From ceaa104bb863f4ca5a5de5105068a3e7c64e3fdf Mon Sep 17 00:00:00 2001
From: Sam Lai <70988+slai@users.noreply.github.com>
Date: Tue, 7 Dec 2021 15:30:27 +0000
Subject: [PATCH] fix(inputs/kube_inventory): set TLS server name config
 properly (#9975)

---
 plugins/inputs/kube_inventory/README.md     | 2 ++
 plugins/inputs/kube_inventory/client.go     | 2 +-
 plugins/inputs/kube_inventory/kube_state.go | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/inputs/kube_inventory/README.md b/plugins/inputs/kube_inventory/README.md
index 847efd7ffae1d..2a7a010256767 100644
--- a/plugins/inputs/kube_inventory/README.md
+++ b/plugins/inputs/kube_inventory/README.md
@@ -74,6 +74,8 @@ avoid cardinality issues:
   # tls_cert = "/path/to/certfile"
   ## Used for TLS client certificate authentication
   # tls_key = "/path/to/keyfile"
+  ## Send the specified TLS server name via SNI
+  # tls_server_name = "kubernetes.example.com"
   ## Use TLS but skip chain & host verification
   # insecure_skip_verify = false
 
diff --git a/plugins/inputs/kube_inventory/client.go b/plugins/inputs/kube_inventory/client.go
index 66455b004f918..da03c643283fe 100644
--- a/plugins/inputs/kube_inventory/client.go
+++ b/plugins/inputs/kube_inventory/client.go
@@ -23,7 +23,7 @@ type client struct {
 func newClient(baseURL, namespace, bearerToken string, timeout time.Duration, tlsConfig tls.ClientConfig) (*client, error) {
 	c, err := kubernetes.NewForConfig(&rest.Config{
 		TLSClientConfig: rest.TLSClientConfig{
-			ServerName: baseURL,
+			ServerName: tlsConfig.ServerName,
 			Insecure:   tlsConfig.InsecureSkipVerify,
 			CAFile:     tlsConfig.TLSCA,
 			CertFile:   tlsConfig.TLSCert,
diff --git a/plugins/inputs/kube_inventory/kube_state.go b/plugins/inputs/kube_inventory/kube_state.go
index 94cb5faf9048b..a1167a8ed2e02 100644
--- a/plugins/inputs/kube_inventory/kube_state.go
+++ b/plugins/inputs/kube_inventory/kube_state.go
@@ -81,6 +81,7 @@ var sampleConfig = `
   # tls_ca = "/path/to/cafile"
   # tls_cert = "/path/to/certfile"
   # tls_key = "/path/to/keyfile"
+  # tls_server_name = "kubernetes.example.com"
   ## Use TLS but skip chain & host verification
   # insecure_skip_verify = false
 `