onzyone opened a new issue, #54631: URL: https://github.com/apache/airflow/issues/54631
### Apache Airflow version 3.0.4 ### If "Other Airflow 2 version" selected, which one? 3.0.4 ### What happened? ocp worker pod is not able to connect to the airflow api server after k8s execuoter -> k8s schduler starts the the worker pod ### What you think should happen instead? when we run a dag in ocp the worker pod should be able to connect to the airflow api server. ### How to reproduce sorry i can't extract the log files from my company to include in this issue but the th'dr: 1. we are running on ocp with k8s executor 1. we have 3.0.2 running with one pod per service 1. we upgraded to 3.0.4 1. when testing a simple bash operator, the airflow scheduler starts up the worker pod, k8s picks it up and starts the pod. 1. there is a warning event "Starting call to "airflow.sdk.api.client.Client.request", this is the 1st time call it." 1. after the 4th call, the supervisor SIGKILLs the process with a -9 1. (this is where it would be nice to give you the stack trace ... but the last line `httpx.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1010) if we remove `kwargs["verify"] = ctx` in the following code during our docker build time https://github.com/apache/airflow/blob/main/task-sdk/src/airflow/sdk/api/client.py#L825-L829 it works again. we are not able to generate a self signed cert or pass the crt key. ### Operating System deb bookworm with python 3.12 ### Versions of Apache Airflow Providers we are using standard 3.0.4 constraints file werkzeug upgraded to 3.0.3 cryptography upgraded to 43.0.0 ### Deployment Other ### Deployment details _No response_ ### Anything else? _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [x] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
