search

robusta-dev / homebrew-krr

Homebrew repository for installing KRR with brew
MIT License
0 stars 2 forks source link

[v1.12.0-main] - ERROR - CERTIFICATE_VERIFY_FAILED certificate trying Recommendations #5

Open jrosal06 opened 2 months ago

jrosal06 commented 2 months ago

Hello team,

we have this issue when we trying to run KRR on my OpenShift cluster

WARNING Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate connectionpool.py:826 verify failed: self signed certificate in certificate chain (_ssl.c:1129)'))': /apis/autoscaling/v2/horizontalpodautoscalers?watch=False WARNING Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate connectionpool.py:826 verify failed: self signed certificate in certificate chain (_ssl.c:1129)'))': /apis/autoscaling/v2/horizontalpodautoscalers?watch=False WARNING Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate connectionpool.py:826 verify failed: self signed certificate in certificate chain (_ssl.c:1129)'))': /apis/autoscaling/v2/horizontalpodautoscalers?watch=False ERROR Error trying to list hpa in cluster infraco-uat/api-ocp4-htr-cloudteco-com-ar:6443/kube:admin: HTTPSConnectionPool(host='api.ocp4-htr.cloudteco.com.ar', port=6443): Max retries exceeded with url: __init__.py:456 /apis/autoscaling/v2/horizontalpodautoscalers?watch=False (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

Thanks

arikalon1 commented 2 months ago

Hi @jrosal06

What is the prometheus_url you're using? Does it have a self-signed certificate?

jrosal06 commented 2 months ago

Hello,

prometheus_url: prometheus-k8s-openshift-monitoring.apps.ocp4-ptr.cloud.com.ar The certificate using this URL is signed by our internal Cert-Manager

jrosal06 commented 2 months ago

From what I understand, I need to upload the certificate for that URL somewhere (e.g. directory in Linux) but I don't know where to do it.

arikalon1 commented 2 months ago

Hi @jrosal06

We need to add a way to add a custom certificate. We'll add it soon