Skip to content

SSLError Certificate verify failed (not the one about hostnames) #217

Closed
@seralogar

Description

@seralogar

Once I setup the kubernetes cluster with kubeadm init, I can access the API using the CA cert generated by kubeadm with no problem at all:

curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --cacert /etc/kubernetes/pki/apiserver.crt
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "$MYIP:6443"
    }
  ]
}

However, when doing so with the python client I get an SSL error

[...]
api_instance = kubernetes.client.AppsV1beta1Api()
dep = yaml.load(yamldocument % (name, replicas, label, container_name, image))
try:
    api_response = api_instance.create_namespaced_deployment('default', dep, pretty='true')
    pprint(api_response)
except ApiException as e:
    print("Exception: %s\n" % e)\
[...]
Exception: (0)
Reason: SSLError
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

The above won't work with python nor python3, and I've already run requirements.txt and setup.py with no luck.

The same script does work if I setup the API without TLS, by setting up kubectl proxy --port=8080.

I've tried adding the certificate to the ubuntu ca-certificate path but it didn't work.

Thanks in advance.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions