd-labels" . | indent 4 }}
name: clustertriggerauthentications.keda.sh
spec:
group: keda.sh
Expand Down Expand Up @@ -73,6 +67,137 @@ spec:
spec:
description: TriggerAuthenticationSpec defines the various ways to authenticate
properties:
awsParameterStore:
description: AwsParameterStore is used to authenticate using AWS Systems
Manager Parameter Store
properties:
credentials:
properties:
accessKey:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
accessSecretKey:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
accessToken:
properties:
valueFrom:
properties:
secretKeyRef:
properties:
key:
type: string
name:
type: string
required:
- key
- name
type: object
required:
- secretKeyRef
type: object
required:
- valueFrom
type: object
required:
- accessKey
- accessSecretKey
type: object
parameters:
items:
properties:
name:
type: string
parameter:
type: string
withDecryption:
type: boolean
required:
- name
- parameter
type: object
minItems: 1
type: array
podIdentity:
description: |-
AuthPodIdentity allows users to select the platform native identity
mechanism
properties:
identityAuthorityHost:
description: Set identityAuthorityHost to override the default
Azure authority host. If this is set, then the IdentityTenantID
must also be set
type: string
identityId:
type: string
identityOwner:
description: IdentityOwner configures which identity has to
be used during auto discovery, keda or the scaled workload.
Mutually exclusive with roleArn
enum:
- keda
- workload
type: string
identityTenantId:
description: Set identityTenantId to override the default
Azure tenant id. If this is set, then the IdentityID must
also be set
type: string
provider:
description: PodIdentityProvider contains the list of providers
enum:
- azure-workload
- gcp
- aws
- aws-eks
- none
type: string
roleArn:
description: RoleArn sets the AWS RoleArn to be used. Mutually
exclusive with IdentityOwner
type: string
required:
- provider
type: object
region:
type: string
required:
- parameters
type: object
awsSecretManager:
description: AwsSecretManager is used to authenticate using AwsSecretManager
properties:
Expand Down Expand Up @@ -202,6 +327,7 @@ spec:
- name
- parameter
type: object
minItems: 1
type: array
required:
- secrets
Expand Down Expand Up @@ -306,6 +432,7 @@ spec:
- name
- parameter
type: object
minItems: 1
type: array
vaultUri:
type: string
Expand Down Expand Up @@ -445,6 +572,7 @@ spec:
- id
- parameter
type: object
minItems: 1
type: array
required:
- secrets
Expand All @@ -458,6 +586,9 @@ spec:
authentication:
description: VaultAuthentication contains the list of Hashicorp
Vault authentication methods
enum:
- token
- kubernetes
type: string
credential:
description: Credential defines the Hashicorp Vault credentials
Expand Down Expand Up @@ -506,12 +637,18 @@ spec:
type: object
type:
description: VaultSecretType defines the type of vault secret
enum:
- ""
- secretV2
- secret
- pki
type: string
required:
- key
- parameter
- path
type: object
minItems: 1
type: array
required:
- address
Expand Down Expand Up @@ -593,4 +730,3 @@ spec:
storage: true
subresources:
status: {}
{{- end -}}
Loading
Loading