Deploy ActiveGate in Kubernetes/OpenShift as a StatefulSet
Dynatrace Operator manages the lifecycle of several Dynatrace components, including ActiveGate. If you can't use Dynatrace Operator, you can deploy ActiveGate directly as a StatefulSet. See below for instructions.
Prerequisites
-
Get your kube-system namespace UUID
Deploy ActiveGate
To deploy ActiveGate
- Create a dedicated namespace (Kubernetes)/project (OpenShift).
Depending on your platform, select one of the options below.
kubectl create namespace dynatrace
oc adm new-project --node-selector="" dynatrace
-
Create two secrets:
- A secret holding the environment URL and login credentials for this registry
- A secret for the ActiveGate authentication token
Example commands:
kubectl -n dynatrace create secret docker-registry dynatrace-docker-registry --docker-server=<YOUR_ENVIRONMENT_URL> --docker-username=<YOUR_ENVIRONMENT_ID> --docker-password=<YOUR_PAAS_TOKEN>
oc -n dynatrace create secret docker-registry dynatrace-docker-registry --docker-server=<YOUR_ENVIRONMENT_URL> --docker-username=<YOUR_ENVIRONMENT_ID> --docker-password=<YOUR_PAAS_TOKEN>
where you need to replace
-
<YOUR_ENVIRONMENT_URL>
with your environment URL (without 'http'). Example:{your-environment}.live.dynatrace.com
-
<YOUR_ENVIRONMENT_ID>
with the Docker account username (same as the ID in your environment URL above).
To determine your environment ID, see the syntax below.
SaaS: https://{your-environment-id}.live.dynatrace.com
Managed: https://{your-domain}/e/{your-environment-id}
<YOUR_PAAS_TOKEN>
with the PaaS token you created in Prerequisites
-
Create a service account and a cluster role.
Create a
kubernetes-monitoring-service-account.yaml
file with the following content. -
Apply the file.
kubectl apply -f kubernetes-monitoring-service-account.yaml
oc apply -f kubernetes-monitoring-service-account.yaml
-
Create a file named
ag-monitoring-and-routing.yaml
with the following content, making sure to replace<YOUR_ENVIRONMENT_URL>
with your value as described above.<YOUR_KUBE-SYSTEM_NAMESPACE_UUID>
with the Kubernetes namespace UUID obtained in Prerequisites.
-
Deploy ActiveGate.
kubectl apply -f ag-monitoring-and-routing.yaml
oc apply -f ag-monitoring-and-routing.yaml
Connect your Kubernetes clusters to Dynatrace
To get native Kubernetes metrics, you need to connect your clusters to Dynatrace.
To connect your clusters and enable monitoring, you have two options:
- Connect the containerized ActiveGate to a local Kubernetes API endpoint
- Connect the containerized ActiveGate to the public Kubernetes API URL
See below for instructions for both options.
Connect to a local Kubernetes API endpoint
ActiveGate version 1.229+
You can enable monitoring by connecting a containerized ActiveGate to a local Kubernetes API endpoint. For this, you only need to provide the unique Kubernetes cluster ID (the UUID of the kube-system namespace) in the Dynatrace web UI. The containerized ActiveGate then identifies the unique cluster ID and sends it over to Dynatrace.
To connect to a local Kubernetes API endpoint
-
In the Dynatrace menu, go to Kubernetes.
-
Select Connect manually.
-
On the Kubernetes cluster monitoring settings page, provide a Name, and then turn on Connect containerized ActiveGate to local Kubernetes API endpoint.
-
For Kubernetes cluster ID, enter the kube-system namespace UUID obtained in Prerequisites.
-
Select Save changes to save your configuration.
You can save your configuration even if the ActiveGate isn't ready to connect, and finish the configuration later. To verify if it's ready, select Test configuration.
Change monitoring settings
You can change monitoring settings at any time from your Kubernetes cluster details page.
- In the Dynatrace menu, go to Kubernetes.
- Find your Kubernetes cluster, and then select Actions > Settings.
- Adjust your settings, and then select Save changes.
Delete configuration
To delete the connection to a local Kubernetes API endpoint
- In the Dynatrace menu, go to Kubernetes.
- Find your Kubernetes cluster, and then select Actions > Settings.
- Select Use defaults, and then select Save changes.
Connect to the public Kubernetes API
To connect to the public Kubernetes API, follow the instructions that apply to your Kubernetes version:
Kubernetes version 1.24+
-
Get the Kubernetes API URL.
kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
oc config view --minify -o jsonpath='{.clusters[0].cluster.server}'
If you set
enableIstio
totrue
in the DynaKube custom resource, use the command below to get the Kubernetes API URL:kubectl -n default get svc/kubernetes -o jsonpath='https://{.spec.clusterIP}'
oc -n default get svc/kubernetes -o jsonpath='https://{.spec.clusterIP}'
-
Create a token secret named
token-secret.yaml
in the namespace where ActiveGate is running, with the following content:apiVersion: v1 kind: Secret metadata: name: dynatrace-activegate annotations: kubernetes.io/service-account.name: "dynatrace-activegate" type: kubernetes.io/service-account-token
-
Apply the file to create the
dynatrace-kubernetes-monitoring
secret.kubectl apply -n dynatrace -f token-secret.yaml
oc apply -n dynatrace -f token-secret.yaml
-
Get the bearer token.
kubectl get secret dynatrace-activegate -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
oc get secret dynatrace-activegate -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
-
In the Dynatrace menu, go to Kubernetes and select Connect manually.
-
On the Kubernetes cluster monitoring settings page, provide a Name, the Kubernetes API URL, and the Bearer token for the Kubernetes cluster.
-
Select Save changes.
Kubernetes version earlier than 1.24
-
Get the Kubernetes API URL.
kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
oc config view --minify -o jsonpath='{.clusters[0].cluster.server}'
-
Get the bearer token.
kubectl get secret $(kubectl get sa dynatrace-activegate -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
oc get secret $(oc get sa dynatrace-activegate -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
oc get secret $(oc get sa dynatrace-activegate -o jsonpath='{.secrets[1].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
-
In the Dynatrace menu, go to Kubernetes and select Connect manually.
-
Provide a Name, Kubernetes API URL target, and the Bearer token for the Kubernetes cluster.
For Rancher distributions, you need the bearer token that was created in Rancher web UI, as described in Special instructions for Rancher distributions above.
If you haven't installed a trusted certificate to your ActiveGate, make sure to clear the Require valid certificates for communication with the API server (recommended) checkbox.
- Select Save changes.
Once you connect your Kubernetes clusters to Dynatrace, you can get native Kubernetes metrics, like request limits, and differences in pods requested vs. running pods.
ActiveGate update behavior
ActiveGate is updated automatically on pod restart whenever there's a new version available, unless the image already specifies a certain version (for example, 1.273.1
).