Warning
You are currently viewing v"2.9" of the documentation and it is not the latest. For the most recent documentation, kindly click here.
Apache Pulsar Click here for latest
Scale applications based on an Apache Pulsar topic subscription.
Trigger Specification
This specification describes the pulsar trigger for an Apache Pulsar topic.
triggers:
- type: pulsar
metadata:
adminURL: http://localhost:80
topic: persistent://public/default/my-topic
isPartitionedTopic: false
subscription: sub1
msgBacklogThreshold: '5'
activationMsgBacklogThreshold: '2'
authModes: ""
Parameter list:
adminURL- Stats URL of the admin API for your topic.topic- Pulsar topic. format ofpersistent://{tenant}/{namespace}/{topicName}isPartitionedTopic- Whether thetopicis partitioned. Whentrue, themsgBacklogThresholdwill be the cumulative subscription backlog across partitions. (default:false, Optional)subscription- Name of the topic subscriptionmsgBacklogThreshold- Average target value to trigger scaling actions. (default: 10)activationMsgBacklogThreshold- Target value for activating the scaler. Learn more about activation here. (Default:0, Optional)authModes- a comma separated list of authentication modes to use. (Values:bearer,tls,basic, Default:"", Optional,tls,bearerortls,basicare valid combinations and would indicate mutual TLS to secure the connection and thenbearerorbasicheaders should be added to the HTTP request)
Authentication Parameters
The authentication is defined in authModes. The associated configuration parameters are specified in the TriggerAuthentication spec.
Bearer Auth
When configuring Bearer Authentication (Token Auth), configure the following:
bearerToken: This token will be sent as a header in the formAuthorization: Bearer <token>.
Basic Auth When configuring Basic Authentication, configure the following:
username: the usernamepassword: the password (optional)
TLS:
When configuring mutual TLS authentication, configure the following:
ca: The trusted root Certificate authority used to validate the server’s certificate.cert: Certificate for client authentication.key: Key for client authentication.
TLS with custom CA Certificates
When configuring a trusted root CA that is not well known, it is sufficient to specify the ca field on the TriggerAuthentication resource. See Bearer Token with TLS via custom trusted CA Certificate for an example.
Before 2.9.0, it was necessary to configure tls: enable on the ScaledObject. That was removed in a backwards compatible way, so you can remove that field now.
Examples
No Authentication and No TLS
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: pulsar-scaledobject
namespace: default
spec:
scaleTargetRef:
name: pulsar-consumer
pollingInterval: 30
triggers:
- type: pulsar
metadata:
adminURL: http://localhost:80
topic: persistent://public/default/my-topic
isPartitionedTopic: false
subscription: sub1
msgBacklogThreshold: '5'
Only Mutual TLS Authentication
apiVersion: v1
kind: Secret
metadata:
name: keda-pulsar-secrets
namespace: default
data:
ca: <your ca>
cert: <your cert>
key: <your key>
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: keda-trigger-auth-pulsar-credential
namespace: default
spec:
secretTargetRef:
- parameter: ca
name: keda-pulsar-secrets
key: ca
- parameter: cert
name: keda-pulsar-secrets
key: cert
- parameter: key
name: keda-pulsar-secrets
key: key
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: pulsar-scaledobject
namespace: default
spec:
scaleTargetRef:
name: pulsar-consumer
pollingInterval: 30
triggers:
- type: pulsar
metadata:
authModes: "tls"
adminURL: https://localhost:8443
topic: persistent://public/default/my-topic
subscription: sub1
msgBacklogThreshold: '5'
authenticationRef:
name: keda-trigger-auth-pulsar-credential
Bearer Token with TLS via custom trusted CA Certificate
In order to enable Pulsar’s Token Authentication feature, you can use the following example. Note that this example
also utilizes a custom CA Certificate for TLS support. Because TLS Authentication is not used in this example, the
authModes field only has bearer.
apiVersion: v1
kind: Secret
metadata:
name: keda-pulsar-secrets
namespace: default
data:
ca: <your self-signed root CA>
token: <your token>
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: keda-trigger-auth-pulsar-credential
namespace: default
spec:
secretTargetRef:
- parameter: ca
name: keda-pulsar-secrets
key: ca
- parameter: bearerToken
name: keda-pulsar-secrets
key: token
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: pulsar-scaledobject
namespace: default
spec:
scaleTargetRef:
name: pulsar-consumer
pollingInterval: 30
triggers:
- type: pulsar
metadata:
authModes: "bearer"
adminURL: https://localhost:8443
topic: persistent://public/default/my-topic
subscription: sub1
msgBacklogThreshold: '5'
authenticationRef:
name: keda-trigger-auth-pulsar-credential
Basic Auth with TLS Relying on Well Known Root CA
In order to enable Pulsar’s Token Authentication feature, you can use the following example. Note that this example
also utilizes a custom CA Certificate for TLS support. Because TLS Authentication is not used in this example, the
authModes field only has bearer.
apiVersion: v1
kind: Secret
metadata:
name: keda-pulsar-secrets
namespace: default
data:
username: <your username>
password: <your password>
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
metadata:
name: keda-trigger-auth-pulsar-credential
namespace: default
spec:
secretTargetRef:
- parameter: username
name: keda-pulsar-secrets
key: admin
- parameter: password
name: keda-pulsar-secrets
key: password
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: pulsar-scaledobject
namespace: default
spec:
scaleTargetRef:
name: pulsar-consumer
pollingInterval: 30
triggers:
- type: pulsar
metadata:
authModes: "bearer"
adminURL: https://pulsar.com:8443
topic: persistent://public/default/my-topic
subscription: sub1
msgBacklogThreshold: '5'
authenticationRef:
name: keda-trigger-auth-pulsar-credential