How do I configure Kubernetes RBAC with KEDA for autoscaling?
In this example, we will configure Kubernetes Role-Based Access Control (RBAC) and integrate it with KEDA (Kubernetes Event-Driven Autoscaling) to enable autoscaling based on HTTP requests. We will create the necessary RBAC roles and bindings, and set up KEDA to monitor and scale based on HTTP metrics.
import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";
// Create a namespace for KEDA
const kedaNamespace = new k8s.core.v1.Namespace("keda-namespace", {
metadata: {
name: "keda",
},
});
// Create a service account for KEDA
const kedaServiceAccount = new k8s.core.v1.ServiceAccount("keda-service-account", {
metadata: {
namespace: kedaNamespace.metadata.name,
name: "keda-operator",
},
});
// Create a cluster role for KEDA
const kedaClusterRole = new k8s.rbac.v1.ClusterRole("keda-cluster-role", {
metadata: {
name: "keda-operator",
},
rules: [
{
apiGroups: [""],
resources: ["pods", "services", "endpoints", "persistentvolumeclaims", "events"],
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"],
},
{
apiGroups: ["apps"],
resources: ["deployments", "replicasets", "statefulsets"],
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"],
},
{
apiGroups: ["keda.sh"],
resources: ["scaledobjects", "triggerauthentications"],
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"],
},
],
});
// Bind the service account to the cluster role
const kedaClusterRoleBinding = new k8s.rbac.v1.ClusterRoleBinding("keda-cluster-role-binding", {
metadata: {
name: "keda-operator",
},
subjects: [{
kind: "ServiceAccount",
name: kedaServiceAccount.metadata.name,
namespace: kedaNamespace.metadata.name,
}],
roleRef: {
kind: "ClusterRole",
name: kedaClusterRole.metadata.name,
apiGroup: "rbac.authorization.k8s.io",
},
});
// Deploy KEDA
const kedaDeployment = new k8s.apps.v1.Deployment("keda-operator", {
metadata: {
namespace: kedaNamespace.metadata.name,
name: "keda-operator",
},
spec: {
replicas: 1,
selector: {
matchLabels: {
app: "keda-operator",
},
},
template: {
metadata: {
labels: {
app: "keda-operator",
},
},
spec: {
serviceAccountName: kedaServiceAccount.metadata.name,
containers: [{
name: "keda-operator",
image: "kedacore/keda:2.1.0",
ports: [{
containerPort: 8080,
}],
}],
},
},
},
});
// Create an HTTP ScaledObject for KEDA
const httpScaledObject = new k8s.apiextensions.CustomResource("http-scaled-object", {
apiVersion: "keda.sh/v1alpha1",
kind: "ScaledObject",
metadata: {
namespace: kedaNamespace.metadata.name,
name: "http-scaled-object",
},
spec: {
scaleTargetRef: {
apiVersion: "apps/v1",
kind: "Deployment",
name: "my-app",
},
triggers: [{
type: "http",
metadata: {
targetValue: "100",
url: "http://my-app.default.svc.cluster.local",
},
}],
},
});
Key Points
- Created a namespace for KEDA.
- Created a service account for KEDA.
- Defined a cluster role with necessary permissions for KEDA.
- Bound the service account to the cluster role.
- Deployed the KEDA operator.
- Created a KEDA
ScaledObject
to autoscale based on HTTP requests.
Summary
In this example, we configured Kubernetes RBAC to allow KEDA to manage and autoscale resources. We set up necessary roles and bindings, deployed KEDA, and created a ScaledObject
to autoscale a deployment based on HTTP metrics. This setup enables KEDA to monitor and scale resources dynamically based on the defined triggers.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.