back to website

Werk #17562: agent_kube: requests.SSLError raised on connection using self signed certificates

Component Checks & agents
Title agent_kube: requests.SSLError raised on connection using self signed certificates
Date Feb 20, 2025
Level Trivial Change
Class Bug Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.5.0b1
Not yet released 		Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.4.0b1 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p28 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

Due to a regression introduced in the version 2.3.0, the environment variable REQUESTS_CA_BUNDLE was not taken into account. This resulted in

SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1006)')))

being raised if running agent_kube against instances using self signed certificates.

This change reimplements Werk #16892. The previous Werk did not implement the certificate handling for the Kubernetes API client or the OpenShift client. For this reason, some users did not see any change in behaviour after the Werk was released.

With this change, REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE are taken into account. The implementation mentioned by Werk #16892 needed to be replaced, see Werk #17562.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2024 Checkmk GmbH. All rights reserved.

Join our hybrid Monitoring Community event from May 20-22 in Munich and learn more about the latest Checkmk features and our roadmap at the Checkmk Conference #11

Register now