Centralized auth and prometheus host settings for all triggers #4436
Replies: 3 comments
-
Hi @PaulFurtado. For authentication you can use this: https://keda.sh/docs/2.8/scalers/prometheus/#authentication-parameters |
Beta Was this translation helpful? Give feedback.
-
@Amper It looks like that is a link to the standard prometheus auth stuff, but it's not clear to me how auth is expected to be handled in multi-tenant kube clusters. Those docs make it look like:
What we want to see is a central configuration where the prometheus URL and credentials are defined globally for an entire kubernetes cluster and users of the ScaledObject resource are not allowed to specify the serverAddress or authenticationRef. The kubernetes cluster admins handle all of the prometheus settings, and users just set their queries and thresholds. |
Beta Was this translation helpful? Give feedback.
-
My users shouldn't have to know whether they query a prometheus, thanos or victoria metrics endpoint. It should be globally configured by platform engineers. This is probably a low hanging fruit that would accelerate adoption from people coming from prometheus adapter! |
Beta Was this translation helpful? Give feedback.
-
We run large multi-tenant kube clusters with large victoriametrics deployments.
Using HPA, users in a namespace would simply specify the conditions to scale a deployment on, the metrics and auth for the HPA talking to prometheus were handled separately by the cluster administrator. This worked great, except prometheus-adapter doesn't scale well since it must keep all metrics in memory, even if no HPA is using them, or otherwise every user of the cluster must ask cluster administrators to manually specify each metric they want to scale on in the prometheus-adapter config.
From the issues, it seems like prometheus-adapter is now basically a dead project now and everything should be moving to KEDA. so as a cluster administrator I am trying to wrap my head around how we can provide autoscaling to the users of our clusters. Ultimately, what we want is "HPA, but user specifies a prometheus query and prometheus-adapter doesn't need to keep every metric for the whole cluster in memory". KEDA seems so close to that, but the UX does not appear to be a match for multi-tenant clusters.
Looking at the prometheus scaler docs: https://keda.sh/docs/2.8/scalers/prometheus/
It appears that every trigger must specify a prometheus URL and how to authenticate to it. Am I misreading the docs here or is there some way to centrally specify a single prometheus URL and credentials on the KEDA pod instead of individually specifying them on every trigger?
Beta Was this translation helpful? Give feedback.
All reactions