Set up Kubernetes/OpenShift monitoring with Helm

This page describes how to set up classic full-stack injection, cloud-native full-stack injection, and automatic application-only injection on Kubernetes using Helm as an alternative to the main kubectl deployment.

For more information on the existing deployment options, see Deployment options on Kubernetes/OpenShift.

Important notes for existing users

If you already set up monitoring using a Dynatrace Operator version earlier than v0.8.0, please migrate to the latest Dynatrace Operator version, as the previous DynaKube custom resource and corresponding secret support are deprecated.
If you already set up monitoring using OneAgent Operator, please migrate to Dynatrace Operator, as the OneAgent Operator procedure is deprecated.
- For information about the Dynatrace Operator version changes, see Understand and configure the DynaKube custom resource.

For a fresh installation, follow the instructions below.

Prerequisites

Kubernetes version 1.20+ or OpenShift versions 4.7+
See Support lifecycle for Kubernetes/OpenShift for supported versions.
Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
Install Helm version 3.
For OpenShift (cloudNativeFullStack and applicationMonitoring with CSI driver deployments), you need to configure security context constraints (OpenShift).

Tokens and permissions

Create an API token in your Dynatrace environment and enable the following permissions:
- Access problem and event feed, metrics, and topology (DataExport)
- PaaS integration - Installer download (InstallerDownload)
- Dynatrace Operator version 0.9.0+ Create ActiveGate tokens (activeGateTokenManagement.create)
  
  This scope creates an authentication token for your ActiveGate to connect to the Dynatrace Cluster. The token is rotated by Dynatrace Operator every 29 days. When an authentication token is rotated, the affected ActiveGate is automatically deleted and redeployed.
- optional If you want Dynatrace Operator to automatically handle the connection to ActiveGate via public API for Kubernetes monitoring, be sure to also enable the following permissions:
  - Read entities (entities.read)
  - Read settings (settings.read)
  - Write settings (settings.write)
For cloudNativeFullStack and applicationMonitoring deployments, in addition to the API token, you also need to generate a dataIngestToken token for metadata metric enrichment and enable the Ingest metrics (metrics.ingest) permission.
For OpenShift Dedicated, you need cluster-admin privileges.

Install

Follow the steps below to set up Kubernetes/OpenShift monitoring with Helm.

Install the Dynatrace Helm repository

Install Dynatrace Operator

Adjust the values.yaml file

Create the custom resource definition

Set up the DynaKube custom resource

Install the Dynatrace Helm repository

bash
helm repo add dynatrace \
https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable

Install Dynatrace Operator

You have two options:

Option 1: Install Dynatrace Operator using the default values:

bash
helm install dynatrace-operator dynatrace/dynatrace-operator \
  --set "installCRD=true" \
  --atomic \
  --create-namespace --namespace dynatrace

Option 2: For additional configuration to the Helm chart, edit the values.yaml sample from GitHub, then run the install command passing the YAML file as an argument:

For IKS where CSI driver is used

Dynatrace Operator version 0.9.0+

For IBM Cloud Kubernetes Service (IKS), you need to set the csidriver.kubeletPath value in values.yaml to /var/data/kubelet.

Example:

yaml
csidriver:
    enabled: true
    kubeletPath: "/var/data/kubelet"

bash
helm install dynatrace-operator dynatrace/dynatrace-operator \
  -f values.yaml \
  --atomic \
  --create-namespace --namespace dynatrace

Adjust the `values.yaml` file

Remove fields and sections related to the DynaKube custom resource and the secret containing the tokens. Adapt your values.yaml file according to our example on GitHub.

Resources created with earlier versions of Dynatrace Operator with Helm based on these values will be preserved.

Set and update the following parameters:

Parameter	Description	Default value	Data type
`installCRD`	If you want the Helm chart to install/update the DynaKube custom resource definition during the Helm upgrade, set to `true`.	`false`	boolean
`csidriver.enabled`	Section renamed from `csi` to `csidriver`. If you use the CSI driver in your setup, set `enabled` to `true`. Note: To check if the CSI driver is in use, run the following command: `kubectl -n dynatrace get daemonset dynatrace-oneagent-csi-driver`.	`false`	boolean
`securityContextConstraints.enabled`	Enables security constraints for OpenShift.	`true`	boolean

Create the custom resource definition

If installCRD is set to true, the custom resource definition will be automatically created and managed by Helm.

If installCRD is set to false, you need to create the custom resource definition manually before starting the Helm installation:

KubernetesOpenShift

bash
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/dynatrace-operator-crd.yaml

bash
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/dynatrace-operator-crd.yaml

Set up the DynaKube custom resource

See Get started with Full observability (classic full stack deployment).

Migrate to Dynatrace Operator 0.7.0+ with Helm

If you use a Dynatrace Operator version earlier than v0.8.0 in a Helm deployment, follow the steps below to migrate to the latest Dynatrace Operator version with Helm.

Upgrade the custom resource definition

Upgrade the Helm chart

Upgrade the custom resource definition

According to your configuration of the values.yaml file, select one of the options below.

If installCRD is set to true, the custom resource definition will be automatically upgraded and managed by Helm.

If installCRD is set to false, you need to upgrade the custom resource definition manually before starting the Helm installation:

KubernetesOpenShift

bash
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/dynatrace-operator-crd.yaml

bash
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/dynatrace-operator-crd.yaml

Upgrade the Helm chart

bash
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace

The above changes make your old values unusable, therefore setting the --reuse-values flag isn't possible for migration.

Update Dynatrace Operator

To update Dynatrace Operator, you need to update the Helm chart. Run the command below.

bash
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace

Uninstall

Depending on your deployment type, select one of the following to uninstall Dynatrace Operator.

For classicFullStack and applicationMonitoring without CSI driver, run the command below.

bash
helm uninstall dynatrace-operator --namespace dynatrace

For `cloudNativeFullStack` and `applicationMonitoring` with CSI driver

Follow the steps below.

Remove DynaKube custom resources and clean up all remaining Dynatrace Operator–specific objects.

kubectloc

bash
kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/dynatrace-operator-crd.yaml

bash
oc delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/dynatrace-operator-crd.yaml

Wait until Dynatrace Operator components have been deleted.