• Home
  • Setup and configuration
  • Set up Dynatrace on container platforms
  • Kubernetes
  • Enable Kubernetes/OpenShift API monitoring
  • Connect your Kubernetes/Openshift clusters to Dynatrace

Connect your Kubernetes/Openshift clusters to Dynatrace

Dynatrace version 1.232+

Dynatrace Operator manages the lifecycle of several Dynatrace components such as OneAgent and Kubernetes API Monitor. The DynaKube custom resource (CR) replaces the OneAgent custom resource. The DynaKube CR can deploy different ActiveGate pods to your Kubernetes cluster. You need to deploy a different ActiveGate for each module. See ActiveGate purposes for details.

Some Kubernetes pages require that your Kubernetes clusters be connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects such as pods and namespaces.

To connect your clusters and enable monitoring, you have two options:

  • Connect the containerized ActiveGate to a local Kubernetes API endpoint
  • Connect the containerized ActiveGate to the public Kubernetes API URL

See below for instructions for both options.

Connect to a local Kubernetes API endpoint

ActiveGate version 1.229+

You can enable monitoring by connecting a containerized ActiveGate to a local Kubernetes API endpoint. Depending on your Dynatrace Operator version, there are two ways to connect to the local Kubernetes API endpoint.

  • Dynatrace Operator version 0.4+: Dynatrace Operator automatically handles the connection to the local Kubernetes API endpoint.
  • Dynatrace Operator versions earlier than v0.4.0: you need to configure the connection manually.

See below for details on both methods.

Dynatrace Operator version 0.4.0+

To connect automatically to the local Kubernetes API endpoint

  1. Apart from the prerequisites needed for setting up monitoring, make sure to also enable the Read entities, Read settings, and Write settings permissions (API v2) for your API token.
  2. Make sure that you have the kubernetes-monitoring capability enabled in your DynaKube custom resource.
  3. Add the following annotation (see example below), then apply your configuration.
yaml
apiVersion: dynatrace.com/v1beta1
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
  annotations:
    feature.dynatrace.com/automatic-kubernetes-api-monitoring: "true"
spec:
  ...
   activeGate:
     capabilities:
       - kubernetes-monitoring

To disable the configuration, remove the annotation.

To connect to a local Kubernetes API endpoint manually, you only need to provide the unique Kubernetes cluster ID (the uuid of the kube-system namespace) in Dynatrace web UI. The containerized ActiveGate then identifies the unique cluster ID and sends it over to Dynatrace.

1. Get the Kubernetes cluster ID

Run the command below and grab the UID from the output.

sh
kubectl get namespace kube-system -o jsonpath='{.metadata.uid}'
sh
oc get namespace kube-system -o jsonpath='{.metadata.uid}'

2. Provide the Kubernetes cluster ID in the Dynatrace web UI

  1. In the Dynatrace menu, go to Kubernetes.
  2. Select Connect manually.
  3. On the Kubernetes cluster monitoring settings page, provide a Name, and then turn on Connect containerized ActiveGate to local Kubernetes API endpoint.
  4. For Kubernetes cluster ID, enter the UID obtained earlier.
  5. Select Save changes to save your configuration. Note: You can save your configuration even if the ActiveGate isn't ready to connect, and finish the configuration later. To verify if it's ready, select Test configuration.

Change monitoring settings

You can change monitoring settings at any time from your Kubernetes cluster details page.

  1. In the Dynatrace menu, go to Kubernetes.
  2. Find your Kubernetes cluster, and then select Actions > Settings.
  3. Adjust your settings, and then select Save changes.

Delete configuration

To delete the connection to a local Kubernetes API endpoint

  1. In the Dynatrace menu, go to Kubernetes.
  2. Find your Kubernetes cluster, and then select Actions > Settings.
  3. Select Use defaults, and then select Save changes.

Connect to the public Kubernetes API

To connect to the public Kubernetes API

  1. Get the Kubernetes API URL.
bash
kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
bash
oc config view --minify -o jsonpath='{.clusters[0].cluster.server}'

Note: If you set enableIstio to true in the DynaKube custom resource, use the command below to get the Kubernetes API URL:

bash
kubectl -n default get svc/kubernetes -o jsonpath='https://{.spec.clusterIP}'
bash
oc -n default get svc/kubernetes -o jsonpath='https://{.spec.clusterIP}'
  1. Get the bearer token.
bash
kubectl get secret $(kubectl get sa dynatrace-kubernetes-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
bash
oc get secret $(oc get sa dynatrace-kubernetes-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
bash
oc get secret $(oc get sa dynatrace-kubernetes-monitoring -o jsonpath='{.secrets[1].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
Special instructions for Rancher distributions to get the API URL and the bearer token

For Rancher distributions of Kubernetes, you need to use the bearer token and API URL of the Rancher server, because this server manages and secures traffic to the Kubernetes API server. Follow the steps below.

  1. Get the Kubernetes API URL.
bash
kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'

  1. Configure a user.
    In the Rancher web UI, either create a new user or use an existing user to associate with the token. We recommend creating a new user.

  2. Set permissions.
    Make sure the user has either Owner or Custom permissions to the cluster you want to monitor.

Recommended: select Custom permissions, and be sure to select these two roles: View all Projects and View Nodes.

  1. Create an API key.
    Go to API & Keys and create a key either for your specific account (enter your cluster name) or for all clusters (enter No scope). For security reasons, we recommend selecting the first option.

Note: Newly created keys display four fields. Make sure to use the content of the field called Bearer token to set up the connection to the Kubernetes API described in the next section.

  1. In the Dynatrace menu, go to Kubernetes.
  2. Select Connect manually.
  3. On the Kubernetes cluster monitoring settings page, provide a Name, the Kubernetes API URL, and the Bearer token for the Kubernetes cluster.

Note: For Rancher distributions, you need the bearer token that was created in the Rancher web UI, as described in Special instructions for Rancher distributions to get the API URL and the bearer token above.

  1. Select Connect to save your configuration.

ActiveGate update behavior

ActiveGate is updated automatically on pod restart whenever there is a new version available, unless the image version is specified in cr.yaml.

Related topics
  • Kubernetes/OpenShift monitoring

    Monitor Kubernetes/OpenShift with Dynatrace.