总结
我有一个烧瓶应用程序部署到库伯内特斯与python 2.7.12,烧瓶0.12.2和使用请求库。我得到一个SSLError,而使用请求. session发送一个POST请求在容器内。当使用请求会话连接到https网址,请求抛出一个SSLError
一些背景
系统信息-我正在使用的:Python2.7.12,Flask==0.12.2,库伯内特斯,python-2.18.4
预期成果
发送POST请求后获取HTTP响应代码200
错误日志
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 511, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='dev.domain.nl', port=443): Max retries exceeded with url: /ingestion?LrnDevEui=0059AC0000152A03&LrnFPort=1&LrnInfos=TWA_100006356.873.AS-1-135680630&AS_ID=testserver&Time=2018-06-22T11%3A41%3A08.163%2B02%3A00&Token=1765b08354dfdec (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:661)'),))
/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:858:InsecureRequest estWarning:正在发出未经验证的HTTPS请求。强烈建议添加证书验证。请参阅:https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warningsInsecureRequest estWarning)
复制步骤
import requests
from flask import Flask, request, jsonify
from requests import Request, Session
sess = requests.Session()
adapter = requests.adapters.HTTPAdapter(max_retries = 200)
sess.mount('http://', adapter)
sess.mount('https://', adapter)
sess.cert ='/usr/local/lib/python2.7/site-packages/certifi/cacert.pem'
def test_post():
url = 'https://dev.domain.nl/ingestion/?'
header = {'Content-Type': 'application/json', 'Accept': 'application/json'}
response = sess.post(url, headers= header, params= somepara, data= json.dumps(data),verify=True)
print response.status_code
return response.status_code
def main():
threading.Timer(10.0, main).start()
test_post()
if __name__ == '__main__':
main()
app.run(host="0.0.0.0", debug=True, port=5001, threaded=True)
Docker文件
FROM python:2.7-alpine
COPY ./web /web
WORKDIR /web
RUN pip install -r requirements.txt
ENV FLASK_APP app.py
EXPOSE 5001
EXPOSE 443
CMD ["python", "app.py"]
问题可能出在缺少CA证书的高山Docker映像中。在您的笔记本电脑上,代码的工作原理是使用本地工作站的CA证书。我认为在本地运行Docker映像也会失败——所以问题不是k8s。
尝试将以下行添加到Dockerfile:
RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*
它将在容器内安装CA证书。