1. Using kubernetes keda.sh with aadpodidentity.k8s.io

    TypeScript

    Kubernetes-based Event-Driven Autoscaling (KEDA) is an event-driven autoscaler for Kubernetes workloads that allows you to drive the scaling of any container in Kubernetes based on the number of events needing to be processed. KEDA works alongside standard Kubernetes components like the Horizontal Pod Autoscaler and can extend functionality without overlapping features.

    Azure Active Directory Pod Identity (AAD Pod Identity) enables Kubernetes applications to access cloud resources securely with Azure Active Directory. Using Kubernetes primitives, it associates Azure identities with Pods, allowing your applications to access Azure resources that require authentication without handling the credentials separately.

    To use KEDA with AAD Pod Identity in a Kubernetes cluster, you'll need to perform several steps:

    1. Deploy AAD Pod Identity to your Kubernetes cluster.
    2. Create an Azure Identity and Azure Identity Binding for the Pod(s) that will need to scale based on events.
    3. Install KEDA into your Kubernetes cluster.
    4. Define a ScaledObject resource that details how KEDA should scale your Pod(s) based on events.

    Below, you'll find a TypeScript program using Pulumi to deploy both KEDA and AAD Pod Identity to a Kubernetes cluster and create the necessary configurations to use them together.

    First, ensure that you have Pulumi installed and configured for use with your Kubernetes cluster.

    Now let's look at the Pulumi program written in TypeScript.

    import * as k8s from '@pulumi/kubernetes'; import * as pulumi from '@pulumi/pulumi'; // Initialize a Kubernetes provider configuration using an existing kubeconfig const k8sProvider = new k8s.Provider('k8s', { kubeconfig: ... // Your kubeconfig content }); // Create an instance of the aadpodidentity.k8s.io components in the cluster. const aadpodidentity = new k8s.yaml.ConfigFile("aadpodidentity", { file: "https://raw.githubusercontent.com/Azure/aad-pod-identity/master/deploy/infra/deployment-rbac.yaml", }, { provider: k8sProvider }); // Define Azure Identity for a Pod in Kubernetes const azureIdentity = new k8s.apiextensions.CustomResource("azureIdentity", { apiVersion: "aadpodidentity.k8s.io/v1", kind: "AzureIdentity", metadata: { name: "example-identity", // Replace with the name of your Azure identity }, spec: { type: 0, resourceID: "/subscriptions/<subscription-id>/resourcegroups/<resource-group>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<identity-name>", clientID: "<client-id>", } }, { provider: k8sProvider }); // Bind Azure Identity to the Kubernetes Pod const azureIdentityBinding = new k8s.apiextensions.CustomResource("azureIdentityBinding", { apiVersion: "aadpodidentity.k8s.io/v1", kind: "AzureIdentityBinding", metadata: { name: "example-identity-binding", }, spec: { azureIdentity: azureIdentity.metadata.name, selector: "example-selector", // Replace with your desired selector label } }, { provider: k8sProvider, dependsOn: [azureIdentity] }); // Deploy KEDA to the Kubernetes cluster const keda = new k8s.yaml.ConfigFile("keda", { file: "https://github.com/kedacore/keda/releases/download/v2.0.0/keda-2.0.0.yaml", }, { provider: k8sProvider }); // Define a ScaledObject resource for handling the event-driven scaling const scaledObject = new k8s.apiextensions.CustomResource("scaledObject", { apiVersion: "keda.sh/v1alpha1", kind: "ScaledObject", metadata: { name: "example-scaledobject", }, spec: { scaleTargetRef: { apiVersion: "apps/v1", kind: "Deployment", name: "example-deployment" // Replace with your deployment name }, // Replace the following with your event source specification triggers: [{ type: "azure-servicebus", metadata: { queueName: "example-queue", messageCount: "5", }, authenticationRef: { name: "example-identity-binding", }, }], } }, { provider: k8sProvider, dependsOn: [keda, azureIdentityBinding] }); // Export the resources names export const aadPodIdentityName = aadpodidentity.metadata.apply(m => m.name); export const kedaName = keda.metadata.apply(m => m.name); export const scaledObjectName = scaledObject.metadata.apply(m => m.name);

    This Pulumi program completes the following actions:

    • It initializes a Kubernetes provider using an existing kubeconfig.
    • It deploys AAD Pod Identity to the cluster using a YAML configuration file from AAD Pod Identity's official repository.
    • It creates an AzureIdentity and an AzureIdentityBinding to link Azure AD identities with the Kubernetes pods.
    • It deploys KEDA to the cluster using a YAML configuration file from KEDA's official GitHub releases.
    • It creates a ScaledObject to configure how KEDA should scale a Deployment based on Azure Service Bus queue messages.

    You will need to replace placeholders such as <subscription-id>, <resource-group>, <identity-name>, and <client-id> with your Azure specific values. Additionally, make sure the selector matches the label on the pods you want to use with AAD Pod Identity, and the scaledObject details match the event source you're using for scaling.

    Ensure to provide the kubeconfig content of your Kubernetes cluster to the Kubernetes provider. The dependsOn parameter ensures that resources are created in the correct order.

    Once you've installed the necessary dependencies and configured the program with your specific settings, you can deploy this configuration to your cluster by running pulumi up.