adding doc for azure managed prometheus support in prometheus scaler (k…

…edacore#1076 * adding doc for azure managed prometheus support in prometheus scaler Signed-off-by: Raghav Gupta <[email protected]> * minor change Signed-off-by: Raghav Gupta <[email protected]> * review comments Signed-off-by: Raghav Gupta <[email protected]> * minor review comments Signed-off-by: Raghav Gupta <[email protected]> --------- Signed-off-by: Raghav Gupta <[email protected]>
pedro-stanaka · Mar 6, 2023 · 68f7cc9 · 68f7cc9
1 parent 4ca9d7c
commit 68f7cc9
Showing 1 changed file with 55 additions and 3 deletions.
diff --git a/content/docs/2.10/scalers/prometheus.md b/content/docs/2.10/scalers/prometheus.md
@@ -25,7 +25,12 @@ triggers:
     cortexOrgID: my-org # DEPRECATED: This parameter is deprecated as of KEDA v2.10 in favor of customHeaders and will be removed in version 2.12. Use custom headers instead to set X-Scope-OrgID header for Cortex. (see below)
     customHeaders: X-Client-Id=cid,X-Tenant-Id=tid,X-Organization-Id=oid # Optional. Custom headers to include in query. In case of auth header, use the custom authentication or relevant authModes.
     ignoreNullValues: false # Default is `true`, which means ignoring the empty value list from Prometheus. Set to `false` the scaler will return error when Prometheus target is lost
-    unsafeSsl: "false" #  Default is `false`, Used for skipping certificate check when having self signed certs for Prometheus endpoint
+    unsafeSsl: "false" #  Default is `false`, Used for skipping certificate check when having self signed certs for Prometheus endpoint    
+    # Valid when using Azure managed service for Prometheus
+    cloud: Private # Default is `AzurePublicCloud`
+    # Required when cloud = Private
+    azureManagedPrometheusResourceURL: https://prometheus.monitor.azure.airgap/.default
+
 ```
 
 **Parameter list:**
@@ -40,10 +45,12 @@ triggers:
 - `customHeaders` - Custom headers to include while querying the prometheus endpoint. In case of authentication headers, use custom authentication or relevant `authModes` instead. (Optional)
 - `ignoreNullValues` - Value to reporting error when Prometheus target is lost (Values: `true`,`false`, Default: `true`, Optional)
 - `unsafeSsl` - Used for skipping certificate check e.g: using self signed certs  (Values: `true`,`false`, Default: `false`, Optional)
+- `cloud` - Valid when using Azure managed service for Prometheus. (Values: `AZUREPUBLICCLOUD`,`AZUREUSGOVERNMENTCLOUD`,`AZURECHINACLOUD`,`PRIVATE`, Default: `AZUREPUBLICCLOUD`)
+- `azureManagedPrometheusResourceURL` - Valid when using Azure managed service for Prometheus. Required when `cloud = PRIVATE`
 
 ### Authentication Parameters
 
-Prometheus Scaler supports four types of authentication - bearer authentication, basic authentication, TLS authentication and custom authentication.
+Prometheus Scaler supports various types of authentication to help you integrate with Prometheus.
 
 You can use `TriggerAuthentication` CRD to configure the authentication. It is possible to specify multiple authentication types i.e. `authModes: "tls,basic"` Specify `authModes` and other trigger parameters along with secret credentials in `TriggerAuthentication` as mentioned below:
 
@@ -69,7 +76,15 @@ You can use `TriggerAuthentication` CRD to configure the authentication. It is p
 
 > 💡 **NOTE:**It's also possible to set the CA certificate regardless of the selected `authModes` (also without any authentication). This might be useful if you are using an enterprise CA.
 
-### Example
+**Azure managed service for Prometheus**
+Azure has a [managed service for Prometheus](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/prometheus-metrics-overview) and Prometheus scaler can be used to run prometheus query against that.
+- [Azure AD Pod Identity](https://docs.microsoft.com/en-us/azure/aks/use-azure-ad-pod-identity) or [Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/) providers can be used in `authenticationRef` - see later in example.
+- No other auth (via `authModes`) can be provided with Azure Pod/Workload Identity Auth.
+- Prometheus query endpoint can be retreived from [Azure Monitor Workspace](https://learn.microsoft.com/en-us/azure/azure-monitor/essentials/azure-monitor-workspace-overview) that was configured to ingest prometheus metrics.
+- `cloud` can be provided in the trigger metadata if needed (Optional)
+- `azureManagedPrometheusResourceURL` - Will be needed if `cloud = PRIVATE`
+
+### Examples
 
 ```yaml
 apiVersion: keda.sh/v1alpha1
@@ -351,3 +366,40 @@ spec:
       authenticationRef:
         name: keda-prom-creds
 ```
+
+Here is an example of a prometheus scaler with Azure Pod Identity and Azure Workload Identity, define the `TriggerAuthentication` and `ScaledObject` as follows
+
+```yaml
+apiVersion: keda.sh/v1alpha1
+kind: TriggerAuthentication
+metadata:
+  name: azure-managed-prometheus-trigger-auth
+spec:
+  podIdentity:
+      provider: azure | azure-workload # use "azure" for pod identity and "azure-workload" for workload identity
+      identityId: <identity-id> # Optional. Default: Identity linked with the label set when installing KEDA.
+---
+apiVersion: keda.sh/v1alpha1
+kind: ScaledObject
+metadata:
+  name: azure-managed-prometheus-scaler
+spec:
+  scaleTargetRef:
+    name: deployment-name-to-be-scaled
+  minReplicaCount: 1
+  maxReplicaCount: 20
+  triggers:
+  - type: prometheus
+    metadata:
+      serverAddress: https://test-azure-monitor-workspace-name-9ksc.eastus.prometheus.monitor.azure.com
+      metricName: http_requests_total
+      query: sum(rate(http_requests_total{deployment="my-deployment"}[2m])) # Note: query must return a vector/scalar single element response
+      threshold: '100.50'
+      activationThreshold: '5.5'
+      # Optional (Default: AzurePublicCloud)
+      cloud: Private
+      # Required when cloud = Private
+      azureManagedPrometheusResourceURL: https://prometheus.monitor.azure.airgap/.default
+    authenticationRef:
+      name: azure-managed-prometheus-trigger-auth
+```