Prometheus scaler auth (kedacore#364)

Signed-off-by: marpio <[email protected]> Signed-off-by: rodolfodc <[email protected]>
sidilabs · Mar 26, 2021 · 6bab99c · 6bab99c
1 parent 8dd5bbd
commit 6bab99c
Show file tree

Hide file tree

Showing 2 changed files with 236 additions and 1 deletion.
diff --git a/content/docs/2.2/scalers/metrics-api.md b/content/docs/2.2/scalers/metrics-api.md
@@ -61,6 +61,8 @@ because many applications implement basic auth with a username as apikey and pas
 - `cert`: Certificate for client authentication. This is a required field.
 - `key`: Key for client authentication. Optional. This is a required field.
 
+> 💡 **NOTE:**It's also possible to set the CA certificate regardless of the selected `authMode` (also without any authentication). This might be usefull if you are using an enterprise CA.
+
 ### Example
 
 Here is a full example of scaled object definition using Metric API trigger:

diff --git a/content/docs/2.3/scalers/prometheus.md b/content/docs/2.3/scalers/prometheus.md
@@ -31,7 +31,26 @@ triggers:
 
 ### Authentication Parameters
 
-Not supported yet.
+Prometheus Scaler supports three types of authentication - bearer authentication, basic authentication and TLS authentication. 
+
+You can use `TriggerAuthentication` CRD to configure the authentication. It is possible to specify multiple authentication types i.e. `authModes: "tls,basic"` Specify `authModes` and other trigger parameters along with secret credentials in `TriggerAuthentication` as mentioned below:
+
+**Bearer authentication:**
+- `authModes`: It must contain `bearer` in case of Bearer Authentication. Specify this in trigger configuration.
+- `bearerToken`: The token needed for authentication. This is a required field.
+
+**Basic authentication:**
+- `authMode`: It must contain `basic` in case of Basic Authentication. Specify this in trigger configuration.
+- `username`: This is a required field. Provide the username to be used for basic authentication.
+- `password`: Provide the password to be used for authentication. For convenience, this has been marked optional, because many applications implement basic auth with a username as apikey and password as empty.
+
+**TLS authentication:**
+- `authMode`: It must contain `tls` in case of TLS Authentication. Specify this in trigger configuration.
+- `ca`: Certificate authority file for TLS client authentication.
+- `cert`: Certificate for client authentication. This is a required field.
+- `key`: Key for client authentication. Optional. This is a required field.
+
+> 💡 **NOTE:**It's also possible to set the CA certificate regardless of the selected `authMode` (also without any authentication). This might be usefull if you are using an enterprise CA.
 
 ### Example
 
@@ -52,3 +71,217 @@ spec:
       threshold: '100'
       query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
 ```
+
+Here is an example of a prometheus scaler with bearer authentication,
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keda-prom-secret
+  namespace: default
+data:
+  bearerToken: "BEARER_TOKEN"
+  ca: "CUSTOM_CA_CERT" 
+---
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: keda-prom-creds
+  namespace: default
+spec:
+  secretTargetRef:
+    - parameter: bearerToken
+      name: keda-prom-secret
+      key: bearerToken
+      # might be required if you're using a custom CA
+    - parameter: ca
+      name: keda-prom-secret
+      key: ca
+---
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: prometheus-scaledobject
+  namespace: keda
+  labels:
+    deploymentName: dummy
+spec:
+  maxReplicaCount: 12
+  scaleTargetRef:
+    name: dummy
+  triggers:
+    - type: prometheus
+      metadata:
+        serverAddress: http://<prometheus-host>:9090
+        metricName: http_requests_total
+        threshold: '100'
+        query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
+        authModes: "bearer"
+      authenticationRef:
+        name: keda-prom-creds
+```
+
+Here is an example of a prometheus scaler with Basic Authentication, define the `Secret` and `TriggerAuthentication` as follows
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keda-prom-secret
+  namespace: default
+data:
+  username: "username" 
+  password: "password"
+---
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: keda-prom-creds
+  namespace: default
+spec:
+  secretTargetRef:
+    - parameter: username
+      name: keda-prom-secret
+      key: username
+    - parameter: password
+      name: keda-prom-secret
+      key: password
+---
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: prometheus-scaledobject
+  namespace: keda
+  labels:
+    deploymentName: dummy
+spec:
+  maxReplicaCount: 12
+  scaleTargetRef:
+    name: dummy
+  triggers:
+    - type: metrics-api
+      metadata:
+        serverAddress: http://<prometheus-host>:9090
+        metricName: http_requests_total
+        threshold: '100'
+        query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
+        authModes: "basic"
+      authenticationRef:
+        name: keda-prom-creds
+```
+
+
+Here is an example of a prometheus scaler with TLS Authentication, define the `Secret` and `TriggerAuthentication` as follows
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keda-prom-secret
+  namespace: default
+data:
+  cert: "cert" 
+  key: "key"
+  ca: "ca"
+---
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: keda-prom-creds
+  namespace: default
+spec:
+  secretTargetRef:
+    - parameter: cert
+      name: keda-prom-secret
+      key: cert
+    - parameter: key
+      name: keda-prom-secret
+      key: key
+    - parameter: ca
+      name: keda-prom-secret
+      key: ca
+---
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: prometheus-scaledobject
+  namespace: keda
+  labels:
+    deploymentName: dummy
+spec:
+  maxReplicaCount: 12
+  scaleTargetRef:
+    name: dummy
+  triggers:
+    - type: metrics-api
+      metadata:
+        serverAddress: http://<prometheus-host>:9090
+        metricName: http_requests_total
+        threshold: '100'
+        query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
+        authModes: "tls"
+      authenticationRef:
+        name: keda-prom-creds
+```
+
+Here is an example of a prometheus scaler with TLS and Basic Authentication, define the `Secret` and `TriggerAuthentication` as follows
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keda-prom-secret
+  namespace: default
+data:
+  cert: "cert" 
+  key: "key"
+  ca: "ca"
+  username: "username" 
+  password: "password"
+---
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: keda-prom-creds
+  namespace: default
+spec:
+  secretTargetRef:
+    - parameter: cert
+      name: keda-prom-secret
+      key: cert
+    - parameter: key
+      name: keda-prom-secret
+      key: key
+    - parameter: ca
+      name: keda-prom-secret
+      key: ca
+    - parameter: username
+      name: keda-prom-secret
+      key: username
+    - parameter: password
+      name: keda-prom-secret
+      key: password
+---
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: prometheus-scaledobject
+  namespace: keda
+  labels:
+    deploymentName: dummy
+spec:
+  maxReplicaCount: 12
+  scaleTargetRef:
+    name: dummy
+  triggers:
+    - type: metrics-api
+      metadata:
+        serverAddress: http://<prometheus-host>:9090
+        metricName: http_requests_total
+        threshold: '100'
+        query: sum(rate(http_requests_total{deployment="my-deployment"}[2m]))
+        authModes: "tls,basic"
+      authenticationRef:
+        name: keda-prom-creds
+```