Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ActiveGate Certificate Setup #3743

Closed
wbagdon opened this issue Sep 6, 2024 · 2 comments
Closed

ActiveGate Certificate Setup #3743

wbagdon opened this issue Sep 6, 2024 · 2 comments
Labels
feature request Request for a non-existing feature

Comments

@wbagdon
Copy link

wbagdon commented Sep 6, 2024

Is your feature request related to a problem? Please describe.
I am attempting to use the Log Ingest endpoint from the in-cluster activegate created by the operator.
When setting up the certificate, ran into issues with using a tls secret and had to manually create a secret for dynatrace operator to use.
Also, the oneagent pods required an undocumented configuration in the secret requiring a server.crt key to intialize

Name:         dynatrace-formatted-secret
Namespace:    dynatrace
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
password:    26 bytes
server.crt:  680 bytes
server.p12:  2981 bytes

Describe the solution you'd like
This would be much simpler to configure if the secret reference in DynaKube followed the tls secret format kubernetes.io/tls along with removing the password requirement
https://cert-manager.io/docs/faq/#why-are-passwords-on-jks-or-pkcs12-files-not-helpful

Name:         activegate-certificate-tls
Namespace:    dynatrace
Labels:       controller.cert-manager.io/fao=true
Annotations:  cert-manager.io/alt-names: activegate.dynatrace.svc.cluster.local,activegate
              cert-manager.io/certificate-name: activegate-certificate
              cert-manager.io/common-name:
              cert-manager.io/ip-sans:
              cert-manager.io/issuer-group:
              cert-manager.io/issuer-kind: ClusterIssuer
              cert-manager.io/issuer-name: internaltraffic-ca-issuer
              cert-manager.io/uri-sans:

Type:  kubernetes.io/tls

Data
====
ca.crt:          680 bytes
keystore.p12:    2981 bytes
tls.crt:         1009 bytes
tls.key:         1679 bytes
truststore.p12:  903 bytes

server.crt in the dynatrace-formatted-secret = ca.crt on the activegate-certificate-tls
server.p12 in the dynatrace-formatted-secret = keystore.p12 on the activegate-certificate-tls

Describe alternatives you've considered
I've considered alternative methods of generating this secret by combining data from various in-cluster objects
@chrismuellner chrismuellner added the feature request Request for a non-existing feature label Sep 9, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 9, 2024

Thank you for opening a Dynatrace Operator Issue. We've identified and tagged the issue as a "Feature request".

Dynatrace reviews feature requests in the Dynatrace community rather than Github. This helps our team consolidate, rank, and prioritize important input like yours.

Please search for similar requests, collaborate, and ask questions using the link above. Remember to add the labels "kubernetes" and "dynatrace-operator" to help get the attention you deserve.

Thanks for your help!

@github-actions github-actions bot closed this as completed Sep 9, 2024
@wbagdon
Copy link
Author

wbagdon commented Sep 12, 2024

Please remove the feature request option, or update the text for the prefill if this isn't the right place for feature requests....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request Request for a non-existing feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wbagdon @chrismuellner