so dynatrace serves it's own docker registry instead of providing us with a public repository .. well, that makes me encounter issues with kubernetes deploying it because our dynatrace managed runs on internal certificates, so the kubernetes workers do not know about them.
Since we're using PKS and that's not supported / a beta feature at the moment to use private certificates we'd like to push the activegate docker images to our artifactory (which has an official certificate).
To be clear, I do not want to use demonsets in the namespace to provide root and SubCAs to work around PKS.
For that, I'll need to download the images and provide them in our artifactory. The issue is - I can not seem to do that, because it does not let me log in to the dynatrace docker registry:
I assume dynatrace serves the registry in the normal HTTPS environment URL (https://server/e/environmentid)
docker login ourdynatraceserver/e/our-environment-id --username ad
min --password <TOKEN>
WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Error response from daemon: login attempt to https://ourdynatraceserver/v2/ failed with status: 401 Unauthorized
I'm using the admin user with the created PAAS token for accessing it. Since I can not login using docker, I suppose the generated secret for kubernetes wouldn't work either (I can not get around the certificate issue there at the moment, so I can't tell if docker could actually pull from kubernetes).
I also tried to do that via https://ourserver/e/ourenvironmentid/linux/activegate to see if it's served there - without luck either.
So: Where is the docker registry actually served in dynatrace? How to access it to pull the docker image?
Solved! Go to Solution.