Deployment options on Kubernetes/OpenShift

There are different ways to activate Dynatrace on Kubernetes. Each way has its advantages. We recommend these deployment strategies in terms of feature completeness and lack of constraints.

You can migrate from the deprecated OneAgent Operator to the new Dynatrace Operator that manages the lifecycle of several Dynatrace components such as OneAgent, routing, and Kubernetes API Monitor. For migration instructions, see Migrate from OneAgent Operator to Dynatrace Operator on Kubernetes/OpenShift using kubectl/oc.

Classic full-stack injection

recommended

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities

It has a seamless host (Kubernetes node) integration. Instrumented pods maintain their taxonomic relationship to hosts and host metrics. Host agents compliment code modules with OOM detection, disk and storage monitoring, network monitoring, and more.
It's comprehensive. This all-in-one approach includes Kubernetes cluster monitoring, distributed tracing, fault domain isolation, and deep code-level insights using a single deployment configuration across your clusters.

Limitations

There’s a startup dependency between the container in which OneAgent is deployed and application containers to be instrumented (for example, which have deep process monitoring enabled). The OneAgent container must be started and the oneagenthelper process must be running prior to the application container being launched so that the application can be properly instrumented.

Dynatrace Operator manages classic full-stack injection after the following resources are deployed.

OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes. It also detects new containers and injects OneAgent code modules into application pods.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.

classicfullstack

Note: Classic full-stack injection requires write access from the OneAgent pod to the Kubernetes node filesystem in order to detect and inject into newly deployed containers.

Cloud-native full-stack injection

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities

Offers similar functionality as the classic full-stack injection (see limitations below)
Uses mutating webhooks to inject code modules into application pods.

Limitations

Diagnostic files ("support archives") for application pods aren't yet supported.
Container monitoring rules aren't yet supported (the Dynakube label selector parameter provides similar functionality).
Network zones aren't yet supported.

Dynatrace Operator manages cloud-native full-stack injection after the following resources are deployed.

OneAgent, deployed as a DaemonSet, collects host metrics from Kubernetes nodes.
Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.
Dynatrace CSI driver deployed as a DaemonSet, provides writable volume storage for OneAgent and OneAgent binaries to pods.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.

cloudnative

Host monitoring

For the installation guide, see Set up Kubernetes monitoring.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities

Collects node metrics and process data.

Limitations

Diagnostic files ("support archives") for application pods aren't yet supported for read-only file systems.

Dynatrace Operator manages host monitoring after the following resources are deployed:

Dynatrace webhook server only validates DynaKube and verifies its correctness, without modifying pod definitions.
Dynatrace CSI driver provides writable volume storage for OneAgent.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.

host-monitoring

Application-only injection

You can use the application-only injection strategy for application pods. You don't install OneAgent pods and can't collect host metrics from Kubernetes nodes. You can collect alternative node metrics from other sources such as Prometheus.

Note: Unless you're using the useCSIDriver parameter (preview release), this deployment strategy requires extra ephemeral storage:

~325 MB for glibc
~290 MB for musl
~650 MB for glibc and musl combined

There are three types of application-only injection.

Automatic application-only injection

For the installation guide, see Automatic application-only injection.

Note: If you prefer to use Helm, see Set up Kubernetes/OpenShift monitoring with Helm.

Capabilities and limitations

Capabilities:

It's engineered for Kubernetes. Dynatrace injects into pods using the Kubernetes admission controller, which injects a Dynatrace code module into application containers.
It's flexible. You get granular control over the instrumented pods using namespaces and annotations. You can easily route pod metrics to different Dynatrace environments within the same Kubernetes cluster.

Limitations: When deployed in application-only mode, OneAgent monitors the memory, disk, CPU, and networking of processes within the container only. Host metrics aren't monitored. Topology is limited for pods and containers.

Dynatrace Operator manages automatic application-only injection after the following resources are deployed.

Dynatrace webhook server modifies pod definitions to include Dynatrace code modules for application observability.
Dynatrace Activegate is used for routing, as well as for monitoring Kubernetes objects by collecting data (metrics, events, status) from the Kubernetes API.

apponly

Pod runtime injection

For the installation guide, see Pod runtime injection.

Capabilities

It's Kubernetes native. Dynatrace code modules are injected into pods using Kubernetes init containers.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments.

PodRuntime Illustration

Container build-time injection

For the installation guide, see Container build-time injection.

Capabilities

It has a static container injection. Dynatrace code modules are embedded into container images as they are built.
It's flexible. Different container images can contain separate configurations for different Dynatrace environments. You can use these images on any container platform or PaaS in addition to Kubernetes.

BuildTimeInjection illustration

Classic manual full-stack injection

You can use the classic manual full-stack injection strategy for manual deployment of OneAgent DaemonSet and Kubernetes API without Dynatrace Operator.