Update

content/docs/2.17/authentication-providers/azure-key-vault.md

@@ -20,7 +20,7 @@ The `cloud` parameter can be used to specify cloud environments besides `Azure P
 azureKeyVault:                                          # Optional.
   vaultUri: {key-vault-address}                         # Required.
   podIdentity:                                          # Optional.
-    provider: azure | azure-workload                    # Required.
+    provider: azure-workload                    # Required.
     identityId: <identity-id>                           # Optional
   credentials:                                          # Optional.
     clientId: {azure-ad-client-id}                      # Required.

content/docs/2.17/concepts/authentication.md

@@ -115,12 +115,12 @@ spec:
       serviceAccount: {path-to-service-account-file}                      # Optional.
     secrets:                                                              # Required.
     - parameter: {scaledObject-parameter-name}                            # Required.
-      key: {hashicorp-vault-secret-key-name}                               # Required.
-      path: {hashicorp-vault-secret-path}                                  # Required.
+      key: {hashicorp-vault-secret-key-name}                              # Required.
+      path: {hashicorp-vault-secret-path}                                 # Required.
   azureKeyVault:                                                          # Optional.
     vaultUri: {key-vault-address}                                         # Required.
     podIdentity:                                                          # Optional. Required when using pod identity.
-      provider: azure | azure-workload                                    # Required.
+      provider: azure-workload                                            # Required.
       identityId: <identity-id>                                           # Optional
     credentials:                                                          # Optional. Required when not using pod identity.
       clientId: {azure-ad-client-id}                                      # Required.

content/docs/2.17/concepts/scaling-deployments.md

@@ -39,7 +39,7 @@ The only constraint is that the target `Custom Resource` must define `/scale` [s
 
 This feature enables caching of metric values during polling interval (as specified in `.spec.pollingInterval`). Kubernetes (HPA controller) asks for a metric every few seconds (as defined by `--horizontal-pod-autoscaler-sync-period`, usually 15s), then this request is routed to KEDA Metrics Server, that by default queries the scaler and reads the metric values. Enabling this feature changes this behavior such that KEDA Metrics Server tries to read metric from the cache first. This cache is updated periodically during the polling interval.
 
-Enabling this feature can significantly reduce the load on the scaler service.
+Enabling [`useCachedMetrics`](../reference/scaledobject-spec/#triggers) can significantly reduce the load on the scaler service.
 
 This feature is not supported for `cpu`, `memory` or `cron` scaler.
 

content/docs/2.17/deploy.md

@@ -8,7 +8,7 @@ We provide a few approaches to deploy KEDA runtime in your Kubernetes clusters:
 - Operator Hub
 - YAML declarations
 
-> 💡 **NOTE:** KEDA requires Kubernetes cluster version 1.27 and higher
+> 💡 **NOTE:** KEDA requires Kubernetes cluster version 1.28 and higher
 
 Don't see what you need? Feel free to [create an issue](https://github.com/kedacore/keda/issues/new) on our GitHub repo.
 

content/docs/2.17/integrations/_index.md

@@ -0,0 +1,8 @@
++++
+title = "Integrations"
+weight = 6
++++
+
+An overview of tools/products integrating with KEDA:
+
+{{< integrations >}}

content/docs/2.17/operate/istio-integration.md → content/docs/2.17/integrations/istio-integration.md

@@ -1,7 +1,8 @@
 +++
 title = "KEDA Integration with Istio"
 description = "Guidance for running KEDA along with Istio in your cluster"
-weight = 100
+availability = "v2.14+"
+project = "Istio"
 +++
 
 ## Overview
@@ -60,4 +61,4 @@ Existing troubleshooting guide for KEDA with Istio.
 ### Conclusion
 By applying these annotations, you can ensure that KEDA integrates seamlessly with Istio while adhering to security requirements. This configuration allows KEDA to maintain internal mTLS communication and interact properly with other mesh services.
 
-If you encounter any issues or have further questions, please refer to the KEDA and Istio documentation or reach out to the community for support.
+If you encounter any issues or have further questions, please refer to the KEDA and Istio documentation or reach out to the community for support.

content/docs/2.17/operate/opentelemetry.md → content/docs/2.17/integrations/opentelemetry.md

@@ -1,7 +1,8 @@
 +++
 title= "Integrate with OpenTelemetry Collector (Experimental)"
 description= "Detail of integrating OpenTelemetry Collector in KEDA"
-weight = 100
+availability = "v2.12+"
+project = "OpenTelemetry"
 +++
 
 ## Push Metrics to OpenTelemetry Collector (Experimental)
@@ -54,4 +55,4 @@ The following metrics are exposed as well, but are deprecated and will be remove
 | `keda.scaler.metrics.latency` | The latency of retrieving current metric from each scaler. |
 | `keda.resource.totals` | Total number of KEDA custom resources per namespace for each custom resource type (CRD). |
 | `keda.trigger.totals` | Total number of triggers per trigger type. |
-| `keda.internal.scale.loop.latency` | Total deviation (in milliseconds) between the expected execution time and the actual execution time for the scaling loop. This latency could be produced due to accumulated scalers latencies or high load. This is an internal metric. |
+| `keda.internal.scale.loop.latency` | Total deviation (in milliseconds) between the expected execution time and the actual execution time for the scaling loop. This latency could be produced due to accumulated scalers latencies or high load. This is an internal metric. |

content/docs/2.17/operate/prometheus.md → content/docs/2.17/integrations/prometheus.md

@@ -1,7 +1,8 @@
 +++
 title = "Integrate with Prometheus"
 description = "Overview of all Prometheus metrics that KEDA provides"
-weight = 100
+availability = "v2.0+"
+project = "Prometheus"
 +++
 
 ## Prometheus Exporter Metrics

content/docs/2.17/operate/_index.md

@@ -6,10 +6,8 @@ weight = 1
 
 We provide guidance and requirements around various areas to operate KEDA:
 
-- Admission Webhooks ([link](./admission-webhooks))
-- Cluster ([link](./cluster))
-- Kubernetes Events ([link](../reference/events))
-- KEDA Metrics Server ([link](./metrics-server))
-- Integrate with Prometheus ([link](./prometheus))
-- Integrate with OpenTelemetry Collector (Experimental) ([link](./opentelemetry))
-- Security ([link](./security))
+- [Admission Webhooks](./admission-webhooks)
+- [Cluster](./cluster)
+- [Kubernetes Events](../reference/events)
+- [KEDA Metrics Server](./metrics-server)
+- [Security](./security)

content/docs/2.17/operate/admission-webhooks.md

@@ -9,3 +9,110 @@ weight = 100
 By default, the admission webhooks are registered with `failurePolicy: Ignore`, this won't block the resources creation/update when the admission controller is not available. To ensure that the validation is always required and perform validation, setting `failurePolicy` to `Fail` is required.
 
 In particular, the admission webhooks for HPA ownership validation can be skipped by setting the annotation `validations.keda.sh/hpa-ownership` to `"false"`. Be cautious when doing so as it exposes the system to potential risks.
+
+### Cache Miss with Fallback to Direct Client for ScaledObject
+
+When validation enforcement is enabled, it's possible to run into a race condition when `ScaledObject` is part of the same deployment artifact as the `scaleTargetRef` (see also issue: [#5973](https://github.com/kedacore/keda/issues/5973)). For this purpose it's possible to configure additional argument for the webhook `Deployment`:
+```
+--cache-miss-to-direct-client=true
+```
+This will ensure that if getting the `scaleTargetRef` from the cached client returns `IsNotFound` error, the webhook will attempt to get the object directly from Kubernetes API.
+
+
+## Custom Validations using Kubernetes ValidatingAdmissionPolicy
+
+> ⚠️ FEATURE STATE: Kubernetes v1.30 [stable]
+
+Kubernetes `ValidatingAdmissionPolicy` allows you to create custom validation policies using the [Common Expression Language (CEL)](https://cel.dev). This provides a declarative way to define and enforce validation rules directly within the cluster, helping ensure resource configurations meet your specified requirements. For more details, refer to the Kubernetes `ValidatingAdmissionPolicy` [documentation](https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/).
+
+Here is an example of a `ValidatingAdmissionPolicy` and its corresponding `ValidatingAdmissionPolicyBinding` to fail/deny `ScaledObject`s with more than 10 replicas in the `default` namespace (i.e., limiting the maximum number of pod replicas to 10):
+
+```yaml
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "limit-keda-replicas.example.com"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["keda.sh"]
+      apiVersions: ["v1alpha1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["scaledobjects"]
+  validations:
+    - expression: "object.spec.maxReplicaCount <= 10"
+      message: "The maximum allowed number of pod replicas is 10."
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: "limit-keda-replicas-binding.example.com"
+spec:
+  policyName: "limit-keda-replicas.example.com"
+  validationActions: [Deny]
+  matchResources:
+    namespaceSelector:
+      matchLabels:
+        kubernetes.io/metadata.name: default
+```
+
+Since KEDA manages the `HorizontalPodAutoscaler` (HPA) behind the scenes, here is a complementary configuration to deny scaling for `HPA`, `Deployments`, and `ReplicaSets` with more than 10 replicas:
+
+```yaml
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "limit-apps-replicas.example.com"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["apps"]
+      apiVersions: ["v1"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["deployments", "replicasets"]
+  validations:
+    - expression: "object.spec.replicas <= 10"
+      message: "The maximum allowed number of pod replicas is 10."
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicy
+metadata:
+  name: "limit-hpa-replicas.example.com"
+spec:
+  failurePolicy: Fail
+  matchConstraints:
+    resourceRules:
+    - apiGroups:   ["autoscaling"]
+      apiVersions: ["v2"]
+      operations:  ["CREATE", "UPDATE"]
+      resources:   ["horizontalpodautoscalers"]
+  validations:
+    - expression: "object.spec.replicas <= 10"
+      message: "The maximum allowed number of pod replicas is 10."
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: "limit-apps-replicas-binding.example.com"
+spec:
+  policyName: "limit-apps-replicas.example.com"
+  validationActions: [Deny]
+  matchResources:
+    namespaceSelector:
+      matchLabels:
+        kubernetes.io/metadata.name: default
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingAdmissionPolicyBinding
+metadata:
+  name: "limit-hpa-replicas-binding.example.com"
+spec:
+  policyName: "limit-hpa-replicas.example.com"
+  validationActions: [Deny]
+  matchResources:
+    namespaceSelector:
+      matchLabels:
+        kubernetes.io/metadata.name: default
+```

content/docs/2.17/operate/cloud-events.md

@@ -84,7 +84,7 @@ Here is an overview of the supported authentication types:
 - `accessKey` - Access key string for the Azure Event Grid connection auth.
 
 #### Pod identity based authentication
-[Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/) providers can be used.
+[Azure AD Workload Identity](https://azure.github.io/azure-workload-identity/docs/) provider can be used.
 
 ```yaml
 apiVersion: keda.sh/v1alpha1
@@ -117,4 +117,10 @@ eventSubscription: #Optional. Submit included/excluded event types will filter e
 | `keda.scaledobject.removed.v1`| When a ScaledObject is deleted |       
 | `keda.scaledjob.ready.v1`| On the first time a ScaledJob is ready, or if the previous ready condition status of the object was `Unknown` or `False` |  
 | `keda.scaledjob.failed.v1`| If the check validation for a ScaledJob fails                                    
-| `keda.scaledjob.removed.v1`| When a ScaledJob is deleted |  
+| `keda.scaledjob.removed.v1`| When a ScaledJob is deleted |  
+| `keda.authentication.triggerauthentication.created.v1` | On the first time a TriggerAuthentication is created |
+| `keda.authentication.triggerauthentication.updated.v1` | When a TriggerAuthentication is updated | 
+| `keda.authentication.triggerauthentication.removed.v1` | When a TriggerAuthentication is deleted |  
+| `keda.authentication.clustertriggerauthentication.created.v1`|  On the first time a ClusterTriggerAuthentication is created |
+| `keda.authentication.clustertriggerauthentication.updated.v1`| When a ClusterTriggerAuthentication is updated | 
+| `keda.authentication.clustertriggerauthentication.removed.v1`| When a ClusterTriggerAuthentication is deleted |  

content/docs/2.17/operate/cluster.md

@@ -16,7 +16,8 @@ As a reference, this compatibility matrix shows supported k8s versions per KEDA
 
 | KEDA  | Kubernetes    |
 | ----- | ------------- |
-| v2.16 | TBD           |
+| v2.17 | TBD           |
+| v2.16 | v1.28 - v1.30 |
 | v2.15 | v1.28 - v1.30 |
 | v2.14 | v1.27 - v1.29 |
 | v2.13 | v1.27 - v1.29 |

content/docs/2.17/reference/_index.md

@@ -8,6 +8,6 @@ Reference information for the KEDA autoscaler.
 - [ScaledObject specification](./scaledobject-spec)
 - [ScaledJob specification](./scaledjob-spec)
 - [Kubernetes Events](./events)
-- [Firewall requirements]
+- [Firewall requirements](../operate/cluster#firewall)
 - [FAQ](./faq.md)
-- [Glossary](./glossary.md)
+- [Glossary](./glossary.md)

content/docs/2.17/reference/scaledjob-spec.md

@@ -5,9 +5,7 @@ weight = 4000
 
 ## Overview
 
-This specification describes the `ScaledJob` custom resource definition that defines the triggers and scaling behaviors use by KEDA 
-
-to scale jobs. The `.spec.ScaleTargetRef` section holds the reference to the job, defined in [_scaledjob_types.go_](https://github.com/kedacore/keda/blob/main/apis/keda/v1alpha1/scaledjob_types.go).
+This specification describes the `ScaledJob` custom resource definition that defines the triggers and scaling behaviors use by KEDA to scale jobs. The `.spec.ScaleTargetRef` section holds the reference to the job, defined in [_scaledjob_types.go_](https://github.com/kedacore/keda/blob/main/apis/keda/v1alpha1/scaledjob_types.go).
 
 ```yaml
 apiVersion: keda.sh/v1alpha1