From 426fd28aac7aafc8720b3668cc39005090fcacdf Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@talos-systems.com>
Date: Tue, 6 Dec 2022 17:07:04 +0400
Subject: [PATCH] fix: workaround panic in the kubelet service controller

The traceback:

```
user: warning: [2022-12-02T17:31:09.496341098Z]: [talos] controller failed {"component": "controller-runtime", "controller": "k8s.KubeletServiceController", "error": "controller \x5c"k8s.KubeletServiceController\x5c" panicked: runtime error: invalid memory address or nil pointer dereference\x5cn\x5cngoroutine 308 [running]:\x5cnruntime/debug.Stack()\x5cn\x5ct/toolchain/go/src/runtime/debug/stack.go:24 +0x65\x5cngithub.com/cosi-project/runtime/pkg/controller/runtime.(*adapter).runOnce.func2()\x5cn\x5ct/.cache/mod/github.com/cosi-project/runtime@v0.1.1/pkg/controller/runtime/adapter.go:403 +0x5d\x5cnpanic({0x2b7b600, 0x536c7c0})\x5cn\x5ct/toolchain/go/src/runtime/panic.go:884 +0x212\x5cngithub.com/talos-systems/talos/internal/app/machined/pkg/controllers/k8s.updateKubeconfig(0xc0000d49b0?)\x5cn\x5ct/src/internal/app/machined/pkg/controllers/k8s/kubelet_service.go:302 +0xb8\x5cngithub.com/talos-systems/talos/internal/app/machined/pkg/controllers/k8s.(*KubeletServiceController).Run(0xc000956030, {0x389f7c0, 0xc000808040}, {0x38bce60, 0xc0000dfa80}, 0x0?)\x5cn\x5ct/s...
```

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>
(cherry picked from commit 82e8c9e1f63371f41b0794b4c1be3209847c5f8b)
---
 .../pkg/controllers/k8s/kubelet_service.go    | 22 ++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/internal/app/machined/pkg/controllers/k8s/kubelet_service.go b/internal/app/machined/pkg/controllers/k8s/kubelet_service.go
index 01cc3386f3..06b0699c9e 100644
--- a/internal/app/machined/pkg/controllers/k8s/kubelet_service.go
+++ b/internal/app/machined/pkg/controllers/k8s/kubelet_service.go
@@ -197,7 +197,7 @@ func (ctrl *KubeletServiceController) Run(ctx context.Context, r controller.Runt
 			}
 		}
 
-		err = updateKubeconfig(secretSpec.Endpoint)
+		err = updateKubeconfig(logger, secretSpec.Endpoint)
 		if err != nil {
 			return err
 		}
@@ -289,7 +289,7 @@ func (ctrl *KubeletServiceController) writeConfig(cfgSpec *k8s.KubeletSpecSpec)
 }
 
 // updateKubeconfig updates the kubeconfig of kubelet with the given endpoint if it exists.
-func updateKubeconfig(newEndpoint *url.URL) error {
+func updateKubeconfig(logger *zap.Logger, newEndpoint *url.URL) error {
 	config, err := clientcmd.LoadFromFile(constants.KubeletKubeconfig)
 	if errors.Is(err, os.ErrNotExist) {
 		return nil
@@ -299,7 +299,23 @@ func updateKubeconfig(newEndpoint *url.URL) error {
 		return err
 	}
 
-	cluster := config.Clusters[config.Contexts[config.CurrentContext].Cluster]
+	context := config.Contexts[config.CurrentContext]
+	if context == nil {
+		// this should never happen, but we can't fix kubeconfig if it is malformed
+		logger.Error("kubeconfig is missing current context", zap.String("context", config.CurrentContext))
+
+		return nil
+	}
+
+	cluster := config.Clusters[context.Cluster]
+
+	if cluster == nil {
+		// this should never happen, but we can't fix kubeconfig if it is malformed
+		logger.Error("kubeconfig is missing cluster", zap.String("context", config.CurrentContext), zap.String("cluster", context.Cluster))
+
+		return nil
+	}
+
 	if cluster.Server == newEndpoint.String() {
 		return nil
 	}