centreon-plugins icon indicating copy to clipboard operation
centreon-plugins copied to clipboard
verified publisher icon centreon

[cloud::prometheus::direct::kubernetes::plugin]: --ssl-opt argument does'nt seem to work

Open Pintademijote opened this issue 9 months ago • 1 comments

Hello,

I'm on a red hat 8 machine.

I want to use the Prometheus Kubernetes plugin, my prometheus API is behind an ingress with an mTLS configuration.

My version of the plugin is 20250114-094704.

So to access my prometheus API, I used the --ssl-opt of the plugin, specifically ``, --ssl-opt="SSL_cert_file => mycert.crt" and --ssl-opt="SSL_key_file => mykey.crt".

But I keep getting a 500 error:

UNKNOWN: 500 Can't connect to xxxx:443 (certificate verify failed)

The request is ok when I manually curl my ingress:

curl --cacert myca.crt --cert mycert.crt --key mykey.key https://xxx/

I changed the configuration of my ingress to TLS and only used -ssl-opt="SSL_ca_file => myca.crt" for the plugin, but I'm still getting the 500 error.

When I manually add the CA to the OS PKI or use the --insecure argument the plugin works.

Also, I try to use the option --ssl-opt="SSL_verify_mode => SSL_VERIFY_NONE" instead of --insecure but in that case I get back the 500 error.

Same, I try to used at the same time --ssl-opt="SSL_ca_file => myca.crt" and --insecure but I get a 500 error.

So do i miss something and use incorectly the options, or is it as i suspect a bug in the plugin?

Thank you an have a nice day.

Pintademijote avatar Apr 24 '25 11:04 Pintademijote

Hello @Pintademijote Thanks for reaching to us. Could you show us the whole command you are using ?(think about replacing each password/url before sharing it)

Our plugin support two http backend, lwp (the default) and curl. It looks like to me you are trying to use the ssl option of lwp, could you check you are using this backend and not the curl one ? You can change the backend with this option : --http-backend='curl' We generally have less problem with the curl backend than the lwp one.

Can you also check you are using absolute path to specify your files, and that they are readable by centreon-engine ?

Evan-Adam avatar Apr 29 '25 14:04 Evan-Adam

Hello :)

I will close this issue, but if the question becomes relevant again or if anyone else has the same question, feel free to reopen this topic.

lucie-tirand avatar Jul 23 '25 12:07 lucie-tirand