Deploy OneAgent on OpenShift Container Platform

For full-stack monitoring of OpenShift clusters, you need to roll-out Dynatrace OneAgent on each cluster node using OneAgent Operator for OpenShift 3.9 or higher. For OpenShift 3.7 or lower, you need to deploy the DaemonSet.

Prepare Dynatrace tokens for OneAgent Operator

The OneAgent Operator requires two different tokens for interacting with Dynatrace servers. These two tokens are made available to OneAgent Operator by means of a Kubernetes secret as explained at a later step.

  1. Get an API token for the Dynatrace API. This token is later referenced as API_TOKEN.
  2. Get a Platform-as-a-Service token. This token is later referenced as PAAS_TOKEN.

Install OneAgent Operator

Create the necessary objects for OneAgent Operator. OneAgent Operator acts on its separate project dynatrace. It holds the operator deployment and all dependent objects like permissions, custom resources and the corresponding DaemonSet. You can also observe the logs of OneAgent Operator.

$ LATEST_RELEASE=$(curl -s | grep tag_name | cut -d '"' -f 4)
$ oc create -f$LATEST_RELEASE/deploy/openshift.yaml
$ oc -n dynatrace logs -f deployment/dynatrace-oneagent-operator

Create the secret holding API and PaaS tokens for authenticating to the Dynatrace cluster. The name of the secret is important in a later step when you configure the custom resource (.spec.tokens). In the following code-snippet the name is oneagent. Be sure to replace API_TOKEN and PAAS_TOKEN with the values explained above.

$ oc -n dynatrace create secret generic oneagent --from-literal="apiToken=API_TOKEN" --from-literal="paasToken=PAAS_TOKEN"

Save the following custom resource snippet to a file cr.yaml. The rollout of Dynatrace OneAgent is governed by a custom resource of type OneAgent.

Alternatively, you can use the snippet from the GitHub repository.

$ curl -o cr.yaml$LATEST_RELEASE/deploy/cr.yaml

Adapt the values of the custom resource as indicated in the following table.

Parameter Description Default value
apiUrl Dynatrace SaaS: Replace ENVIRONMENTID with your Dynatrace environment ID in
Dynatrace Managed: Provide your Dynatrace Server URL (https://<YourDynatraceServerURL>/e/<ENVIRONMENTID>/api)
tokens Name of the secret that holds the API and PaaS tokens from above. Name of custom resource ( if unset
image Define the OneAgent image to be taken. Defaults to the publicly available OneAgent image on Docker Hub. In order to use the certified OneAgent image from Red Hat Container Catalog you need to set .spec.image to in the custom resource and provide image pull secrets as shown in the next step. if unset
args Parameters to be passed to the OneAgent installer. All the command line parameters of the installer are supported, with the exception of INSTALL_PATH. We recommend to set APP_LOG_CONTENT_ACCESS=1 []

Provide the image pull secret in case you set .spec.image to

$ oc -n dynatrace create secret docker-registry redhat-connect --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
$ oc -n dynatrace create secret docker-registry redhat-connect-sso --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
$ oc -n dynatrace secrets link dynatrace-oneagent redhat-connect --for=pull
$ oc -n dynatrace secrets link dynatrace-oneagent redhat-connect-sso --for=pull

Create the custom resource.

$ oc create -f cr.yaml


The same limitations apply as when deploying OneAgent as a Docker container, except the auto-update. The operator makes sure OneAgents are properly updated.