• Home
  • Setup and configuration
  • Set up Dynatrace on container platforms
  • Kubernetes
  • Get started with Kubernetes/OpenShift monitoring

Get started with Kubernetes/OpenShift monitoring

This page describes how to set up classic full-stack injection, cloud-native full-stack injection, and automatic application-only injection using Dynatrace Operator version 0.3.0+ on Kubernetes (with kubectl) and OpenShift (with oc).

  • For more information on the existing deployment options, see Deployment options on Kubernetes/OpenShift.
Existing users
  • If you already set up monitoring using an earlier version of Dynatrace Operator, we recommend that you upgrade to the latest Dynatrace Operator version.

  • If you already set up monitoring using OneAgent Operator, please see the instructions for migrating to Dynatrace Operator, as the OneAgent Operator procedure is deprecated.

    • For information about the Dynatrace Operator version changes, see Understand and configure the DynaKube custom resource.
Deprecated pages

Kubernetes:

  • Set up Kubernetes monitoring using Dynatrace Operator v.0.2.0
  • Set up Kubernetes monitoring using OneAgent Operator
  • Set up automatic application-only monitoring on Kubernetes using OneAgent Operator

OpenShift:

  • Set up Openshift monitoring using Dynatrace Operator v.0.2.0
  • Set up OpenShift monitoring using OneAgent Operator
  • Set up automatic application-only monitoring on OpenShift using OneAgent Operator

There are two ways to set up Dynatrace Operator to monitor your Kubernetes cluster:

  • The automated mode provides a simple setup with basic configuration using the Dynatrace web UI.

  • The manual mode allows complex configuration options.

See below for instructions.

Prerequisites

  • Kubernetes version 1.21+ or OpenShift version 4.7+
  • See Support lifecycle for Kubernetes or Support lifecycle for OpenShift for supported versions.
  • Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
  • For OpenShift (cloudNativeFullStack and applicationMonitoring with CSI driver deployments), you need to configure security context constraints (OpenShift).

Tokens and permissions required

  • Create an API token in your Dynatrace environment and enable the following permissions:

    • Access problem and event feed, metrics, and topology (API v1)
    • PaaS integration - Installer download
    • optional Dynatrace Operator version 0.4.0+ If you want Dynatrace Operator to automatically handle the connection to ActiveGate via public API for Kubernetes monitoring, be sure to also enable the following permissions:
      • Read entities (API v2)
      • Read settings (API v2)
      • Write settings (API v2)
  • Dynatrace Operator version 0.4.0+ For cloudNativeFullStack and applicationMonitoring deployments, in addition to the API token, you also need to generate a dataIngestToken token for metadata metric enrichment, and enable the Ingest metrics permission (API v2).

  • For OpenShift Dedicated, you need cluster-admin privileges.

Set up monitoring via Dynatrace Operator using the automated mode

  1. In the Dynatrace menu, go to Kubernetes.

  2. Select Connect automatically via Dynatrace Operator.

  3. On the Monitor Kubernetes/OpenShift page, follow the on-screen deployment instructions.

    • Enter a Name.

    • optional Enter a Group.

    • For Dynatrace Operator token, enter the API token you created in Prerequisites, or select Create token to have it automatically created for you.

    • optional For cloudNativeFullStack and applicationMonitoring deployments, enter the Data ingest token you created in Prerequisites, or select Create token to have it automatically created for you.

    • optional Select whether you want Dynatrace to check your SSL certificate.

      Note: The SSL certificate is only verified for the Dynatrace Operator API requests.

    • For GKE, Anthos, CaaS, TGKI, and IKS turn on Enable volume storage (required only for classicFullStack deployments).

  4. Under Kubernetes/OpenShift, select Download dynakube.yaml, then copy the code block created by Dynatrace based on your input from previous steps and run it in your terminal.

    Note: Be sure to execute the commands in the same directory where you downloaded the YAML, or adapt the commands to link to the location of the YAML.

  5. To see deployment status, select Show deployment status.

Set up monitoring via Dynatrace Operator using the manual mode

1. Create a dynatrace namespace (Kubernetes)/Add a dynatrace project (OpenShift)

Depending on your platform, select one of the options below.

bash
kubectl create namespace dynatrace
bash
oc adm new-project --node-selector="" dynatrace

2. Install Dynatrace Operator

Depending on your deployment type, select one of the following.

For classicFullStack, applicationMonitoring without CSI driver, and hostMonitoring when readonly is disabled, run the command below.

bash
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yaml
bash
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yaml
For `cloudNativeFullStack`, `applicationMonitoring` with CSI driver, and `hostMonitoring` when readonly isn't disabled

Run the commands below.

bash
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yaml kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes-csi.yaml
bash
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yaml oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift-csi.yaml

3. Wait for Dynatrace Operator components to finish initialization

Run the following command to see when Dynatrace Operator components finish initialization.

bash
kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s
bash
oc -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s

4. Create a secret holding your tokens

Depending on your deployment type, select one of the following.

For classicFullStack, create a secret named dynakube holding the API token obtained in Tokens and permissions required. Be sure to replace the placeholder (<...>) with your own value.

bash
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<API_TOKEN>"
bash
oc -n dynatrace create secret generic dynakube --from-literal="apiToken=API_TOKEN"
For `cloudNativeFullStack` and `applicationMonitoring`
Dynatrace Operator version 0.4.0+

Create a secret named dynakube holding both the API token and the dataIngestToken, see Tokens and permissions required. Be sure to replace the placeholders (<...>) with your own values.

bash
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<API_TOKEN>" --from-literal="dataIngestToken=<DATA_INGEST_TOKEN>"
bash
oc -n dynatrace create secret generic dynakube --from-literal="apiToken=<API_TOKEN>" --from-literal="dataIngestToken=<DATA_INGEST_TOKEN>"

5. Download a preconfigured DynaKube custom resource sample

Download one of the preconfigured DynaKube custom resource samples from GitHub, according to your monitoring approach.

6. Review the parameters

Review the available parameters, and adapt the DynaKube custom resource according to your requirements.

7. Review the available configuration options optional

Review the available configuration options for this integration:

  • Add a custom properties file
  • Add a custom certificate for ActiveGate
  • Configure proxy
  • Read-only file systems support
  • Configure monitoring for namespaces and pods
  • Import Kubernetes API certificates
  • Metadata metric enrichment
  • Enable AppArmor for enhanced security
  • High availability

8. Apply the DynaKube custom resource

Run the command below to apply the DynaKube custom resource, making sure to replace <your-DynaKube-CR> with your actual DynaKube custom resource file name. A validation webhook will provide helpful error messages if there's a problem.

bash
kubectl apply -f <your-DynaKube-CR>.yaml
bash
oc apply -f <your-DynaKube-CR>.yaml

Connect your Kubernetes cluster to Dynatrace

Some Kubernetes pages require that your Kubernetes cluster be connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects, such as pods and namespaces.

To deploy an ActiveGate in a container

  1. Set the ActiveGate values of the DynaKube configuration file according to the list of parameters.

    Note: To enable ActiveGate, in the ActiveGate section, add routing and/or kubernetes-monitoring to capabilities.

    Example:

    yaml
    activeGate: capabilities: - routing - kubernetes-monitoring ...
  2. Follow the instructions on how to activate ActiveGate on Kubernetes using Dynatrace Operator.

  • If you want to monitor several Kubernetes clusters with one ActiveGate and don't care about network isolation, you can install an ActiveGate on a virtual machine using a conventional installer to connect your clusters to Dynatrace.

Limitations

Dynatrace Operator doesn't support OpenShift version 3.11 or earlier.

Monitor large Kubernetes environments

Contact Dynatrace ONE if you want to monitor environments that are larger than:

  • 1,000 Kubernetes clusters per Dynatrace environment
  • 500 nodes per Kubernetes cluster
  • 50,000 pods per Kubernetes cluster

Update Dynatrace Operator

Depending on your deployment type, select one of the following.

For classicFullStack, applicationMonitoring without CSI driver, and hostMonitoring when readonly is disabled, run the command below.

bash
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yaml
bash
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yaml
For `cloudNativeFullStack`, `applicationMonitoring` with CSI driver, and `hostMonitoring` when readonly isn't disabled

Run the commands below.

bash
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yaml kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes-csi.yaml
bash
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yaml oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift-csi.yaml

Update OneAgent if automatic updates are disabled

By default, Dynatrace Operator handles OneAgent updates automatically. If you choose to disable automatic updates, and haven't set any standard OneAgent version in Dynatrace, you can manually update OneAgent by running the command below.

bash
kubectl -n dynatrace rollout restart daemonset/<DYNAKUBE>-oneagent
bash
oc -n dynatrace rollout restart daemonset/<DYNAKUBE>-oneagent

Uninstall Dynatrace Operator

Depending on your deployment type, select one of the following.

For classicFullStack and applicationMonitoring without CSI driver, run the command below.

bash
kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yaml
bash
oc delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yaml
`cloudNativeFullStack` and `applicationMonitoring` with CSI driver

Follow the steps below.

  1. Remove DynaKube custom resources and clean up all remaining Dynatrace Operator–specific objects.
bash
kubectl delete dynakube --all -n dynatrace
bash
oc delete dynakube --all -n dynatrace
  1. Wait until Dynatrace Operator components have been deleted.
bash
kubectl -n dynatrace wait pod --for=condition=delete --selector=app.kubernetes.io/name=oneagent,app.kubernetes.io/managed-by=dynatrace-operator --timeout=300s
bash
oc -n --for=condition=delete --selector=app.kubernetes.io/name=oneagent,app.kubernetes.io/managed-by=dynatrace-operator --timeout=300s
  1. Restart your monitored applications.

  2. Uninstall Dynatrace Operator and delete the Dynatrace namespace/project.

bash
kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes-csi.yaml kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yaml kubectl delete namespace dynatrace
bash
oc delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift-csi.yaml oc delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yaml oc delete project dynatrace

Alternative deployments

Besides the main deployment of Dynatrace Operator on Kubernetes via kubectl and OpenShift via oc, you have the following alternatives, depending on your needs.

  • Set up Kubernetes/OpenShift monitoring with Helm
  • Set up application-only monitoring (automatic/pod runtime/container build-time)
  • Set up Kubernetes/OpenShift monitoring with DaemonSet
  • Set up OpenShift monitoring via OperatorHub

Other configuration options

  • Deployment options on Kubernetes/OpenShift
  • DynaKube parameters for Dynatrace Operator on Kubernetes/OpenShift
  • Configuration options for Dynatrace Operator on Kubernetes/OpenShift
  • Migrate from OneAgent Operator to Dynatrace Operator on Kubernetes/OpenShift
Related topics
  • Kubernetes/OpenShift monitoring

    Monitor Kubernetes/OpenShift with Dynatrace.

  • Technology support

    Find technical details related to Dynatrace support for specific platforms and development frameworks.

  • Kubernetes cluster and workload monitoring