Werk #16892: agent_kube: requests.SSLError raised on connection using self signed certificates

Component Checks & agents
Title agent_kube: requests.SSLError raised on connection using self signed certificates
Date Sep 2, 2024
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1
Not yet released
Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p15 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.2.0p33 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Newer versions of requests don't take REQUESTS_CA_BUNDLE into account, resulting in

requests.exceptions.SSLError: \
    HTTPSConnectionPool(host='<collector>', port=443): \
        Max retries exceeded with url: \
            /metadata (Caused by SSLError( \
                SSLCertVerificationError(1, \
                    '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: \
                        self signed certificate in certificate chain (_ssl.c:1006)')))

being raised if running agent_kube against instances using self signed certificates.

This change invokes session.merge_environment_settings() to take REQUESTS_CA_BUNDLE into account again.

See GitHub: 2807: Use merge_environment_settings method in sessions.send method and GitHub: 3626: HTTP Proxy with prepared request (honouring env. var.)

To the list of all Werks