Replies: 1 comment 1 reply
-
hello @nfrappart did you figure how to make it work? I try to use my app role for vault to authenticate but still got a permission denied. I don't know if it's possible or we have to create a specific keda role. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I've been playing with keda on AKS, with external vault cluster, and had a hard time with the HashiCorp vault authentication.
I thought /var/run/secrets/kubernetes.io/serviceaccount/token would refer to the auto mounted token in deployment pods, but it appears it uses keda-operator service account token instead.
As a result, I had to create a separate role with policy on vault (as I don't want keda to have unnecessary authorisations).
Do you think it would be possible (does it make sense ?) to specify a containerName for the hashiCorpVault spec in the TriggerAuthentication? Just like we can retrieve a environment variable?
Below is my configuration to make it clearer
Just like we get the env from the specified container here:
could we do the same like so ?
So that the trigger authentication know where to get the token with the provided path.
Or maybe replace the
serviceAccount
path by aserviceAccountName
altogether making it even more straightforward?What do you think?
Thanks
PS: keda is awesome btw :)
Beta Was this translation helpful? Give feedback.
All reactions