cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
darynakovyrina
Dynatrace Mentor
Dynatrace Mentor

If you get this error after applying the DynaKube custom resource, your Kubernetes API server may be configured with a proxy. You need to exclude https://dynatrace-webhook.dynatrace.svc from that proxy.

Version history
Last update:
‎01 Dec 2023 01:10 PM
Updated by:
Comments
Omkar164
Frequent Guest

Hello,

I am getting below error while applying dynakube.yaml file.

 Error from server (InternalError): error when creating "dynakube.yaml": Internal error occurred: failed calling webhook "webhook.dynatrace.com": failed to call webhook: Post "https://dynatrace-webhook.dynatrace.svc:443/validate?timeout=10s": context deadline exceeded

I have reviewed  firewall egress 8443 port and for ingress 443 & 8443 port on your GKE cluster on both web & app cluster rule is applied kindly help me to know any other alternative to resolve this error.

Ashok_Selvaraj
Frequent Guest

Hello Experts, @darynakovyrina @Omkar164 

I am facing the same issue, Is any workaround/solution available? screenshot.png

 

Andriy_Sidorkin
Dynatrace Enthusiast
Dynatrace Enthusiast

Hi, everyone!
re: "undefined" error for x509 certificate check from the comment above by Ashok

 

The issue was the old webhook deployment that is actually deployed outside of the dynatrace namespace,

resulting in some "leftovers" from the previous Operator version installations

and this was also preventing the new Operator version (0.15.0) from being installed from the Operator Hub.

 

To resolve the issue, we deleted all the deployed resources using

kubectl/oc delete -f openshift.yaml


Afterwards, the installation was completed successfully.

I hope this helps anyone stumbling into similar issues with the webhook.

Sincerest, Andrew

nrparra83
Frequent Guest

Hi team,
I am presenting this same error, but I am implementing it for the first time in a kebernetes on premise environment with version v1.30.0, I have already validated permissions at the firewall level on ports 443 and 8443.

Has anyone been able to solve it?

image-1714514647096.png

image-1714513645317.png

Greetings,

gopher
Mentor
Hi, 

In your CRD 
Under annotations, you can add: 
 
 
feature.dynatrace.com/no-proxy: "dynakube-activegate.dynatrace.svc.cluster.local,.svc.cluster.local,.dynatrace.svc"
  feature.dynatrace.com/oneagent-ignore-proxy: "true"
 
Also, if your pulling images from a private repository, this also should be included in the no-proxy.  
There was a change after operator 14.2 that changed the way connections were handled.

This should help.

Thanks