cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Storing Dynatrace Image in Private Registry

Starhut
Participant

Hi, we are setting up the Dynatrace Openshift monitoring (classicFullstack).

After we applied the token and apply classicFullStack.yaml, dynakube pods are not shown

 
dynakube-controller","msg":"problem with token detected","dynakube":"dynakube","token":"APIToken","msg":"error when querying token on secret dynatrace:dynakube: error making post request to dynatrace api: Post \"https://xxxx/e/xxxx/api/v1/tokens/lookup\": x509: certificate relies on legacy Common Name field, use SANs instead"}
dynakube-controller","msg":"paas or api token not valid","name":"dynakube"}
 
Did anyone have encountered a similar error before?

 

 

9 REPLIES 9

theharithsa
Dynatrace Pro
Dynatrace Pro

Hi @Starhut 

Thanks for your question.


Looking at the error, I can see that PaaS or API token you are passing is not valid. Kindly check the right permissions while creating the token and apply the yaml file once again.

Love more, hate less; Technology for all, together we grow.

Hi @theharithsa ,

 

I checked on the token permission don't find anything wrong on it.

API v1 - Access problem and event feed, metrics, and topology,

PaaS integration - Installer download

follow according to prerequisite mentioned here:

https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/openshif...

 

I think the token is not valid is because of the prior error there " error making Post request" that reject it.

Thanks.

Hi @Starhut  

Wonder if the message regarding the certificate (x509: certificate relies on legacy Common Name field, use SANs instead) is info or error one ....

I would try to skip cert here 

HTH

Yos 

 

 

 

dynatrace certificated professional - dynatrace primer partner - Matrix Soft Ware Division - Israel

Hi @Yosi_Neuman 

I get the statement from: 

oc -n dynatrace logs -f deployment/dynatrace-operator.

 

Since I am using immutable image, I don't think skipcertcheck is possible. Correct me if I am wrong.

 

Thanks

Hi @Starhut ,

Please try to set skipCertCheck to true as explained  in documentation 

Yosi_Neuman_1-1647521138325.png

Update if the issue persist 

All the best and stay safe

Yos 

dynatrace certificated professional - dynatrace primer partner - Matrix Soft Ware Division - Israel

Hi @Yosi_Neuman ,

 

Please check this.

When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored

I am following this due to my environment is isolated from Internet.

Link 

 

Thanks.

Hi @Starhut 

Stand corrected.

One of our prospects had the similar issue and was able to over come it by adding the DT cluster to the allowed list in OpenShift. It was something that the OpenShift guys made and we didn't get any details how this was set.

If that will not work open a support ticket and support will be able to give you internal domain of your dynatrace cluster that can help to solve this issue.

HTH

Yos 

dynatrace certificated professional - dynatrace primer partner - Matrix Soft Ware Division - Israel

Peter_Ralston
Advisor

All,

 

We were receiving a similar issue in GKE deployment using the v.0.5.0 & v.0.5.1 operators.

│ Last Transition Time: 2022-05-10T02:51:26Z │
│ Message: error when querying token on secret dynatrace:dynakube: error making post request to dynatrace api: Post "https://<ActiveGate  URL> :9999/e/<env>/api/v1/token  ││ ns/lookup": EOF │
│ Reason: TokenError ││ Status: False │
│ Type: APIToken

There seems (or is) an issue where the Service entries for Istio were not added despite being enabled in the CRD (Resource), which caused the resulting errors to occur. 

We resolved the issue by manually adding the ServiceEntry and VirtualService objects
Configure Istio for OneAgent traffic in Kubernetes | Dynatrace Docs

 

Might help someone 

Starhut
Participant

In the end, we generated a certificate with san.cnf, reload into the server and able to resolve the issue.