search

DataDog / integrations-extras

Community developed integrations and plugins for the Datadog Agent.
BSD 3-Clause "New" or "Revised" License
252 stars 733 forks source link

Please add support for self signed certificates in Aqua integration (ssl_verify: false) #1286

Open makrauz opened 2 years ago

makrauz commented 2 years ago

Output of the info page

Agent (v7.32.2)
Status date: 2022-04-25 20:31:50.601 UTC (1650918710601)
Agent start: 2022-04-25 19:25:15.476 UTC (1650914715476)
Pid: 1
Go Version: go1.16.7
Python Version: 3.8.11
Build arch: amd64
Agent flavor: agent
Check Runners: 4
Log Level: INFO

Paths
Config File: /etc/datadog-agent/datadog.yaml
conf.d: /etc/datadog-agent/conf.d
checks.d: /etc/datadog-agent/checks.d
Clocks
NTP offset: -1.624ms
System time: 2022-04-25 20:31:50.601 UTC (1650918710601)
Host Info
bootTime: 2022-04-22 14:53:13 UTC (1650639193000)
kernelArch: x86_64
kernelVersion: 5.4.0-1062-azure
os: linux
platform: ubuntu
platformFamily: debian
platformVersion: 21.04
procs: 197
uptime: 76h32m5s
=========
Collector
Running Checks
aqua (1.0.0)
------------
  Instance ID: aqua:c4d59678e70b91da [OK]
  Configuration Source: file:/etc/datadog-agent/conf.d/aqua.yaml
  Total Runs: 265
  Metric Samples: Last Run: 0, Total: 0
  Events: Last Run: 0, Total: 0
  Service Checks: Last Run: 1, Total: 265
  Average Execution Time : 62ms
  Last Execution Date : 2022-04-25 20:31:40 UTC (1650918700000)
  Last Successful Execution Date : 2022-04-25 20:31:40 UTC (1650918700000)

Additional environment details (Operating System, Cloud provider, etc): Datadog agent with Aqua integration enabled in AKS The cluster is hosting Aqua agent and Istio

Yaml config:

aqua.yaml: |- cluster_check: true init_config: instances:

Steps to reproduce the issue:

  1. Enable aqua integration as per documentation
  2. Deploy Datadog Agent to AKS cluster
  3. Verify if integration is connecting to Aqua

Describe the results you received:

Error when initializing agent: 2022-04-25 20:25:10 UTC | CORE | ERROR | (pkg/collector/python/datadog_agent.go:122 in LogMessage) | aqua:c4d59678e70b91da | (aqua.py:52) | Failed to get Aqua token, skipping check. Error: HTTPSConnectionPool(host='aqua-web.dev.domain.com', port=443): Max retries exceeded with url: /api/v1/login (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1131)')))

Describe the results you expected:

Self signed certificate is accepted/not verified

Additional information you deem important (e.g. issue happens only occasionally):

hithwen commented 2 years ago

Hallo, can you contact support about this issue?

makrauz commented 2 years ago

Already did contact support. They said it is a community developed integration.

aamilev94 commented 2 years ago

@hithwen We have exhausted options form Datadog support side. The integration does not appear to support the tls_verify parameter hence why we cannot get past the SSL Verification error.