Saturday 13 January 2024

Setting Up (KEDA) Authentication Trigger for Azure Storage Queue/Service Bus in AKS

We have discussed setting up Kubernetes Event Drivern Autoscaling (KEDA) with AKS workload identity in the post, "Setting Up Kubernetes Event Drivern Autoscaling (KEDA) in AKS with Workload Identity". Purpose of KEDA is to once we receive messages in a queue, such as Azure storage queue or Azure service bus queue we have to scale a scaledjob/deployment in kubernetes.

To setup authentication for the KEDA to communicate and monitor such a queue to scale a job or deployment, it should authentication to access the queue. We can set up the required authentication using using connnection strings for Azure service bus or storage queue . Instead of using such connection strings or shared access keys we can authenticate to the queue using the workload identity, since we have already enabled wrkload identity in KEDA as described in "Setting Up Kubernetes Event Drivern Autoscaling (KEDA) in AKS with Workload Identity".

A triger authentication for KEDA with workload identity can be specified as shown below in a yaml file let's say k8s.yaml. We need to ensure the trigger authntication is defined in the same namespace which we are going to later deploy a scaled job or a scaled deployment. KEDA is deployed at keda namespace and the trigger authentication does not need to be in that namespace.

---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
  name: video-processor-queue-auth
  namespace: media
spec:
  podIdentity:
    provider: azure-workload
    identityId: ${sys_aks_uai_client_id}$

Then we can apply the above trigger with kubectl apply -f k8s.yaml. Once we applied the we can see it is created as shown below. In order for the successful authentication to the queue, the storage queue or service bus queue should have required permision granted to the user assigned identity federated for workload identity as described in the  "Setting Up Kubernetes Event Drivern Autoscaling (KEDA) in AKS with Workload Identity".


In the next post let's discuss how to scale a kubernetes  scaled job with Azure service bus trigger utilizing the trigger authentication with workload identity, that we have created as shown above.





No comments:

Popular Posts