Can I automatically apply tags to my OpenShift/Kubernetes application components?

Dynatrace allows you to automatically derive tags from your OpenShift or Kubernetes environment. This enables you to automatically organize and filter all your monitored OpenShift or Kubernetes application components.

Define your OpenShift labels

You can specify OpenShift labels in the Pod object definition of your application or you can update the labels of your OpenShift resources using the command oc label. Dynatrace automatically detects all labels attached to pods at application deployment time. All you have to do is grant sufficient privileges to read these metadata from the Kubernetes REST API endpoint that allows the listing or watching of Pod objects, as explained below:

Select the OpenShift project that hosts your application (assuming foo in the following examples):

$ oc project foo

In this project, create a service account named dynatrace:

$ oc create serviceaccount dynatrace

Allow the dynatrace service account to view metadata about your project via the OpenShift masters' REST API:

$ oc policy add-role-to-user view -z dynatrace

Add the dynatrace service account to the Kubernetes Pod configuration of your application:

kind: DeploymentConfig
apiVersion: v1
spec:
  ...
  template
    ...
    spec:
      containers: [...]
      ...
      serviceAccountName: dynatrace

Your OpenShift labels will be automatically attached as Kubernetes tags to all monitored OpenShift processes in your Dynatrace environment (see example below).

Define your Kubernetes labels

You can specify Kubernetes labels using, for example, the command kubectl label. Dynatrace automatically detects all labels attached to pods at application deployment time. All you have to do is grant sufficient privileges to read these metadata from the Kubernetes REST API endpoint that allows the listing or watching of Pod objects, as explained below:

Create a service account named dynatrace for your pod's namespace (foo in the example below):

$ kubectl create serviceaccount dynatrace -n foo

Allow the dynatrace service account to view metadata about your namespace and pod via the Kubernetes REST API:

$ kubectl create rolebinding viewer --clusterrole=view --serviceaccount=foo:dynatrace --namespace=foo

Add the dynatrace service account to your application's deployment:

apiVersion: apps/v1
kind: Deployment
spec:
  template:
    spec:
      containers: [...]
      serviceAccountName: dynatrace

Alternatively, you can also set the field .spec.serviceAccountName to dynatrace in your pod specification.

Your Kubernetes labels will be automatically attached as Kubernetes tags to all monitored Kuberenetes processes in your Dynatrace environment.

Automatic detection of Kubernetes properties and annotations

As OpenShift is based on Docker and Kubernetes, Dynatrace detects selected Kubernetes properties and annotations not only for Kubernetes environments but also for OpenShift environments. Such properties and annotations can be used when specifying automated rule-based tags or property-based process group detection rules:

  • Kubernetes base pod name: User-provided name of the pod the container belongs to.
  • Kubernetes container: Name of the container that runs the process.
  • Kubernetes full pod name: Full name of the pod the container belongs to.
  • Kubernetes namespace: Namespace to which the containerized process is assigned.
  • Kubernetes pod UID: Unique ID of the related pod.

Leverage Kubernetes tags in Dynatrace

Kubernetes tags are searchable via Dynatrace search. This allows you to easily find and inspect the monitoring results of related processes running in your OpenShift or Kubernetes environment. You can also leverage Kubernetes tags to set up fine-grained alerting profiles. Kubernetes tags also integrate perfectly with Dynatrace filters.