cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ActiveGate Certificate Setup

bbagdon1
Visitor

https://github.com/Dynatrace/dynatrace-operator/issues/3743

 

Is your feature request related to a problem? Please describe.
I am attempting to use the Log Ingest endpoint from the in-cluster activegate created by the operator.
When setting up the certificate, ran into issues with using a tls secret and had to manually create a secret for dynatrace operator to use.
Also, the oneagent pods required an undocumented configuration in the secret requiring a server.crt key to intialize

Name:         dynatrace-formatted-secret
Namespace:    dynatrace
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:    26 bytes
server.crt:  680 bytes
server.p12:  2981 bytes
 

Describe the solution you'd like
This would be much simpler to configure if the secret reference in DynaKube followed the tls secret format kubernetes.io/tls along with removing the password requirement
https://cert-manager.io/docs/faq/#why-are-passwords-on-jks-or-pkcs12-files-not-helpful

Name:         activegate-certificate-tls
Namespace:    dynatrace
Labels:       controller.cert-manager.io/fao=true
Annotations:  cert-manager.io/alt-names: activegate.dynatrace.svc.cluster.local,activegate
              cert-manager.io/certificate-name: activegate-certificate
              cert-manager.io/common-name:
              cert-manager.io/ip-sans:
              cert-manager.io/issuer-group:
              cert-manager.io/issuer-kind: ClusterIssuer
              cert-manager.io/issuer-name: internaltraffic-ca-issuer
              cert-manager.io/uri-sans:

Type:  kubernetes.io/tls

Data
====
ca.crt:          680 bytes
keystore.p12:    2981 bytes
tls.crt:         1009 bytes
tls.key:         1679 bytes
truststore.p12:  903 bytes
 

server.crt in the dynatrace-formatted-secret = ca.crt on the activegate-certificate-tls
server.p12 in the dynatrace-formatted-secret = keystore.p12 on the activegate-certificate-tls

Describe alternatives you've considered
I've considered alternative methods of generating this secret by combining data from various in-cluster objects

 

 

0 REPLIES 0

Featured Posts