From a37125d043b2b22bce4f4acbe78d6f80e711c7d9 Mon Sep 17 00:00:00 2001
From: Hui Wang <hui.wang@daocloud.io>
Date: Sat, 28 Oct 2023 02:20:22 +0800
Subject: [PATCH] lib/promscrape/discovery/kubernetes: avoid possible panic if
 given caFile under kubernetes.SDConfig.HTTPClientConfig is not exist (#5243)

follow up https://github.com/VictoriaMetrics/VictoriaMetrics/commit/d5a599badce3ff84c3ef236e1e8c3fb38514f272
---
 lib/promscrape/discovery/kubernetes/api.go         | 4 ++++
 lib/promscrape/discovery/kubernetes/api_watcher.go | 1 +
 2 files changed, 5 insertions(+)

diff --git a/lib/promscrape/discovery/kubernetes/api.go b/lib/promscrape/discovery/kubernetes/api.go
index 79615b320..a01feaad1 100644
--- a/lib/promscrape/discovery/kubernetes/api.go
+++ b/lib/promscrape/discovery/kubernetes/api.go
@@ -90,6 +90,10 @@ func newAPIConfig(sdc *SDConfig, baseDir string, swcFunc ScrapeWorkConstructorFu
 	for strings.HasSuffix(apiServer, "/") {
 		apiServer = apiServer[:len(apiServer)-1]
 	}
+	// pre-check tls config
+	if _, err := ac.NewTLSConfig(); err != nil {
+		return nil, fmt.Errorf("cannot initialize tls config: %w", err)
+	}
 	aw := newAPIWatcher(apiServer, ac, sdc, swcFunc)
 	cfg := &apiConfig{
 		aw: aw,
diff --git a/lib/promscrape/discovery/kubernetes/api_watcher.go b/lib/promscrape/discovery/kubernetes/api_watcher.go
index 5894f6107..d44b60cd6 100644
--- a/lib/promscrape/discovery/kubernetes/api_watcher.go
+++ b/lib/promscrape/discovery/kubernetes/api_watcher.go
@@ -234,6 +234,7 @@ func newGroupWatcher(apiServer string, ac *promauth.Config, namespaces []string,
 		proxy = http.ProxyURL(proxyURL)
 	}
 	tlsConfig, err := ac.NewTLSConfig()
+	// we should always check tlsconfig in advance to avoid panic here
 	if err != nil {
 		logger.Panicf("FATAL: cannot initialize tls config: %s", err)
 	}