Werk #16892: agent_kube: requests.SSLError raised on connection using self signed certificates

Component

Checks & agents

Title

agent_kube: requests.SSLError raised on connection using self signed certificates

Date

Sep 2, 2024

Level

Trivial Change

Class

Bug Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

2.4.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p15	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p33	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Newer versions of requests don't take REQUESTS_CA_BUNDLE into account, resulting in

requests.exceptions.SSLError: \
    HTTPSConnectionPool(host='<collector>', port=443): \
        Max retries exceeded with url: \
            /metadata (Caused by SSLError( \
                SSLCertVerificationError(1, \
                    '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: \
                        self signed certificate in certificate chain (_ssl.c:1006)')))

being raised if running agent_kube against instances using self signed certificates.

This change invokes session.merge_environment_settings() to take REQUESTS_CA_BUNDLE into account again.

See GitHub: 2807: Use merge_environment_settings method in sessions.send method and GitHub: 3626: HTTP Proxy with prepared request (honouring env. var.)

To the list of all Werks