19 Aug 2021 08:43 AM - edited 19 Aug 2021 08:45 AM
Hi there,
so dynatrace serves it's own docker registry instead of providing us with a public repository .. well, that makes me encounter issues with kubernetes deploying it because our dynatrace managed runs on internal certificates, so the kubernetes workers do not know about them.
Since we're using PKS and that's not supported / a beta feature at the moment to use private certificates we'd like to push the activegate docker images to our artifactory (which has an official certificate).
To be clear, I do not want to use demonsets in the namespace to provide root and SubCAs to work around PKS.
For that, I'll need to download the images and provide them in our artifactory. The issue is - I can not seem to do that, because it does not let me log in to the dynatrace docker registry:
Taken from there: https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernet...
I assume dynatrace serves the registry in the normal HTTPS environment URL (https://server/e/environmentid)
docker login ourdynatraceserver/e/our-environment-id --username ad
min --password <TOKEN>
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: login attempt to https://ourdynatraceserver/v2/ failed with status: 401 Unauthorized
I'm using the admin user with the created PAAS token for accessing it. Since I can not login using docker, I suppose the generated secret for kubernetes wouldn't work either (I can not get around the certificate issue there at the moment, so I can't tell if docker could actually pull from kubernetes).
I also tried to do that via https://ourserver/e/ourenvironmentid/linux/activegate to see if it's served there - without luck either.
So: Where is the docker registry actually served in dynatrace? How to access it to pull the docker image?
Thanks!
Solved! Go to Solution.
19 Aug 2021 10:03 AM
Got it solved with the One Support guys..
actually, the user name for the login is the enviornment ID, not the owner of the PaaS token but the environment id!
Thanks!
15 Jan 2025 02:43 PM
How to pull (example)
docker login https://<your_dynt_host>/e/<your_env_id> --username <your_env_id> --password <your API token with pass download scope>
docker pull <your_dynt_host>/e/<your_env_id>/linux/oneagent:1.293.153-raw     # does not work with 1.293.153.20240702-150912
docker pull <your_dynt_host>/e/<your_env_id>/linux/codemodule:1.293.153-raw   # does not work with 1.293.153.20240702-150912
docker pull <your_dynt_host>/e/<your_env_id>/linux/activegate:1.303.18-raw    # does not work with 1.303.18.20241106-152232
16 Jan 2025 09:38 AM
Does anyone was able to pull a Docker image of OneAgent with fully qualified version number like 1.293.153.20240702-150912 ?
# any one did successfully that ?
docker pull <your_dynt_host>/e/<your_env_id>/linux/oneagent:1.293.153.20240702-150912❓
16 Jan 2025 12:57 PM
Support pointed the doc : https://docs.dynatrace.com/docs/ingest-from/setup-on-k8s/guides/container-registries/prepare-private...
Thanks dear support (sorry for the noise).
21 Aug 2025 09:13 AM
Oops.
Don't: Warning: https://docs.dynatrace.com/docs/shortlink/prepare-private-registry#dynatrace-container-images says : Please do not use the Dynatrace built-in registry for copying images to private registries. An exception applies for the OneAgent image for Classic Full-Stack, where the respective image must be copied from the built-in registry to work properly.
Do : pull from https://docs.dynatrace.com/docs/shortlink/use-public-registry#supported-public-registries.
