Python: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)
I can connect to my K8S with TLS connection
myclient = client.Configuration()
myclient.debug = True
myclient.host = kubemaster
myclient.ssl_cert = ssl_cert
myclient.api_key_prefix['authorization'] = 'Bearer'
myclient.api_key['authorization'] = cfc_token
myclient.assert_hostname= False
myclient.verify_ssl = False
apiclient = client.ApiClient(myclient)
self.v1 = client.CoreV1Api(apiclient)
self.v1.list_node()
But it will fail when I try this way
self.v1 = client.CoreV1Api()
self.v1.api_client.configuration.debug = True
self.v1.api_client.configuration.host = kubemaster
self.v1.api_client.configuration.ssl_cert = ssl_cert
self.v1.api_client.configuration.api_key_prefix['authorization'] = 'Bearer'
self.v1.api_client.configuration.api_key['authorization'] = cfc_token
self.v1.api_client.configuration.assert_hostname = False
self.v1.api_client.configuration.verify_ssl = False
self.v1.list_node()
Error messages are
2018-03-21 01:27:44,395 DEBUG Starting new HTTPS connection (5): my-ip-address
2018-03-21 01:27:44,407 DEBUG Incremented Retry for (url='/api/v1/namespaces/default/services'): Retry(total=2, connect=None, read=None, redirect=None, status=None)
2018-03-21 01:27:44,407 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)': /api/v1/namespaces/default/services
From the constructor of both class ApiClient(object) and class CoreV1Api(object), I suppose the above two code snippets will do the same thing.
def __init__(self, configuration=None, header_name=None, header_value=None, cookie=None):
if configuration is None:
configuration = Configuration()
self.configuration = configuration
self.pool = ThreadPool()
self.rest_client = RESTClientObject(configuration)
self.default_headers = {}
if header_name is not None:
self.default_headers[header_name] = header_value
self.cookie = cookie
# Set default User-Agent.
self.user_agent = 'Swagger-Codegen/5.0.0/python'
def __init__(self, api_client=None):
if api_client is None:
api_client = ApiClient()
self.api_client = api_client
dove-young
All 9 comments
I have the very similar issue on aliyun kubernetes, any update on this? Thanks.
georgedriver
on 4 Jun 2018
this will fix it
```bash
configuration = client.Configuration()
configuration.verify_ssl=False
configuration.debug = False
client.Configuration.set_default(configuration)
v1 = client.CoreV1Api()
vladislavPV
on 13 Jul 2018
@vladislavPV , I have tried your steps on my script but it is giving another issue:
ApiException: (401)
Reason: Unauthorized
HTTP response headers: HTTPHeaderDict({'Date': 'Sat, 28 Jul 2018 05:30:26 GMT', 'Content-Length': '129', 'Content-Type': 'application/json'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}
Any suggestions on this?
Thank you.
tusharraut1994
on 28 Jul 2018
@tusharraut1994 you have to add permissions for service account in pod you're running this code
https://github.com/helm/charts/blob/master/stable/cert-manager/templates/rbac.yaml
vladislavPV
on 30 Jul 2018
@vladislavPV I tried your code, still got the following error:
2018-08-29 16:59:15,843 WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(336445449, '[SSL] PEM lib (_ssl.c:2825)'),)': /api/v1/pods?watch=False
2018-08-29 16:59:15,890 WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(336445449, '[SSL] PEM lib (_ssl.c:2825)'),)': /api/v1/pods?watch=False
2018-08-29 16:59:15,937 WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(336445449, '[SSL] PEM lib (_ssl.c:2825)'),)': /api/v1/pods?watch=False
[2018-08-29 16:59:15,988] ERROR [agent.k8s.host_operations] [host_operations.py:79 _get_config_from_params()] - Kubernetes host error msg: HTTPSConnectionPool(host='x.x.x.x', port=xxxx): Max retries exceeded with url: /api/v1/pods?watch=False (Caused by SSLError(SSLError(336445449, '[SSL] PEM lib (_ssl.c:2825)'),))
Any thoughts?
pengisgood
on 29 Aug 2018
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale
fejta-bot
on 25 Apr 2019
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
fejta-bot
on 25 May 2019
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
fejta-bot
on 24 Jun 2019
@fejta-bot: Closing this issue.
In response to this:
Rotten issues close after 30d of inactivity.
Reopen the issue with/reopen.
Mark the issue as fresh with/remove-lifecycle rotten.Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
k8s-ci-robot
on 24 Jun 2019
Related issues
plee138
路
5Comments
codefetcher
路
4Comments
EricCat
路
3Comments
tdigangi
路
4Comments
ceridwen
路
4Comments
Most helpful comment
this will fix it
```bash
configuration = client.Configuration()
configuration.verify_ssl=False
configuration.debug = False
client.Configuration.set_default(configuration)