cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Kubernetes cluster monitoring: Setup issue

Hello,

I have issue to make my ACtiveGAte communicate properly with the K8S cluster API.

I keep getting meesage "There was an error with the TLS handshake. Check out the documentation for further information. "

I have identified SSL exception in the logfile.

2019-08-27 09:18:42 UTC INFO [<mhs48859>] [KubernetesFastCheck] Fastcheck failed for endpoint https://ff-hp-aks-f06197f7.hcp.westeurope.azmk8s.io/api with SSL exception sun.secu

rity.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targe

t [Suppressing further identical messages for 3600000 ms]

What need to be done to be sure that the ACtiveGAte is not blocked anymore by this Security check ?


TIA

Jerome


3 REPLIES 3

skrystosik
DynaMight Guru
DynaMight Guru

I think this is because ActiveGate can’t accept certificate you have on K8s. If it’s self signed or local it is possible to have issues like that. You need to add root certificate to AG, then everything should work fine:

https://www.dynatrace.com/support/help/setup-and-configuration/dynatrace-activegate/configuration/co...

Article above covers this topic. We’ve had same issues and this helped.

Sebastian


Regards, Sebastian

Hi @Sebastian K.

Facing the same certification issue:

We have the most of our active gates on-premise, and it seems the Azure Kubernetes cluster's Kube-API server is not reachable from the active gates.

1. Could you please help me understand what kind of connectivity needs to be setup between the active gate and the KubeAPIServer OR between the ActiveGate and OneAgent PODs? I did not see this is not mentioned in documentation anywhere.

2. I am afraid if this shall require any modification at cluster level, would be hard to convince. What needs be done?

regards,

Rajesh

Anonymous
Not applicable

You can disable the SSL Validation at the moment you setup the K8 Connection, is not the best... but is something. You also need to be able to reach the API endpoint of the K8.


Featured Posts