17 Nov 2022 01:55 PM - last edited on 18 Nov 2022 08:38 AM by MaciejNeumann
Hi,
I am setting up Kubernetes monitoring in our environment, and I am following the documentation for "Get started with Kubernetes/OpenShift monitoring"
We use a hosted EKS cluster, and have a specific naming convention for namespace names. This means I can't complete the first step to create a 'dynatrace' namespace. I have created a namespace using our naming convention, so am hoping to amend the config files for the rest to the process using our own namespace name.
For the next step 'Install Dynatrace Operator', I downloaded a local copy of the kubernetes.yaml file, and updated all instances of the namespace name to the new value of our custom namespace. When I ran the kubectl apply command using the local copy of the kubernetes.yaml file, it created some resources, but then gave a number of Forbidden errors. A sample of the output is shown below.
I notice that the Namespace in the forbidden error is blank, so perhaps I need some other config to be updated with my namespace name?
poddisruptionbudget.policy/dynatrace-webhook created
serviceaccount/dynatrace-activegate created
serviceaccount/dynatrace-kubernetes-monitoring created
serviceaccount/dynatrace-dynakube-oneagent-privileged created
serviceaccount/dynatrace-dynakube-oneagent-unprivileged created
serviceaccount/dynatrace-operator created
serviceaccount/dynatrace-webhook created
service/dynatrace-webhook created
deployment.apps/dynatrace-operator created
deployment.apps/dynatrace-webhook created
Error from server (Forbidden): error when retrieving current configuration of:
Resource: "apiextensions.k8s.io/v1, Resource=customresourcedefinitions", GroupVersionKind: "apiextensions.k8s.io/v1, Kind=CustomResourceDefinition"
Name: "dynakubes.dynatrace.com", Namespace: ""
from server for: "/root/.kube/kubernetes.yaml": customresourcedefinitions.apiextensions.k8s.io "dynakubes.dynatrace.com" is forbidden: User "dyna-********" cannot get resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope
Solved! Go to Solution.
10 Jan 2023 03:51 PM
@nick_chard were you able to get this sorted out?
18 Jan 2023 09:45 AM
Hi Chad,
No I didn't get a resolution. After doing some more research into it, the error suggests it's a permissions problem, and my account doesn't have the correct permissions at the EKS cluster level, however, I have managed to prove this yet, or get a working solution.
18 Jan 2023 07:20 PM
Hi @nick_chard !
Which deployment mode did you use ?
Did you try the latest release 0.10.2? https://www.dynatrace.com/support/help/whats-new/release-notes/dynatrace-operator
Also maybe troubleshoot command could help you :
kubectl exec deploy/dynatrace-operator -n dynatrace -- dynatrace-operator troubleshoot --namespace=yourcustomnamespace --dynakube=yourdynakubename