This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Cannot install Dynatrace operator on GKE

tamaraflorens
Visitor

‎08 Mar 2024 10:00 AM - last edited on ‎08 Mar 2024 12:02 PM by Community Team

Hi,

 

I'm Facing this issue after running kubectl apply -f dynakube.yaml

Error from server (InternalError): error when creating "dynakube.yaml": Internal error occurred: failed calling webhook "webhook.dynatrace.com": failed to call webhook: Post "https://dynatrace-webhook.dynatrace.svc:443/validate?timeout=10s": no endpoints available for service "dynatrace-webhook"

 

I following this step 

tamaraflorens_0-1709891765449.png

 

after searching they say that I should create firewalls rule ingress to port 8443. I do. but the error still the same.

this is my firewall rule configuration

tamaraflorens_1-1709891931560.png

please help..

 

Labels:
0 Kudos
Reply
13 REPLIES 13

agonzalez
Helper

‎08 Mar 2024 10:55 AM

Hello is your port 443 also open ? The url that you gave "https://dynatrace-webhook.dynatrace.svc:443" is set to port 443, check that your firewall allow the 443 port.

0 Kudos
Reply

agonzalez
Helper

‎08 Mar 2024 11:01 AM

You can find the dynatrace operator network policies/ports here: https://docs.dynatrace.com/docs/setup-and-configuration/setup-on-k8s/reference/network

0 Kudos
Reply

tamaraflorens
Visitor
In response to agonzalez

‎13 Mar 2024 04:04 AM

Thanks for your reply. I create firewall rule with allow all but unfortunately it didn't work

tamaraflorens_0-1710302628327.png

I'm still facing this error

Error from server (InternalError): error when creating "dynakube.yaml": Internal error occurred: failed calling webhook "webhook.dynatrace.com": failed to call webhook: Post "https://dynatrace-webhook.dynatrace.svc:443/validate?timeout=10s": no endpoints available for service "dynatrace-webhook"

0 Kudos
Reply

RazTN7
Dynatrace Champion
Dynatrace Champion

‎13 Mar 2024 08:52 AM - edited ‎13 Mar 2024 09:02 AM

Hi @tamaraflorens 

Is this Dynatrace Saas Env.
If yes. Can you curl from each node of GCP cluster and see the status as running.

curl -X GET https://{environmentid}.live.dynatrace.com/rest/health

 

It looks like 

mutatingwebhookconfiguration.
and
validatingwebhookconfiguration. service is simply not registering properly.

Follow:

$ kubectl get ValidatingWebhookConfiguration -A

or

$ kubectl describe mutatingwebhookconfigurations,validatingwebhookconfigurations > webhooks.txt

review the error message.

 

If the webhook is calling a service that doesn't exist, the webhook might be leftover from an incomplete or improper removal of a service. follow the steps to uninstall/delete the service.

$ kubectl delete validatingwebhookconfiguration <NAME>

$ kubectl delete mutatingwebhookconfiguration <NAME>

 

Ref - webhook debugging

Cheers!
RN

Have a nice day!
0 Kudos
Reply

tamaraflorens
Visitor
In response to RazTN7

‎13 Mar 2024 09:49 AM

Hi, @RazTN7 

thank you for your reply.

I have curl from every nodes and it running.

I also delete mutatingwebhookconfiguration and validatingwebhookconfiguration.

but error still the same. 

Reply

dortega
Participant

‎13 May 2024 11:55 PM

Hi , 

I have the same problem, the firewall rules are applied, but is not working fine when apply kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s

 

dortega_0-1715640733143.png

kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300stimed out waiting for the condition on pods/dynatrace-webhook-7bb4fbbdcf-svvlc
timed out waiting for the condition on pods/dynatrace-webhook-7bb4fbbdcf-xfq5c

 

Can you help me?

 

 

 

 

0 Kudos
Reply

dortega
Participant
In response to dortega

‎13 May 2024 11:57 PM

kubectl apply -f dynakube.yaml
secret/gkeproseller created
Error from server (InternalError): error when creating "dynakube.yaml": Internal error occurred: failed calling webhook "webhook.dynatrace.com": failed to call webhook: Post "https://dynatrace-webhook.dynatrace.svc:443/validate?timeout=2s": no endpoints available for service "dynatrace-webhook"

0 Kudos
Reply

gWalker_enGen
Newcomer
In response to dortega

‎04 Mar 2025 10:02 PM

@dortega Did you ever find a resolution to this problem? I am also getting the same error message: 
Error from server (InternalError): error when creating "./k8s/development/dynakube.yaml": Internal error occurred: failed calling webhook "v1beta2.dynakube.webhook.dynatrace.com": failed to call webhook: Post "https://dynatrace-webhook.dynatrace.svc:443/validate-dynatrace-com-v1beta2-dynakube?timeout=10s": no endpoints available for service "dynatrace-webhook"

0 Kudos
Reply

gopher
Pro

‎04 Mar 2025 11:44 PM

@tamaraflorens ,

Being that you are air gapped - In your CRD you will need to make sure that you set the feature.dynatrace.com/no-proxy:  in your annotations. 
This needs to be for your private repositories and the Dynatrace service address. 
This will prevent the Dynatrace components trying to go through the proxy.

  annotations:
    feature.dynatrace.com/automatic-kubernetes-api-monitoring-cluster-name: "#CONTEXT"  
    feature.dynatrace.com/no-proxy: ".dynatrace.svc,.artifactory.com,.amazonaws.com" #private repo
    feature.dynatrace.com/injection-readonly-volume: "true"
    feature.dynatrace.com/oneagent-initial-connect-retry-ms: "10000"
    feature.dynatrace.com/init-container-seccomp-profile: "true"
 
0 Kudos
Reply

gWalker_enGen
Newcomer
In response to gopher

‎05 Mar 2025 01:54 PM

@gopher The "no-proxy" remedy that you offer is dependent upon the Dynakube being created. However, kubectl apply -f dynakube.yaml command is throwing the error and preventing the Dynakube from being created. So I don't think setting the proxy and/or no-proxy in the Dynakube configuration is the solution to this problem.

0 Kudos
Reply

gopher
Pro
In response to gWalker_enGen

‎05 Mar 2025 09:52 PM

@gWalker_enGen , I wouldn't dismiss it.
I've been deploying on GKE for a long time and if you don't set this where you are air gapped and or have a local proxy for egress traffic, you will get this error.

why ? because the call has a HTTPS:// which will go to the proxy first - it's unlikely you have this address registered in the DNS.

The only other scenario is that the operator & webhook pods are not up - in which case your installation of the csi & operator has failed, in which case this will need to be fixed first - however doesn't seem to be the case based on information supplied. 


0 Kudos
Reply

gWalker_enGen
Newcomer
In response to gopher

‎07 May 2025 05:19 PM

@gopher In my case, I do have a DNS entry for my Dynatrace Host and my Operator and Webhook Pods are NOT up. When I describe my one running Webhook Pod, I get the following:

Liveness probe failed: Get "http://10.121.73.41:10080/livez": dial tcp 10.121.73.41:10080: connect: connection refused

Is this related to "healthchecks" and ports not being open? 

0 Kudos
Reply

IzabelaRokita
Community Team
Community Team

‎06 Jun 2025 09:11 AM

Hey @tamaraflorens , did you manage to find the solution to your problem? If so, it would be amazing if you've shared it with the rest of the Community! If not, let me know, and I'll look for some further assistance 😊

0 Kudos
Reply
Ask a question

Featured Posts