I am trying to use the Kubernetes Python client to connect to my Kubernetes cluster. The API is behind an SSL certificate signed by my CA. If I try to access any API, I get an SSL error about certificate verification failing.
I found a v1beta1_api_service_spec.py library that has a parameter for ca_bundle to verify the certificate, but the core_v1_api.py and api_client.py do not have parameter options for ca_bundle.
How do I pass the CA certificate so I can access the API over HTTPS?
** Solution **
Based on Matthew's pointer, I was able to figure out the problem. Initially, I was using the Kubernetes config module to load the configuration from the ~/.kube/config file.
from kubernetes import client, config
config.load_kube_config()
This wasn't working on the client I was testing on, but kubectl was working from my PC, so I checked, and found that the .kube/config file did not specify the CA cert. I added it in, and then it worked.
apiVersion: v1
clusters:
- cluster:
api-version: v1
certificate-authority: /path/to/ca_chain.crt
server: "https://my-kubernetes-cluster"
...
I also was able to figure out how to manually build the configuration if you do not want to create the .kube/config file on the host.
from kubernetes import client
from kubernetes.client import Configuration, ApiClient
config = Configuration()
config.api_key = {'authorization': 'Bearer <api_key>'}
config.host = 'https://my-kubernetes-cluster'
config.ssl_ca_cert = "/path/to/ca_chain.crt"
api_client = ApiClient(configuration=config)
v1 = client.CoreV1Api(api_client)
v1.list_pod_for_all_namespaces(watch=False)
