Get started with Kubernetes/OpenShift monitoring
This page describes how to set up classic full-stack injection, cloud-native full-stack injection, and automatic application-only injection using Dynatrace Operator version 0.3.0+ on Kubernetes (with kubectl) and OpenShift (with oc).
- For more information on the existing deployment options, see Deployment options on Kubernetes/OpenShift.
-
If you already set up monitoring using an earlier version of Dynatrace Operator, we recommend that you upgrade to the latest Dynatrace Operator version.
-
If you already set up monitoring using OneAgent Operator, please see the instructions for migrating to Dynatrace Operator, as the OneAgent Operator procedure is deprecated.
- For information about the Dynatrace Operator version changes, see Understand and configure the DynaKube custom resource.
There are two ways to set up Dynatrace Operator to monitor your Kubernetes cluster:
-
The automated mode provides a simple setup with basic configuration using the Dynatrace web UI.
-
The manual mode allows complex configuration options.
See below for instructions.
Prerequisites
- Kubernetes version 1.21+ or OpenShift version 4.7+
- See Support lifecycle for Kubernetes or Support lifecycle for OpenShift for supported versions.
- Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
- For OpenShift (
cloudNativeFullStackandapplicationMonitoringwith CSI driver deployments), you need to configure security context constraints (OpenShift).
Tokens and permissions required
-
Create an API token in your Dynatrace environment and enable the following permissions:
- Access problem and event feed, metrics, and topology (API v1)
- PaaS integration - Installer download
- optional Dynatrace Operator version 0.4.0+ If you want Dynatrace Operator to automatically handle the connection to ActiveGate via public API for Kubernetes monitoring, be sure to also enable the following permissions:
- Read entities (API v2)
- Read settings (API v2)
- Write settings (API v2)
-
Dynatrace Operator version 0.4.0+ For
cloudNativeFullStackandapplicationMonitoringdeployments, in addition to the API token, you also need to generate adataIngestTokentoken for metadata metric enrichment, and enable the Ingest metrics permission (API v2). -
For OpenShift Dedicated, you need cluster-admin privileges.
Set up monitoring via Dynatrace Operator using the automated mode
-
In the Dynatrace menu, go to Kubernetes.
-
Select Connect automatically via Dynatrace Operator.
-
On the Monitor Kubernetes/OpenShift page, follow the on-screen deployment instructions.
-
Enter a Name.
-
optional Enter a Group.
-
For Dynatrace Operator token, enter the API token you created in Prerequisites, or select Create token to have it automatically created for you.
-
optional For
cloudNativeFullStackandapplicationMonitoringdeployments, enter the Data ingest token you created in Prerequisites, or select Create token to have it automatically created for you. -
optional Select whether you want Dynatrace to check your SSL certificate.
Note: The SSL certificate is only verified for the Dynatrace Operator API requests.
-
For GKE, Anthos, CaaS, TGKI, and IKS turn on Enable volume storage (required only for
classicFullStackdeployments).
-
-
Under Kubernetes/OpenShift, select Download dynakube.yaml, then copy the code block created by Dynatrace based on your input from previous steps and run it in your terminal.
Note: Be sure to execute the commands in the same directory where you downloaded the YAML, or adapt the commands to link to the location of the YAML.
-
To see deployment status, select Show deployment status.
Set up monitoring via Dynatrace Operator using the manual mode
1. Create a dynatrace namespace (Kubernetes)/Add a dynatrace project (OpenShift)
Depending on your platform, select one of the options below.
kubectl create namespace dynatraceoc adm new-project --node-selector="" dynatrace2. Install Dynatrace Operator
Depending on your deployment type, select one of the following.
For classicFullStack, applicationMonitoring without CSI driver, and hostMonitoring when readonly is disabled, run the command below.
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yamloc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yaml3. Wait for Dynatrace Operator components to finish initialization
Run the following command to see when Dynatrace Operator components finish initialization.
kubectl -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300soc -n dynatrace wait pod --for=condition=ready --selector=app.kubernetes.io/name=dynatrace-operator,app.kubernetes.io/component=webhook --timeout=300s4. Create a secret holding your tokens
Depending on your deployment type, select one of the following.
For classicFullStack, create a secret named dynakube holding the API token obtained in Tokens and permissions required. Be sure to replace the placeholder (<...>) with your own value.
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=<API_TOKEN>"oc -n dynatrace create secret generic dynakube --from-literal="apiToken=API_TOKEN"5. Download a preconfigured DynaKube custom resource sample
Download one of the preconfigured DynaKube custom resource samples from GitHub, according to your monitoring approach.
6. Review the parameters
Review the available parameters, and adapt the DynaKube custom resource according to your requirements.
7. Review the available configuration options optional
Review the available configuration options for this integration:
- Add a custom properties file
- Add a custom certificate for ActiveGate
- Configure proxy
- Read-only file systems support
- Configure monitoring for namespaces and pods
- Import Kubernetes API certificates
- Metadata metric enrichment
- Enable AppArmor for enhanced security
- High availability
8. Apply the DynaKube custom resource
Run the command below to apply the DynaKube custom resource, making sure to replace <your-DynaKube-CR> with your actual DynaKube custom resource file name. A validation webhook will provide helpful error messages if there's a problem.
kubectl apply -f <your-DynaKube-CR>.yamloc apply -f <your-DynaKube-CR>.yamlConnect your Kubernetes cluster to Dynatrace
Some Kubernetes pages require that your Kubernetes cluster be connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects, such as pods and namespaces.
To deploy an ActiveGate in a container
-
Set the ActiveGate values of the DynaKube configuration file according to the list of parameters.
Note: To enable ActiveGate, in the
ActiveGatesection, addroutingand/orkubernetes-monitoringtocapabilities.Example:
activeGate: capabilities: - routing - kubernetes-monitoring ... -
Follow the instructions on how to activate ActiveGate on Kubernetes using Dynatrace Operator.
- If you want to monitor several Kubernetes clusters with one ActiveGate and don't care about network isolation, you can install an ActiveGate on a virtual machine using a conventional installer to connect your clusters to Dynatrace.
Limitations
Dynatrace Operator doesn't support OpenShift version 3.11 or earlier.
Monitor large Kubernetes environments
Contact Dynatrace ONE if you want to monitor environments that are larger than:
- 1,000 Kubernetes clusters per Dynatrace environment
- 500 nodes per Kubernetes cluster
- 50,000 pods per Kubernetes cluster
Update Dynatrace Operator
Depending on your deployment type, select one of the following.
For classicFullStack, applicationMonitoring without CSI driver, and hostMonitoring when readonly is disabled, run the command below.
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yamloc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yamlUpdate OneAgent if automatic updates are disabled
By default, Dynatrace Operator handles OneAgent updates automatically. If you choose to disable automatic updates, and haven't set any standard OneAgent version in Dynatrace, you can manually update OneAgent by running the command below.
kubectl -n dynatrace rollout restart daemonset/<DYNAKUBE>-oneagentoc -n dynatrace rollout restart daemonset/<DYNAKUBE>-oneagentUninstall Dynatrace Operator
Depending on your deployment type, select one of the following.
For classicFullStack and applicationMonitoring without CSI driver, run the command below.
kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/kubernetes.yamloc delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.6.0/openshift.yamlAlternative deployments
Besides the main deployment of Dynatrace Operator on Kubernetes via kubectl and OpenShift via oc, you have the following alternatives, depending on your needs.
- Set up Kubernetes/OpenShift monitoring with Helm
- Set up application-only monitoring (automatic/pod runtime/container build-time)
- Set up Kubernetes/OpenShift monitoring with DaemonSet
- Set up OpenShift monitoring via OperatorHub