HPA Targets Invalid Object
- Query id: 2f652c42-619d-4361-b361-9f599688f8ca
- Query name: HPA Targets Invalid Object
- Platform: Kubernetes
- Severity: Low
- Category: Availability
- CWE: 400
- URL: Github
Description¶
The Horizontal Pod Autoscaler must target a valid object
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: php-apache
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: php-apache
minReplicas: 1
maxReplicas: 10
metrics:
- type: Object
object:
metric:
name: requests-per-second
target:
type: Value
value: 10k
describedObject:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: php-apache
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: php-apache
minReplicas: 1
maxReplicas: 10
metrics:
- type: Object
object:
metric:
name: requests-per-second
describedObject:
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
name: main-route
target:
type: Value
value: 10k
Negative test num. 2 - yaml file
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: matching-svc
namespace: default
spec:
metrics:
- resource:
name: cpu
target:
averageUtilization: 50
type: Utilization
type: Resource
minReplicas: 1
maxReplicas: 5
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: matching-svc