1. Answers
  2. Configuring Kubernetes Admission Webhooks with KEDA

How do I configure Kubernetes admission webhooks with KEDA?

This guide demonstrates how to configure Kubernetes admission webhooks with KEDA using Pulumi. Admission webhooks allow you to intercept requests to the Kubernetes API server before they are persisted. KEDA (Kubernetes-based Event Driven Autoscaling) extends Kubernetes to scale applications based on external events.

The following Pulumi program sets up a ValidatingWebhookConfiguration for KEDA. This configuration will allow KEDA to validate custom resources before they are created or updated.

import * as pulumi from "@pulumi/pulumi";
import * as k8s from "@pulumi/kubernetes";

// Define the ValidatingWebhookConfiguration resource
const validatingWebhook = new k8s.admissionregistration.v1.ValidatingWebhookConfiguration("keda-validating-webhook", {
    metadata: {
        name: "keda-validating-webhook",
    },
    webhooks: [{
        name: "validate.keda.sh",
        clientConfig: {
            service: {
                name: "keda-operator-webhook",
                namespace: "keda",
                path: "/validate",
                port: 443,
            },
            caBundle: "<base64-encoded-ca-cert>",
        },
        rules: [{
            apiGroups: ["keda.sh"],
            apiVersions: ["v1alpha1"],
            operations: ["CREATE", "UPDATE"],
            resources: ["scaledobjects"],
        }],
        failurePolicy: "Fail",
        sideEffects: "None",
        admissionReviewVersions: ["v1"],
    }],
});

// Define a KEDA ScaledObject as an example resource to be validated by the webhook
const scaledObject = new k8s.apiextensions.CustomResource("example-scaledobject", {
    apiVersion: "keda.sh/v1alpha1",
    kind: "ScaledObject",
    metadata: {
        name: "example-scaledobject",
        namespace: "default",
    },
    spec: {
        scaleTargetRef: {
            apiVersion: "apps/v1",
            kind: "Deployment",
            name: "example-deployment",
        },
        triggers: [{
            type: "cpu",
            metadata: {
                type: "Utilization",
                value: "50",
            },
        }],
    },
});

export const webhookName = validatingWebhook.metadata.name;
export const scaledObjectName = scaledObject.metadata.name;

Key Points:

  • ValidatingWebhookConfiguration: This resource intercepts requests to create or update KEDA ScaledObject resources, validating them before they are persisted.
  • KEDA: KEDA allows Kubernetes to scale applications based on external events, such as CPU utilization.
  • CustomResource: An example ScaledObject resource is defined to demonstrate how the webhook validates custom KEDA resources.

Summary:

In this guide, we configured a Kubernetes admission webhook for KEDA using Pulumi. The webhook validates ScaledObject resources before they are created or updated, ensuring they meet the necessary criteria. This setup helps maintain the integrity of custom resources in your Kubernetes cluster.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up