HPA Targets Invalid Object

• Query id: 17e52ca3-ddd0-4610-9d56-ce107442e110
• Query name: HPA Targets Invalid Object
• Platform: Terraform
• Severity: Low
• Category: Availability
• URL: Github

Description

The Horizontal Pod Autoscaler must target a valid object
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "kubernetes_horizontal_pod_autoscaler" "example" {
  metadata {
    name = "test"
  }

  spec {
    min_replicas = 50
    max_replicas = 100

    scale_target_ref {
      kind = "Deployment"
      name = "MyApp"
    }

    metric {
      type = "External"
      external {
        metric {
          name = "latency"
          selector {
            match_labels = {
              lb_name = "test"
            }
          }
        }
        target {
          type  = "Value"
          value = "100"
        }
      }
    }
  }
}

resource "kubernetes_horizontal_pod_autoscaler" "example2" {
  metadata {
    name = "test"
  }

  spec {
    min_replicas = 50
    max_replicas = 100

    scale_target_ref {
      kind = "Deployment"
      name = "MyApp"
    }

    metric {
      type = "Object"
      object {
        target {
          type  = "Value"
          value = "100"
        }
      }
    }
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "kubernetes_horizontal_pod_autoscaler" "example5" {
  metadata {
    name = "test"
  }

  spec {
    min_replicas = 50
    max_replicas = 100

    scale_target_ref {
      kind = "Deployment"
      name = "MyApp"
    }

    metric {
      type = "Object"
      object {
        metric {
          name = "latency"
        }
        described_object {
          name = "main-route"
          api_version = "networking.k8s.io/v1beta1"
          kind = "Ingress"
        }
        target {
          type  = "Value"
          value = "100"
        }
      }
    }
  }
}