Containerized ActiveGate volumes
While running, the ActiveGate container writes data to certain directories within the root filesystem.
Writeable directories
| Purpose of directory | Default path |
|---|---|
ActiveGate configuration |
|
ActiveGate SSL directory |
|
ActiveGate temporary files |
|
ActiveGate logs |
|
Environment data |
|
Dump files uploaded to ActiveGate by OneAgent |
|
ActiveGate temporary files |
|
Size requirements
See ActiveGate directories for estimated size requirements for each directory.
Hardened security
The ActiveGate example deployment has been hardened to minimize potential attacks: securityContext.readOnlyRootFilesystem is set to true.
This prevents the container from modifying any image content, so directories need to be set up using volumes.
Security context
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefaultVolumes
volumeMounts:
- name: server-certs-storage
mountPath: /var/lib/dynatrace/gateway/ssl
- name: ag-lib-gateway-config
mountPath: /var/lib/dynatrace/gateway/config
- name: ag-lib-gateway-temp
mountPath: /var/lib/dynatrace/gateway/temp
- name: ag-lib-gateway-data
mountPath: /var/lib/dynatrace/gateway/data
- name: ag-log-gateway
mountPath: /var/log/dynatrace/gateway
- name: ag-tmp-gateway
mountPath: /var/tmp/dynatrace/gatewayRefer to ActiveGate storage requirements for volume sizing.