This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is Hybrid architecture (shared activegates beetween oneagent in vm and oneagent in container) valid ?

prgss
Frequent Guest

‎16 Sep 2025 11:07 AM

Hi Dynatrace,

We have trouble deploying CloudNative Dynatrace in OpenShift clusters.
Can you confirm us that these "hybrid" architecture is valid ?

dynatrace-noname.png

- Install CloudNative Dynatrace in OpenShift clusters with Company trustedCA in Dynakube

- Private docker registry holding OneAgent and codemodules images exposing the Company certificate (green box on the left)

- ActiveGate VM with Dynatrace self signed Certificate (purple box)

- Company Internet Proxy (no certificate)

- Notice that we have many oneagent deployed in virtual machine. These oneagents trust the ActiveGate VM Certificate.

- We don't want to change the exposed certificate of ActiveGate.

 

When we add the trustedCAs field in the dynakube configuration, the communication between oneagent pod and activegate vm are broken (invalid certificate).

 broken-cert.png

 

0 Kudos
Reply
1 REPLY 1

michiel_otten
Pro

‎16 Sep 2025 12:13 PM

In my opinion, the problem is that when you configure a trustedCA in Kubernetes, it will use it for all outgoing communication. Now: when the OneAgents want to sent out that information, it'll mismatch with the self-signed one.
You could potentially test this to add it to 1 of the Environment ActiveGate and put that one in a network zone.

if this doesn't help, I'd recommend getting Dynatrace support onboard to figure out what the best solution for you is.

michiel_otten_0-1758021178503.png

 

#Performance matter!
0 Kudos
Reply
Ask a question

Featured Posts