• Home
  • Deploy
  • Kubernetes
  • Guides
  • Networking, security and compliance
  • Add a custom certificate for ActiveGate

Add a custom certificate for ActiveGate

As part of getting started with Kubernetes monitoring, you might want to add a custom certificate for ActiveGate.

To add a custom certificate for ActiveGate

  1. Create a secret.

    bash
    kubectl -n dynatrace create secret generic dynakube-custom-certificate --from-file=server.p12 --from-literal=password=<password_to_server.p12> --from-file=server.crt
    bash
    oc -n dynatrace create secret generic dynakube-custom-certificate --from-file=server.p12 --from-literal=password=<password_to_server.p12> --from-file=server.crt

  2. In your custom resource, enable the tlsSecretName parameter and enter the name of the secret you created.

    yaml
    apiVersion: dynatrace.com/v1beta1
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
spec:
  apiUrl: https://FQDN/api
  activeGate:
    tlsSecretName: dynakube-custom-certificate
    capabilities:
      - kubernetes-monitoring

    HTTP clients connecting to the ActiveGate REST endpoint must trust provided certificates.