TechQA.

KEDA + AKS - could not get information about the resource: scaledobjects.keda.sh

139 views Asked by At

I am facing an issue with deployment of my KEDA scaleobject through release management pipeline. everything is working if I do manual deployment.

Ofcourse the difference is between the account I use for my Manual deployment (Admin) vs through release pipeline (Service Account).

I deploy both with the same command and command argument. but One works without any issue while other gives following error.

Error: UPGRADE FAILED: could not get information about the resource: scaledobjects.keda.sh "myfunction-scaledobject" is forbidden: User "6cxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxd8" cannot get resource "scaledobjects" in API group "keda.sh" in the namespace "myfunction"

I have followed the documentation from https://learn.microsoft.com/en-us/azure/azure-monitor/containers/integrate-keda to install and configuration for KEDA in my AKS cluster with workload identity and that is working correctly when I send service bus message. It scale and process the message through function app.

All is working and getting updated through Helm but not through pipeline.

The Release pipeline follows with following HELM Commands:

kubelogin convert-kubeconfig -l spn --client-id *** --client-secret *** --tenant-id c5xxxxxx-xxxx-xxxx-xxxxxxxxxx8a

helm upgrade --namespace myfunction --install --set image.tag=664 --wait myfunction-processor-release helmchart

the last command gives that error I posted above. In case someone like to see my scaledobject yaml file. here is that.

apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
  name: myfunction-scaledobject
  namespace: myfunction
spec:
  scaleTargetRef:
    name: myfunction-deployment
  minReplicaCount: 0
  maxReplicaCount: 1
  triggers:
  - type: azure-servicebus
    metadata:
      namespace: myfunction
      topicName: testtopic
      subscriptionName: Processor
    authenticationRef:
        name: myfunction-processor-auth
azure-aks keda keda-scaledjob
Original Q&A
2

There are 2 answers

0
Brijesh Shah On

Ok - I figured it out. I reset my environment and followed the same article again. (https://learn.microsoft.com/en-us/azure/azure-monitor/containers/integrate-keda)

The issue was the serviceaccount KEDA require for to monitor the object vs the serviceaccount I need to for my namespace. Previously, I have created a serviceaccount for my namespace but KEDA (under KEDA namespace) was not able to access that service account and workload identity.

So, the summary - we need to different serviceaccount and workload identity one for KEDA and one for your own namespace. (if you are not deploying your resource to the common namespace)

1
pauldotyu On

Just looking at the error message you posted above and the manifest for the ScaledObject. It appears that your namespaces aren't consistent. In your ScaledObject definition, it uses myfunction as the namespace but in the error message, it is looking for a ScaledObject in the my-function namespace. The difference being one namespace having a dash between my and function and the other namespace having no dashes. Also, what namespace is your service account created in? You can check with the following command:

kubectl get sa <YOUR_SERVICE_ACCOUNT_NAME> -o jsonpath='{.metadata.namespace}'

Related Questions in AZURE-AKS

Related Questions in KEDA

Related Questions in KEDA-SCALEDJOB

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions