Feature Overview (aka. Goal Summary)  

As an OpenShift Admin, I want to securely configure KEDA’s Cluster Metrics Adapter (CMA) to scale workloads dynamically using ServiceAccount tokens for authentication, ensuring automated token rotation and minimal manual intervention.

Scenario:

Context:
The OpenShift Admin is managing a cluster where workloads rely on CMA to scale based on Prometheus metrics. The Prometheus instance requires a Bearer token for authentication, typically tied to a Kubernetes ServiceAccount. The admin wants a secure and automated way to manage these tokens without using long-lived secrets.

Challenges:

• Manually creating and maintaining long-lived ServiceAccount tokens increases security risks and operational overhead.
• Tokens must be rotated periodically to comply with security policies, but manual updates disrupt workflows and increase the risk of errors.