12 Sep 2024 05:16 PM - last edited on 13 Sep 2024 07:36 AM by MaciejNeumann
https://github.com/Dynatrace/dynatrace-operator/issues/3743
Is your feature request related to a problem? Please describe.
I am attempting to use the Log Ingest endpoint from the in-cluster activegate created by the operator.
When setting up the certificate, ran into issues with using a tls secret and had to manually create a secret for dynatrace operator to use.
Also, the oneagent pods required an undocumented configuration in the secret requiring a server.crt key to intialize
Name: dynatrace-formatted-secret Namespace: dynatrace Labels: <none> Annotations: <none> Type: Opaque Data ==== password: 26 bytes server.crt: 680 bytes server.p12: 2981 bytes
Describe the solution you'd like
This would be much simpler to configure if the secret reference in DynaKube followed the tls secret format kubernetes.io/tls along with removing the password requirement
https://cert-manager.io/docs/faq/#why-are-passwords-on-jks-or-pkcs12-files-not-helpful
Name: activegate-certificate-tls Namespace: dynatrace Labels: controller.cert-manager.io/fao=true Annotations: cert-manager.io/alt-names: activegate.dynatrace.svc.cluster.local,activegate cert-manager.io/certificate-name: activegate-certificate cert-manager.io/common-name: cert-manager.io/ip-sans: cert-manager.io/issuer-group: cert-manager.io/issuer-kind: ClusterIssuer cert-manager.io/issuer-name: internaltraffic-ca-issuer cert-manager.io/uri-sans: Type: kubernetes.io/tls Data ==== ca.crt: 680 bytes keystore.p12: 2981 bytes tls.crt: 1009 bytes tls.key: 1679 bytes truststore.p12: 903 bytes
server.crt in the dynatrace-formatted-secret = ca.crt on the activegate-certificate-tls
server.p12 in the dynatrace-formatted-secret = keystore.p12 on the activegate-certificate-tls
Describe alternatives you've considered
I've considered alternative methods of generating this secret by combining data from various in-cluster objects