Deployment options on Kubernetes/OpenShift

There are different ways to activate Dynatrace on Kubernetes. Each way has its own advantages. We recommend these deployment strategies in terms of feature completeness and lack of constraints.

You can migrate from the deprecated OneAgent Operator to the new Dynatrace Operator that manages the lifecycle of several Dynatrace components such as OneAgent, routing, and Kubernetes API Monitor. For migration instructions, see Migrate from OneAgent Operator to Dynatrace Operator on Kubernetes/OpenShift.

Classic full-stack injection

recommended

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities

It has a seamless host (Kubernetes node) integration. Instrumented pods maintain their taxonomic relationship to hosts and host metrics. Host agents compliment code modules with OOM detection, disk and storage monitoring, network monitoring, and more.
It's comprehensive. This all-in-one approach includes Kubernetes cluster monitoring, distributed tracing, fault domain isolation, and deep code-level insights using a single deployment configuration across your clusters.

Dynatrace Operator manages classic full-stack injection after the following resources are deployed.

OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes. It also detects new containers and injects OneAgent code modules into application pods.
Dynatrace Kubernetes monitor collects cluster and workload metrics, events, and status from the Kubernetes API.

classicfullstack

Note: Classic full-stack injection requires write access from the OneAgent pod to the Kubernetes node filesystem in order to detect and inject into newly deployed containers.

Cloud-native full-stack injection

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities

Offers similar functionality as the classic full-stack injection (see limitations below)
Uses mutating webhooks to inject code modules into application pods.

Limitations

Java Garbage Collection suspensions, OOM, and out-of-threads events aren't yet supported.
Diagnostic files ("support archives") for application pods aren't yet supported.
Container monitoring rules aren't yet supported (the Dynakube label selector parameter provides similar functionality).
Network zones aren't yet supported.
Tracing Istio sidecars and ingress gateways isn't yet supported.

Dynatrace Operator manages cloud-native full-stack injection after the following resources are deployed.

OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes.
Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.
Dynatrace CSI driver deployed as a DaemonSet provides OneAgent binaries to pods.
Dynatrace Kubernetes Monitoring collects cluster and workload metrics, events, and status from the Kubernetes API.

cloudnative

Application-only injection

You can use the application-only injection strategy for application pods. You don't install OneAgent pods and can't collect host metrics from Kubernetes nodes. You can collect alternative node metrics from other sources such as Prometheus.

Note: Unless you're using the useCSIDriver parameter (preview release), this deployment strategy requires extra ephemeral storage:

~325 MB for glibc
~290 MB for musl
~650 MB for glibc and musl combined

There are three types of application-only injection.

Automatic application-only injection

For the installation guide, see Automatic application-only injection.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities and limitations

Capabilities:

It's engineered for Kubernetes. Dynatrace injects into pods using the Kubernetes admission controller, which injects a Dynatrace code module into application containers.
It's flexible. You get granular control over the instrumented pods using namespaces and annotations. You can easily route pod metrics to different Dynatrace environments within the same Kubernetes cluster.

Limitations: When deployed in application-only mode, OneAgent monitors the memory, disk, CPU, and networking of processes within the container only. Host metrics aren't monitored. Topology is limited for pods and containers.

Dynatrace Operator manages automatic application-only injection after the following resources are deployed.

Dynatrace Kubernetes monitor collects cluster and workload metrics, events, and status from the Kubernetes API.
Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.

apponly

Pod runtime injection

For the installation guide, see Pod runtime injection.

Capabilities

It's Kubernetes native. Dynatrace code modules are injected into pods using Kubernetes init containers.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments.

PodRuntime Illustration

Container build-time injection

For the installation guide, see Container build-time injection.

Capabilities

It has a static container injection. Dynatrace code modules are embedded into container images as they are built.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments. You can use these images on any container platform or PaaS in addition to Kubernetes.

BuildTimeInjection illustration

Classic manual full-stack injection

You can use the classic manual full-stack injection strategy for manual deployment of OneAgent DaemonSet and Kubernetes API without Dynatrace Operator.