cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Did someone encounter this problem when integrating with Openshift 4.2 with TLS Certificate?

jcorreaalvarez
Newcomer

Hello some one had problems integrating Dynatrace with Openshift 4.2 with TLS errors. Presenting this the following message in UI and logs,


The integration work Ok with API Token and Bearer Token ,without Certification enable.

When try to enable this is observed Red Error and this entry on log

2020-04-01 13:38:38 UTC INFO [<tenant> ] [KubernetesFastCheck] Fast check failed for endpoint https://api.xxx..xxx.com:443/api with SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [Suppressing further identical messages for 3600000 ms]

Apparently the OCP side certificate (.pem) does not present API URI.

Has anyone working this integration with Certificate OK ? Thank you!


2 REPLIES 2

DanielS
Advisor

Certificate management for Cloud Foundry, Kubernetes, and OpenShift communication


Jorge please check this https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/se...


The bearer token is invalid and the request has been rejected by the Kubernetes API. Verify the bearer token. Make sure it doesn't contain any whitespaces. If you're connecting to a Kubernetes cluster API via a centralized external role-based access control (RBAC) consult the documentation of the Kubernetes cluster manager.

The true delight is in the finding out rather than in the knowing.

Thanks Daniel this configuration was used from beginning but the trouble detected is into

.PEM generated from OCP Cluster .

echo Q | openssl s_client -connect google.com:443 | openssl x509 -outform PEM > dt_k8s_api.pem

This may be not deliver CN and SAM fields with information valid (API hostname and IP ),only seen DNS IP..

My questions if only is somebody has same difficult.


Thanks in advance

Jorge