The underlying host's container runtime doesn't contain the certificate presented by your endpoint.
Note: The skipCertCheck field in the DynaKube YAML does not control this certificate check.
Example error (the error message may vary):
desc = failed to pull and unpack image "<environment>/linux/activegate:latest": failed to resolve reference "<environment>/linux/activegate:latest": failed to do request: Head "<environment>/linux/activegate/manifests/latest": x509: certificate signed by unknown authority Warning Failed ... Error: ErrImagePull Normal BackOff ... Back-off pulling image "<environment>/linux/activegate:latest" Warning Failed ... Error: ImagePullBackOff
In this example, if the description on your pod shows x509: certificate signed by unknown authority, you must fix the certificates on your Kubernetes hosts, or use the private repository configuration to store the images.
The documentation does not explicitly describe how to fix the Certificates on Kubernetes Hosts but just mention they need to be fixed.
Does anyone have a stepwise guide on how to fix this by resolving the certificate issue
Solved! Go to Solution.
The documentation does not describe the fix because 1) it is not Dynatrace product-related issue, 2) each environment has security requirements and technology dependency. The issue occurs because your container runtime client, which is responsible for pulling images from an image repository, does not trust the cert provided by that resource.
To solve this certificate issue, you need to add the certificate of the private image repository to the trusted CA (Certificate Authority) of your Kubernetes/Openshift cluster.
I believe this is what you are looking for https://docs.openshift.com/container-platform/4.10/openshift_images/image-configuration.html and look for additionalTrustedCA