• Home
  • How to use Dynatrace
  • Infrastructure Monitoring
  • Cloud platform monitoring
  • Google Cloud Platform
  • Alternative deployment scenarios
  • Set up the Dynatrace GCP log and metric integration on an existing GKE cluster

Set up the Dynatrace GCP log and metric integration on an existing GKE cluster

Dynatrace version 1.230+

As an alternative to the main deployment, where the deployment script runs in a new automatically created GKE Autopilot cluster, you can choose to run the deployment script on an existing standard GKE or GKE Autopilot cluster. In this scenario, you will set up Google Cloud Platform monitoring for metrics and logs in Google Cloud Shell. During setup, a new Pub/Sub subscription will be created. GKE will run two containers: a metric forwarder and a log forwarder. After installation, you'll get metrics, logs, dashboards, and alerts for your configured services in Dynatrace.

For other deployment options, see Alternative deployment scenarios.

Dynatrace version 1.230+

This page describes how to install version 1.0 of the GCP integration on a GKE cluster.

  • If you already have an earlier version installed, you need to migrate.

Prerequisites

To deploy the integration, you need to make sure the following requirements are met:

GCP permissions

Running the deployment script requires a list of permissions. You need to create a custom role (see below) and use it to deploy dynatrace-gcp-function.

  1. Create a YAML file named dynatrace-gcp-function-helm-deployment-role.yaml with the following content:
dynatrace-gcp-function-helm-deployment-role.yaml
yaml
title: Dynatrace GCP Function helm deployment role
description: Role for Dynatrace GCP function helm and pubsub deployment
stage: GA
includedPermissions:
  - container.clusters.get
  - container.configMaps.create
  - container.configMaps.delete
  - container.configMaps.get
  - container.configMaps.update
  - container.deployments.create
  - container.deployments.delete
  - container.deployments.get
  - container.deployments.update
  - container.namespaces.create
  - container.namespaces.get
  - container.pods.get
  - container.pods.list
  - container.replicaSets.create
  - container.replicaSets.get
  - container.replicaSets.getScale
  - container.replicaSets.getStatus
  - container.replicaSets.list
  - container.secrets.create
  - container.secrets.delete
  - container.secrets.get
  - container.secrets.list
  - container.secrets.update
  - container.serviceAccounts.create
  - container.serviceAccounts.delete
  - container.serviceAccounts.get
  - container.services.create
  - container.services.delete
  - container.services.get
  - container.statefulSets.create
  - container.statefulSets.delete
  - container.statefulSets.get
  - container.statefulSets.update
  - iam.roles.create
  - iam.roles.list
  - iam.roles.update
  - iam.serviceAccounts.actAs
  - iam.serviceAccounts.create
  - iam.serviceAccounts.getIamPolicy
  - iam.serviceAccounts.list
  - iam.serviceAccounts.setIamPolicy
  - pubsub.subscriptions.create
  - pubsub.subscriptions.get
  - pubsub.subscriptions.list
  - pubsub.topics.attachSubscription
  - pubsub.topics.create
  - pubsub.topics.getIamPolicy
  - pubsub.topics.list
  - pubsub.topics.setIamPolicy
  - pubsub.topics.update
  - resourcemanager.projects.get
  - resourcemanager.projects.getIamPolicy
  - resourcemanager.projects.setIamPolicy
  - serviceusage.services.enable
  - serviceusage.services.get
  1. Run the command below, replacing <your_project_ID> with the project ID where you want to deploy the Dynatrace integration.
bash
gcloud iam roles create dynatrace_function.helm_deployment --project=<your_project_ID> --file=dynatrace-gcp-function-helm-deployment-role.yaml

Note: Be sure to add this role to your GCP user. For details, see Grant or revoke a single role.

GCP settings

The location where you deploy the integration determines whether you need make any additional settings.

Deploy on an existing GKE Autopilot cluster

If you deploy the integration on an existing GKE Autopilot cluster, you don't need to make any additional settings.

Deploy on an existing GKE standard cluster

If you deploy the integration on an existing GKE standard cluster, you need to

  • Enable Workload Identity on a cluster
  • Enable GKE_METADATA on the GKE node pools

Configure log export

  1. Run the following shell script in the GCP project you've selected for deployment.

Note: Be sure to replace <your-subscription-name> and <your-topic-name> with your own values.

wget https://raw.githubusercontent.com/dynatrace-oss/dynatrace-gcp-function/master/scripts/deploy-pubsub.sh
chmod +x deploy-pubsub.sh
./deploy-pubsub.sh --topic-name <your-topic-name> --subscription-name <your-subscription-name>
  1. Configure log export to send the desired logs to the GCP Pub/Sub topic created above.

Dynatrace permissions

You need to create a token with a set of permissions.

  1. In the Dynatrace menu, go to Access tokens.
  2. Select Generate new token.
  3. Enter a name for your token.
  4. Under Template, select GCP Services Monitoring.
  5. Select Generate.
  6. Copy the generated token to the clipboard. Store the token in a password manager for future use.

Alternatively, you can create the token and add permissions manually.

Add manually

Create an API token and enable the following permissions:

  • API v1:
    • Read configuration
    • Write configuration
  • API v2:
    • Ingest metrics
    • Read extensions
    • Write extensions
    • Read extensions monitoring configuration
    • Write extensions monitoring configuration
    • Read extensions environment configuration
    • Write extensions environment configuration
    • Ingest logs

Log ingestion

  • If you are using Log Monitoring v1, enable the latest version of Dynatrace log monitoring

  • Determine where log ingestion will be performed, according to your deployment. This distinction is important when configuring the parameters for this integration.

    • For SaaS deployments: SaaS log ingest, where log ingestion is performed directly through the Cluster API. recommended

    • For Managed deployments: You have two options:

      • Have the installation script create a dedicated ActiveGate for log ingestion - requires you to create a PaaS token

      • Use an existing ActiveGate for log ingestion

Install

Complete the steps below to finish your setup.

1. Download the Helm deployment package in Google Cloud Shell 

bash
wget -q "https://github.com/dynatrace-oss/dynatrace-gcp-function/releases/latest/download/helm-deployment-package.tar"; tar -xvf helm-deployment-package.tar; chmod +x helm-deployment-package/deploy-helm.sh

2. Configure parameter values

  1. The Helm deployment package contains a values.yaml file with the necessary configuration for this deployment. Go to helm-deployment-package/dynatrace-gcp-functionand edit the values.yaml file, setting the required and optional parameter values as follows.
Parameter nameDescriptionDefault value
gcpProjectIdrequired The ID of the GCP project you've selected for deployment.Your current project ID
deploymentTyperequired Leave to 'all'.all
dynatraceAccessKeyrequired Your Dynatrace API token with the required permissions.
dynatraceUrlrequired Your environment URL (https://<your-environment-id>.live.dynatrace.com).
Note: To determine <your-environment-id>, see environment ID.
logsSubscriptionIdrequired The ID of your log Sink Pub/Sub subscription. For details, see Configure log export. .
dynatraceLogIngestUrlrequired Required only for SaaS log ingestion, or for Managed log ingestion with an existing ActiveGate.
For SaaS log ingestion, it's your environment URL (https://<your_environment_ID>.live.dynatrace.com)
For Managed with an existing ActiveGate, it's the URL of your ActiveGate (https://<your_activegate_IP_or_hostname>:9999/e/<your_environment_ID>)
Note: To determine <your-environment-id>, see environment ID.
activeGate.useExistingrequired Leave to true for SaaS log ingestion, or for Managed log ingestion with an existing ActiveGate. For Managed log ingestion with a new ActiveGate, set this value to false.true
activeGate.dynatracePaasTokenoptional Your PaaS token. Required only for Managed log ingestion with a new ActiveGate.
requireValidCertificateoptional If set to true, Dynatrace requires the SSL certificate of your Dynatrace environment. For SaaS log ingestion, we recommend leaving the default value. For Managed log ingestion with a new ActiveGate, we recommend setting this value to false.true
selfMonitoringEnabledoptional Send custom metrics to GCP to quickly diagnose if dynatrace-gcp-function processes and sends metrics/logs to Dynatrace properly. For details, see Self-monitoring metrics for the Dynatrace GCP integration.false
serviceAccountoptional Name of the service account to be created.
dockerImageoptionalDynatrace GCP function Docker image. We recommend using the default value, but you can adapt it if needed.dynatrace/dynatrace-gcp-function:v1-latest
logIngestContentMaxLengthoptional The maximum content length of a log event. Should be the same as or lower than the setting on your Dynatrace environment.8192
logIngestAttributeValueMaxLengthoptional The maximum length of the log event attribute value. If it exceeds the server limit, content will be truncated.250
logIngestRequestMaxEventsoptional The maximum number of log events in a single payload to the logs ingestion endpoint. If it exceeds the server limit, payload will be rejected with code 413.5000
logIngestRequestMaxSizeoptional The maximum size in bytes of a single payload to the logs ingestion endpoint. If it exceeds the server limit, payload will be rejected with code 413.1048576
logIngestEventMaxAgeSecondsoptional Determines the maximum age of a forwarded log event. Should be the same as or lower than the setting on your Dynatrace environment.86400
printMetricIngestInputoptional If set to true, the function outputs the lines of metrics to stdout.false
serviceUsageBookingoptional Service usage booking is used for metrics and determines a caller-specified project for quota and billing purposes. If set to source, monitoring API calls are booked in the project where the Kubernetes container is running. If set to destination, monitoring API calls are booked in the project that is monitored. For details, see Monitor multiple GCP projects - Step 4.source
useProxyoptional Depending on the value you set for this flag, the function will use the following proxy settings: Dynatrace (set to DT_ONLY), GCP API (set to GCP_ONLY), or both (set to ALL).By default, proxy settings are not used.
httpProxyoptional The proxy HTTP address; use this flag in conjunction with USE_PROXY.
httpsProxyoptional The proxy HTTPS address; use this flag in conjunction with USE_PROXY.
gcpServicesYamloptional Configuration file for GCP services.
queryIntervaloptional Metrics polling interval in minutes. Allowed values: 1 - 63
  1. Choose which services you want Dynatrace to monitor.

By default, the Dynatrace GCP integration starts monitoring a series of selected services. Uncomment any additional services you want Dynatrace to monitor in the values.yaml file.

Note: For DDU consumption information, see Monitoring consumption.

3. Connect your Kubernetes cluster

To connect to your existing GKE standard cluster or existing GKE Autopilot cluster, run the command below, making sure to replace

  • <cluster> with your cluster name
  • <region> with the region where your cluster is running
  • <project> with the project ID where your cluster is running
sh
gcloud container clusters get-credentials <cluster> --region <region> --project <project>

For details, see Configuring cluster access for kubectl.

4. Run the deployment script

The deployment script will create an IAM service account with the necessary roles and deploy dynatrace-gcp-function to your GKE cluster.

You have two options:

  • Run the deployment script without parameters if you want to use the default values provided (dynatrace-gcp-function-sa for the IAM service account name and dynatrace_function for the IAM role name prefix):
bash
cd helm-deployment-package
./deploy-helm.sh
  • Run the deployment script with parameters if you want to set your own values (be sure to replace the placeholders with your desired values):
bash
cd helm-deployment-package
./deploy-helm.sh [--role-name <role-to-be-created/updated>]

Verify installation

To check whether installation was successful

  1. Check if the container is running.

    Note: After the installation, it may take couple of minutes until the container is up and running.

    kubectl -n dynatrace get pods

  2. Check the container logs for errors or exceptions. You have two options:

Run the following commands.

kubectl -n dynatrace logs -l app=dynatrace-gcp-function -c dynatrace-gcp-function-metrics
kubectl -n dynatrace logs -l app=dynatrace-gcp-function -c dynatrace-gcp-function-logs

To check the container logs for errors in your GCP console

  1. Go to Logs explorer.
  2. Use the filters below to get metric and/or log ingest logs from the Kubernetes container:
    • resource.type="k8s_container"
    • resource.labels.container_name="dynatrace-gcp-function-metrics" (for metric ingest logs)
    • resource.labels.container_name="dynatrace-gcp-function-logs" (for log ingest logs)

  1. Check if dashboards are imported.

    In the Dynatrace menu, go to Dashboards and filter by Tag for Google Cloud. A number of dashboards for Google Cloud Services should be available.

Enable alerting

To activate alerting, you need to enable custom events for alerting in Dynatrace.

To enable custom events

  1. In the Dynatrace menu, go to Settings.
  2. In Anomaly detection, select Custom events for alerting.
  3. Filter for GCP alerts and turn on On/Off for the alerts you want to activate.

View metrics and logs

After deploying the integration, depending on your deployment type, you can:

  • See metrics from monitored services: in the Dynatrace menu, go to Metrics and filter by gcp.
  • View and analyze GCP logs: in the Dynatrace menu, go to Logs and, to look for GCP logs, filter by cloud.provider: gcp.

View enabled services

The list of currently enabled services can be found in the cluster's ConfigMap named dynatrace-gcp-function-config.

Add or remove services

To add or remove monitored services, follow the steps below.

  1. Edit values.yaml by commenting or uncommenting configuration blocks corresponding to specific services. Note: If you already deleted the deployment package and don't have the original values.yaml file anymore, you can use a new one. In this case, the new file will override your previous configuration, so make sure not to accidentally disable monitoring of previously monitored services.
  2. Update monitored services by running the script below. 
    bash
    cd helm-deployment-package
./deploy-helm.sh --upgrade-extensions
  3. If you removed services from monitoring, find the relevant extensions in your Dynatrace Hub (in the Dynatrace menu, go to Extensions) and delete them to remove service-specific assets (dashboards, alerts, etc).

Example

In the following example

  • The gae_instance service is disabled.
  • For the gce_instance service, only two feature sets are enabled: default_metrics and istio.
yaml
# Google App Engine Instance
    #- service: gae_instance
    #  featureSets:
    #    - default_metrics
    #  vars:
    #    filter_conditions: ""
    # Google VM Instance
    - service: gce_instance
      featureSets:
        - default_metrics
    #    - agent
    #    - firewallinsights
        - istio
    #    - uptime_check
      vars:
        filter_conditions: ""

For a complete list of the GCP supported services, see Google Cloud Platform supported service metrics.

Change deployment settings

  • To change the deployment type (all, metrics, or logs), see Change deployment type.
  • To change which services are monitored, see Add or remove services.
  • To change other settings in values.yaml, see Change parameters from values.yaml.

Change parameters from values.yaml

To load a new values.yaml file, you need to upgrade your Helm release.

To update your Helm release

  1. Find out what helm release version you're using.

    helm ls -n dynatrace

  2. Run the command below, making sure to replace <your-helm-release> with the value from the previous step.

    helm upgrade <your-helm-release> dynatrace-gcp-function -n dynatrace

For details, see Helm upgrade.

Change deployment type

To change the deployment type (all, metrics, or logs)

  1. Find out what Helm release version you're using.

    helm ls -n dynatrace

  2. Uninstall the release.

    Note: Be sure to replace <your-helm-release> with the release name from the previous output.

    helm uninstall <your-helm-release> -n dynatrace

  3. Edit deploymentType in values.yaml with the new value and save the file.

  4. Run the deployment command again. For details, see Run the deployment script.

Troubleshoot

To investigate potential deployment and connectivity issues

  1. Verify installation
  2. Enable self-monitoring optional
  3. Check the dynatrace_gcp_<date_time>.log log file created during the installation process.
  • This file will be created each time the installation script runs.
  • The debug information won't contain sensitive data such as the Dynatrace access key.
  1. If you are contacting Dynatrace ONE:
    • Make sure to provide the dynatrace_gcp_<date_time>.log log file described in the previous step.
    • Provide version information.
      • For issues during installation, check the version.txt file.
      • For issues during runtime, check container logs.

Uninstall

  1. Find out what Helm release version you're using.
helm ls -n dynatrace
  1. Uninstall the release.

Note: Be sure to replace <your-helm-release> with the release name from the previous output.

helm uninstall <your-helm-release> -n dynatrace

Alternatively, you can delete the namespace.

bash
kubectl delete namespace dynatrace
  1. To remove all monitoring assets (dashboards, alerts, etc) from Dynatrace, you need to remove all GCP extensions.

To remove an extension

  1. In the Dynatrace menu, go to Extensions and search for the GCP extensions.
  2. Select an extension you want to remove, and then select the trash icon in the Actions column to remove it.

Repeat the procedure until you remove all GCP extensions.

Monitoring consumption

Metric ingestion

All cloud services consume DDUs. The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs). For details, see Extending Dynatrace (Davis data units).

Log ingestion

DDU consumption applies to cloud Log Monitoring. See DDUs for Log Monitoring for details.

Related topics
  • Google Cloud Platform monitoring

    Monitor Google Cloud Platform with Dynatrace.