diff --git a/plugins/inputs/kube_inventory/README.md b/plugins/inputs/kube_inventory/README.md index 847efd7ffae1d..2a7a010256767 100644 --- a/plugins/inputs/kube_inventory/README.md +++ b/plugins/inputs/kube_inventory/README.md @@ -74,6 +74,8 @@ avoid cardinality issues: # tls_cert = "/path/to/certfile" ## Used for TLS client certificate authentication # tls_key = "/path/to/keyfile" + ## Send the specified TLS server name via SNI + # tls_server_name = "kubernetes.example.com" ## Use TLS but skip chain & host verification # insecure_skip_verify = false diff --git a/plugins/inputs/kube_inventory/client.go b/plugins/inputs/kube_inventory/client.go index 66455b004f918..da03c643283fe 100644 --- a/plugins/inputs/kube_inventory/client.go +++ b/plugins/inputs/kube_inventory/client.go @@ -23,7 +23,7 @@ type client struct { func newClient(baseURL, namespace, bearerToken string, timeout time.Duration, tlsConfig tls.ClientConfig) (*client, error) { c, err := kubernetes.NewForConfig(&rest.Config{ TLSClientConfig: rest.TLSClientConfig{ - ServerName: baseURL, + ServerName: tlsConfig.ServerName, Insecure: tlsConfig.InsecureSkipVerify, CAFile: tlsConfig.TLSCA, CertFile: tlsConfig.TLSCert, diff --git a/plugins/inputs/kube_inventory/kube_state.go b/plugins/inputs/kube_inventory/kube_state.go index 94cb5faf9048b..a1167a8ed2e02 100644 --- a/plugins/inputs/kube_inventory/kube_state.go +++ b/plugins/inputs/kube_inventory/kube_state.go @@ -81,6 +81,7 @@ var sampleConfig = ` # tls_ca = "/path/to/cafile" # tls_cert = "/path/to/certfile" # tls_key = "/path/to/keyfile" + # tls_server_name = "kubernetes.example.com" ## Use TLS but skip chain & host verification # insecure_skip_verify = false `