Deployment options on Kubernetes/OpenShift

There are different ways to activate Dynatrace on Kubernetes. Each way has its advantages. We recommend these deployment strategies in terms of feature completeness and lack of constraints.

You can migrate from the deprecated OneAgent Operator to the new Dynatrace Operator that manages the lifecycle of several Dynatrace components such as OneAgent, routing, and Kubernetes API Monitor. For migration instructions, see Migrate from OneAgent Operator to Dynatrace Operator on Kubernetes/OpenShift using kubectl/oc.

Classic full-stack injection

recommended

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities and limitations

Capabilities:

It has a seamless host (Kubernetes node) integration. Instrumented pods maintain their taxonomic relationship with hosts and host metrics. Host agents complement code modules with OOM detection, disk and storage monitoring, network monitoring, and more.
It's comprehensive. This all-in-one approach includes Kubernetes cluster monitoring, distributed tracing, fault domain isolation, and deep code-level insights using a single deployment configuration across your clusters.

Limitations: There’s a startup dependency between the container in which OneAgent is deployed and application containers to be instrumented (for example, containers that have deep process monitoring enabled). The OneAgent container must be started and the oneagenthelper process must be running before the application container is launched so that the application can be properly instrumented.

Deployed resources

Dynatrace Operator manages classic full-stack injection after the following resources are deployed.

OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes. It also detects new containers and injects OneAgent code modules into application pods.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.
Dynatrace webhook server validates Dynakube definitions for correctness.

Note: Classic full-stack injection requires write access from the OneAgent pod to the Kubernetes node filesystem to detect and inject into newly deployed containers.

Cloud-native full-stack injection

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities and limitations

Capabilities:

Offers similar functionality as the classic full-stack injection (see limitations below)
Uses mutating webhooks to inject code modules into application pods.

Limitations:

Diagnostic files ("support archives") for application pods aren't yet supported.
Container monitoring rules aren't yet supported (the Dynakube label selector parameter provides similar functionality).
Network zones aren't yet supported.
Tracing Istio sidecars and ingress gateways, or any other Envoy proxy instances isn't supported.

Deployed resources

Dynatrace Operator manages cloud-native full-stack injection after the following Deployed resources are deployed.

OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes.
Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.
Dynatrace CSI driver deployed as a DaemonSet, provides writable volume storage for OneAgent and OneAgent binaries to pods.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.

Host monitoring

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities and limitations

Capabilities: Collects node metrics and process data.

Limitations: Diagnostic files ("support archives") for application pods aren't yet supported for read-only file systems.

Deployed resources

Dynatrace Operator manages host monitoring after the following Deployed resources are deployed:

Dynatrace webhook server only validates DynaKube and verifies its correctness, without modifying pod definitions.
Dynatrace CSI driver provides writable volume storage for OneAgent.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.

Application-only monitoring: Automatic injection

You can use the application-only injection strategy for application pods. You don't install OneAgent pods and can't collect host metrics from Kubernetes nodes. You can collect alternative node metrics from other sources such as Prometheus.

For the installation guide, see Automatic application-only injection.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities and limitations

Capabilities:

It's engineered for Kubernetes. Dynatrace injects into pods using the Kubernetes admission controller, which injects a Dynatrace code module into application containers.
It's flexible. You get granular control over the instrumented pods using namespaces and annotations. You can easily route pod metrics to different Dynatrace environments within the same Kubernetes cluster.

Limitations: When deployed in application-only mode, OneAgent monitors the memory, disk, CPU, and networking of processes within the container only. Host metrics aren't monitored. Topology is limited to pods and containers.

Deployed resources

Dynatrace Operator manages automatic application-only injection after the following resources are deployed.

Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.

Application-only monitoring: Pod runtime injection

For the installation guide, see Pod runtime injection.

Capabilities

It's Kubernetes native. Dynatrace code modules are injected into pods using Kubernetes init containers.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments.

Application-only monitoring: Container build-time injection

For the installation guide, see Container build-time injection.

Capabilities

It has a static container injection. Dynatrace code modules are embedded into container images as they are built.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments. You can use these images on any container platform or PaaS in addition to Kubernetes.

Classic manual full-stack injection

You can use the classic manual full-stack injection strategy for manual deployment of OneAgent DaemonSet and Kubernetes API without Dynatrace Operator.

Storage requirements

The following table shows the storage requirements of Dynatrace Operator deployment types.

Deployment type	Without CSI driver	With CSI driver¹	With CSI driver and code modules image
`classicFullStack`	~1,3 GB for OneAgent² configuration/binaries (directly on the node)	N/A	N/A
`hostMonitoring`	~1,3 GB for OneAgent² configuration/binaries (directly on the node)	~1,3 GB for OneAgent² configuration/binaries (on the node managed by CSI driver)	N/A
`applicationMonitoring`	~650 MB per monitored pod³ (in ephemeral storage, directly on the pod)	- ~650 MB per tenant and running OneAgent version⁴ - ~0,2 MB (and logs during runtime) per injected pod	- ~650 MB per running OneAgent version⁴ - ~0,2 MB (and logs during runtime) per injected pod
`cloudNativeFullStack`	N/A (CSI driver required)	A combination between the following: - `hostMonitoring` with CSI driver - `applicationMonitoring` with CSI driver	A combination between the following: - `hostMonitoring` with CSI driver - `applicationMonitoring` with CSI driver and code modules image
¹ Used for read-only filesystem support (the default for host monitoring and cloud-native full-stack deployments). ² New OneAgent versions overwrite old OneAgent versions. ³ If the pod is destroyed, OneAgent is automatically deleted. ⁴ Garbage collector removes old OneAgent versions that are no longer used within 60 minutes.