Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dynatrace Mentor
Dynatrace Mentor

The underlying host's container runtime doesn't contain the certificate presented by your endpoint.

The skipCertCheck field in the DynaKube YAML doesn't control this certificate check. Additionally, the trustedCAs field in the DynaKube YAML is used to add custom Root Certificate Authorities for communication with the Dynatrace API and does not apply to the ActiveGate.

Example error (the error message may vary):

desc = failed to pull and unpack image "<environment>/linux/activegate:latest": failed to resolve reference "<environment>/linux/activegate:latest": failed to do request: Head "<environment>/linux/activegate/manifests/latest": x509: certificate signed by unknown authority
Warning Failed ... Error: ErrImagePull
Normal BackOff ... Back-off pulling image "<environment>/linux/activegate:latest"
Warning Failed ... Error: ImagePullBackOff

In this example, if the description on your pod shows x509: certificate signed by unknown authority, you must fix the certificates on your Kubernetes hosts, or use the private repository configuration to store the images. Additionally, for issues related to Dynatrace API communication, you can use the trustedCAs configuration in the DynaKube YAML to trust additional RootCAs. This involves adding custom RootCAs from a configmap where the key to the data must be "certs". This setting is specifically for enhancing security in API communications and does not influence the ActiveGate's certificate handling.

Version history
Last update:
‎16 Jan 2024 03:23 AM
Updated by:
Frequent Guest

Hi @darynakovyrina,


I have faced same issue with operator version v0.14.0, Where I got to know that there is a issue with operator itself and I rolled back to old operator version.
Can you please try the same with different operator version.



Thanks and Regards