kedacore/keda v2.13.0

on GitHub

We are happy to release KEDA v2.13 🎉

Here are some highlights:

• Support for GCP Secret Manager & config map in trigger authentication
• Newly improved AWS authentication
• Support for emitting CloudEvents from KEDA allowing end-users to extend KEDA (Experimental)
• Support for Amazon managed service for Prometheus for Prometheus scaler
• SAS token authentication for Azure Storage scalers
• Workload identity authentication for Azure Pipelines
• Additional metrics and performance improvements

Here are the breaking changes of this release:

• General: Clean up previously deprecated code in Azure Data Explorer Scaler about clientSecret for 2.13 release (#5051)

Here are the new deprecation(s) as of this release:

• Remove support for Azure AD Pod Identity-based authentication (#5035)

Learn how to deploy KEDA by reading our documentation.

🗓️ The next KEDA release is currently being estimated for April 12th, 2024, learn more in our roadmap.

New

• General: Adds support for GCP Secret Manager as a source for TriggerAuthentication (#4831)
• General: Support TriggerAuthentication properties from ConfigMap (#4830)
• General: Introduce new AWS Authentication (#4134)
• Azure Blob Storage Scaler: Allow to authenticate to Azure Storage using SAS tokens (#5393)
• Azure Pipelines Scaler: Add support for workload identity authentication (#5013)
• Azure Storage Queue Scaler: Allow to authenticate to Azure Storage using SAS tokens (#5393)
• Kafka Scaler: Add support for Kerberos authentication (SASL / GSSAPI) (#4836)
• Prometheus Metrics: Expose prometheus metrics for ScaledJob resources (#4798)
• Prometheus Metrics: Introduce paused ScaledObjects in Prometheus metrics (#4430)
• Prometheus Scaler: Provide scaler for Amazon managed service for Prometheus (#2214)

Experimental

Here is an overview of all new experimental features:

• General: Emit CloudEvents on major KEDA events (#3533|#5278)

Improvements

• General: Add CloudEventSource metrics in Prometheus & OpenTelemetry (#3531)
• General: Add RBAC permissions for list & watch LimitRange, and check default limits from LimitRange for validations (#5377)
• General: Add validations for replica counts when creating ScaledObjects (#5288)
• General: Bubble up AuthRef TriggerAuthentication errors as ScaledObject events (#5190)
• General: Enhance pod identity role assumption in AWS by directly integrating with OIDC/Federation (#5178)
• General: Fix issue where paused annotation being set to false still leads to ScaledObjects/ScaledJobs being paused (#5215)
• General: Implement credentials cache for AWS Roles to reduce AWS API calls (#5297)
• General: Request all ScaledObject/ScaledJob triggers in parallel (#5276)
• General: Use client-side round-robin load balancing for gRPC calls (#5224)
• GCP PubSub Scaler: Support distribution-valued metrics and metrics from topics (#5070)
• GCP Stackdriver Scaler: Support valueIfNull parameter (#5345)
• Hashicorp Vault: Add support to get secret that needs write operation (eg. pki) (#5067)
• Hashicorp Vault: Fix operator panic when spec.hashiCorpVault.credential.serviceAccount is not set (#4964)
• Hashicorp Vault: Fix operator panic when using root token to authenticate to vault server (#5192)
• Kafka Scaler: Ability to set upper bound to the number of partitions with lag (#3997)
• Kafka Scaler: Improve logging for Sarama client (#5102)
• Prometheus Scaler: Add queryParameters parameter (#4962)
• Pulsar Scaler: Support `endpointParams`` in Pulsar OAuth (#5069)

Fixes

• General: Admission webhook does not reject workloads with only resource limits provided (#4802)
• General: Fix CVE-2023-39325 in golang.org/x/net (#5122)
• General: Fix otelgrpc DoS vulnerability (#5208)
• General: Fix Pod identity not being considered when scaled target is a CRD (#5021)
• General: Prevented memory leak generated by not correctly cleaning http connections (#5248)
• General: Prevented stuck status due to timeouts during scalers generation (#5083)
• General: ScaledObject Validating Webhook should support dry-run=server requests (#5306)
• General: Set LeaderElectionNamespace to PodNamespace so leader election works in OutOfCluster mode (#5404)
• AWS Scalers: Ensure session tokens are included when instantiating AWS credentials (#5156)
• Azure Event Hub Scaler: Improve unprocessedEventThreshold calculation (#4250)
• Azure Pipelines: Prevent HTTP 400 errors due to poolName with spaces (#5107)
• GCP PubSub Scaler: Added project_id to filter for metrics queries (#5256)
• GCP PubSub Scaler: Respect default value of value (#5093)
• Github Runner Scaler: Support for custom API endpoint (#5387)
• NATS JetSteam Scaler: Raise an error if leader not found (#5358)
• Pulsar Scaler: Fix panic when auth is not used (#5271)
• ScaledJobs: Copy ScaledJob annotations to child Jobs (#4594)

Deprecations

You can find all deprecations in this overview and join the discussion here.

New deprecation(s):

• Remove support for Azure AD Pod Identity-based authentication (#5035)

Breaking Changes

• General: Clean up previously deprecated code in Azure Data Explorer Scaler about clientSecret for 2.13 release (#5051)

Other

• General: Bump K8s deps to 0.28.5 (#5346)
• General: Create a common utility function to get parameter value from config (#5037)
• General: Fix CVE-2023-45142 in OpenTelemetry (#5089)
• General: Fix logger in OpenTelemetry collector (#5094)
• General: Fix lost commit from the newly created utility function (#5037)
• General: Improve docker image build time through caches (#5316)
• General: Reduce amount of gauge creations for OpenTelemetry metrics (#5101)
• General: Refactor scalers package (#5379)
• General: Removed not required RBAC permissions (#5261)
• General: Support profiling for KEDA components (#4789)
• CPU scaler: Wait for metrics window during CPU scaler tests (#5294)
• Hashicorp Vault: Improve test coverage in pkg/scaling/resolver/hashicorpvault_handler (#5195)
• Kafka Scaler: Add more test cases for large value of LagThreshold (#5354)
• Openstack Scaler: Use Gophercloud SDK (#3439)

New Contributors

• @teivah made their first contribution in #5022
• @novicr made their first contribution in #4851
• @HenriquePiccolo made their first contribution in #4957
• @qizichao-dm made their first contribution in #5073
• @loispostula made their first contribution in #5068
• @chunderbolt made their first contribution in #5120
• @congzhegao made their first contribution in #5104
• @josefkarasek made their first contribution in #5106
• @wozniakjan made their first contribution in #5111
• @geoffrey1330 made their first contribution in #5045
• @jimgus made their first contribution in #5099
• @kmdrn7 made their first contribution in #5193
• @husnialhamdani made their first contribution in #5137
• @mhdbashar made their first contribution in #5253
• @DP19 made their first contribution in #5258
• @kevinmingtarja made their first contribution in #5246
• @wonko made their first contribution in #5270
• @deefreak made their first contribution in #5282
• @jkyros made their first contribution in #5294
• @rodrigorfk made their first contribution in #5307
• @nappelson made their first contribution in #5257
• @googs1025 made their first contribution in #5323
• @similark made their first contribution in #5317
• @lindmin made their first contribution in #5345
• @toniiiik made their first contribution in #4867
• @Eddman made their first contribution in #5384
• @sguruvar made their first contribution in #5373
• @dzibma made their first contribution in #5382
• @Bhargav-InfraCloud made their first contribution in #5377
• @aliaqel-stripe made their first contribution in #5405

Full Changelog: v2.12.0...v2.13.0