K
Q

SSL EOF Error when using Python Requests Session

6/22/2018

Summary

I have a flask application deployed to Kubernetes with python 2.7.12, Flask 0.12.2 and using requests library. I'm getting a SSLError while using requests.session to send a POST Request inside the container. When using requests sessions to connect to a https url , requests throws a SSLError

Some background

  • I have not added any certificates
  • The project works when I run a docker image locally but after deployment to kubernetes, from inside the container - the post request is not being sent to the url verify=false does not work either

System Info - What I am using: Python 2.7.12, Flask==0.12.2, Kubernetes, python-requests-2.18.4

Expected Result

Get HTTP Response code 200 after sending a POST request

Error Logs

r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 511, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='dev.domain.nl', port=443): Max retries exceeded with url: /ingestion?LrnDevEui=0059AC0000152A03&LrnFPort=1&LrnInfos=TWA_100006356.873.AS-1-135680630&AS_ID=testserver&Time=2018-06-22T11%3A41%3A08.163%2B02%3A00&Token=1765b08354dfdec (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:661)'),))

/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning)

Reproduction Steps

import requests
from flask import Flask, request, jsonify
from requests import Request, Session

sess = requests.Session()
adapter = requests.adapters.HTTPAdapter(max_retries = 200)
sess.mount('http://', adapter)
sess.mount('https://', adapter)
sess.cert ='/usr/local/lib/python2.7/site-packages/certifi/cacert.pem'


def test_post():
    url = 'https://dev.domain.nl/ingestion/?'
    header = {'Content-Type': 'application/json', 'Accept': 'application/json'}
    response = sess.post(url, headers= header, params= somepara, data= json.dumps(data),verify=True)
    print response.status_code
    return response.status_code

def main():
    threading.Timer(10.0, main).start()
    test_post()

if __name__ == '__main__':
    main()
    app.run(host="0.0.0.0", debug=True, port=5001, threaded=True)

Docker File

FROM python:2.7-alpine
COPY ./web /web
WORKDIR /web
RUN pip install -r requirements.txt

ENV FLASK_APP app.py

EXPOSE 5001
EXPOSE 443

CMD ["python", "app.py"]
-- CloudJedi
flask
kubernetes
python-2.7
python-requests
ssl

Similar Questions

ManageIQ displays no info for Kubernetes container provider and cluster-reader ClusterRole is missing
how to deploy hyperkube image in a kubernetes pod?
kubernetes envFrom: how to load variables located into pod filesystem file
Kubernetes: Perform command shell only container

1 Answer

6/22/2018

The problem may be in the Alpine Docker image that lacks CA certificates. On your laptop code works as it uses CA certs from you local workstation. I would think that running Docker image locally will fail too - so the problem is not k8s.

Try to add the following line to the Dockerfile:

RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*

It will install CA certs inside the container.

-- lexsys
Source: StackOverflow