Description
In pkg/keda/deployer.go at line 180, the code accesses service.Spec.Ports[0].Port to build the HTTP ScaledObject:
ScaleTargetRef: httpv1alpha1.ScaleTargetRef{
APIVersion: "apps/v1",
Kind: "Deployment",
Name: deployment.Name,
Service: service.Name,
Port: service.Spec.Ports[0].Port,The service object is fetched live from the Kubernetes cluster just a few lines prior. While the upstream Knative/k8s deployers will always generate a service with exactly one port during normal operations, this code lacks a defensive length check on the Ports slice. If a user or an external controller manually modifies the service in the cluster to remove its ports, the KEDA deployer will crash with an out of bounds panic during reconciliation.
Expected Behavior
The code should defensively check len(service.Spec.Ports) > 0 and return a descriptive error if the service has no ports, rather than allowing a runtime panic.
Description
In
pkg/keda/deployer.goat line 180, the code accessesservice.Spec.Ports[0].Portto build the HTTP ScaledObject:The
serviceobject is fetched live from the Kubernetes cluster just a few lines prior. While the upstream Knative/k8s deployers will always generate a service with exactly one port during normal operations, this code lacks a defensive length check on thePortsslice. If a user or an external controller manually modifies the service in the cluster to remove its ports, the KEDA deployer will crash with an out of bounds panic during reconciliation.Expected Behavior
The code should defensively check
len(service.Spec.Ports) > 0and return a descriptive error if the service has no ports, rather than allowing a runtime panic.