Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[inputs/kube_inventory] fix TLS server name
The TLS config currently always sets the ServerName to the same as the baseURL. A URL is not a valid value, e.g. `https://kubernetes.example.com:6443` is not a valid ServerName value; the matching ServerName value should be `kubernetes.example.com`. This results in an error like - ``` 2021-10-21T12:15:40Z E! [inputs.kube_inventory] Error in plugin: Get "https://kubernetes.example.com:6443/apis/apps/v1/namespaces/default/deployments": x509: certificate is valid for kubernetes, kubernetes.default, kubernetes.default.svc, kubernetes.default.svc.cluster.local, localhost, kubernetes.example.com, not https://kubernetes.example.com:6443 ``` The ServerName value is not read from config, so I'm not sure why this currently works for anyone, unless they disable TLS verification through the `insecure_skip_verify` setting. The fix is to set ServerName to the `tls_server_name` config value if set, otherwise leave it blank, in which case, it will automatically use the hostname (https://github.com/kubernetes/client-go/blob/master/rest/config.go#L219). I can confirm that the inputs/kubernetes plugin does this (although it doesn't use the k8s client-go library), and it works properly by passing through the `tls_server_name` value or leaving it blank.
- Loading branch information