• Home
  • Setup and configuration
  • Set up Dynatrace on container platforms
  • Kubernetes
  • Get started with Kubernetes/OpenShift monitoring
  • Set up Kubernetes/OpenShift monitoring with Helm

Set up Kubernetes/OpenShift monitoring with Helm

Dynatrace Operator version 0.7.0+

This page describes how to set up classic full-stack injection, cloud-native full-stack injection, and automatic application-only injection on Kubernetes using Helm as an alternative to the main kubectl deployment.

  • For more information on the existing deployment options, see Deployment options on Kubernetes/OpenShift.
Important notes for existing users
  • If you already set up monitoring using a Dynatrace Operator version earlier than v0.7.0, please migrate to the latest Dynatrace Operator version, as the previous DynaKube custom resource and corresponding secret support are deprecated.

  • If you already set up monitoring using OneAgent Operator, please migrate to Dynatrace Operator, as the OneAgent Operator procedure is deprecated.

    • For information about the Dynatrace Operator version changes, see Understand and configure the DynaKube custom resource.

For a fresh installation, follow the instructions below.

Prerequisites

  • Kubernetes version 1.20+ or OpenShift versions 4.7+

  • See Support lifecycle for Kubernetes or Support lifecycle for OpenShift for supported versions.

  • Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.

  • Install Helm version 3.

  • For OpenShift (cloudNativeFullStack and applicationMonitoring with CSI driver deployments), you need to configure security context constraints (OpenShift).

Tokens and permissions

  • Create an API token in your Dynatrace environment and enable the following permissions:

    • Access problem and event feed, metrics, and topology (API v1)
    • PaaS integration - Installer download
    • optional Dynatrace Operator version 0.4.0+ If you want Dynatrace Operator to automatically handle the connection to ActiveGate via public API for Kubernetes monitoring, be sure to also enable the following permissions:
      • Read entities (API v2)
      • Read settings (API v2)
      • Write settings (API v2)
  • Dynatrace Operator version 0.4.0+ For cloudNativeFullStack and applicationMonitoring deployments, in addition to the API token, you also need to generate a dataIngestToken token for metadata metric enrichment, and enable the Ingest metrics permission (API v2).

  • For OpenShift Dedicated, you need cluster-admin privileges.

Install

1. Install the Dynatrace Helm repository

bash
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable

2. Install Dynatrace Operator

You have two options:

Option 1: Install Dynatrace Operator using the default values:

bash
helm install dynatrace-operator dynatrace/dynatrace-operator --atomic --create-namespace -n dynatrace

Option 2: For additional configuration to the Helm chart, edit the values.yaml sample from GitHub, then run the install command passing the YAML file as an argument:

bash
helm install dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic --create-namespace -n dynatrace

3. Create a secret holding your tokens

Create a secret named dynakube holding the tokens to access the Dynatrace Cluster. Be sure to replace the placeholders (<...>) with the values obtained in Tokens and permissions required.

bash
kubectl create -n dynatrace secret generic dynakube --from-literal=apiToken=<your_API_token> --from-literal=dataIngestToken=<your-data-ingest-token>
bash
oc create -n dynatrace secret generic dynakube --from-literal=apiToken=<your_API_token> --from-literal=dataIngestToken=<your-data-ingest-token>

4. Download a preconfigured DynaKube custom resource sample

Download one of the preconfigured DynaKube custom resource samples from GitHub, according to your monitoring approach.

5. Review the parameters

Review the available parameters, and adapt the DynaKube custom resource according to your requirements.

6. Review the available configuration options optional

Review the available configuration options for this integration. optional

  • Add a custom properties file
  • Add a custom certificate for ActiveGate
  • Configure proxy
  • Read-only file systems support
  • Configure monitoring for namespaces and pods
  • Import Kubernetes API certificates
  • Metadata metric enrichment
  • Enable AppArmor for enhanced security
  • High availability
  • Authenticate ActiveGate to the Dynatrace Cluster

7. Apply the DynaKube custom resource

Run the command below to apply the DynaKube custom resource, making sure to replace <your-DynaKube-CR> with your actual DynaKube custom resource file name.

bash
kubectl apply -f <your-DynaKube-CR>.yaml
bash
oc apply -f <your-DynaKube-CR>.yaml

Connect your Kubernetes cluster to Dynatrace

Some Kubernetes pages require that your Kubernetes cluster be connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects, such as pods and namespaces.

To deploy an ActiveGate in a container

  1. Set the ActiveGate values of the DynaKube configuration file according to the list of parameters.

    Note: To enable ActiveGate, in the ActiveGate section, add routing and/or kubernetes-monitoring to capabilities.

    Example:

    yaml
    activeGate: capabilities: - routing - kubernetes-monitoring ...
  2. Follow the instructions on how to activate ActiveGate on Kubernetes using Dynatrace Operator.

  • If you want to monitor several Kubernetes clusters with one ActiveGate and don't care about network isolation, you can install an ActiveGate on a virtual machine using a conventional installer to connect your clusters to Dynatrace.

Monitor large Kubernetes environments

Contact Dynatrace ONE if you want to monitor environments that are larger than:

  • 1,000 Kubernetes clusters per Dynatrace environment
  • 500 nodes per Kubernetes cluster
  • 50,000 pods per Kubernetes cluster

Migrate to Dynatrace Operator 0.7.0+ with Helm

If you use a Dynatrace Operator version earlier than v0.7.0 in a Helm deployment, follow the steps below to migrate to the latest Dynatrace Operator version with Helm.

1. Adjust the values.yaml file

  1. Fields and sections related to the DynaKube custom resource and the secret containing the tokens need to be removed. Adapt your values.yaml file according to our example on GitHub.

    Note: Resources created with earlier versions of Dynatrace Operator with Helm based on these values will be preserved.

  2. Set and update the following parameters:

    ParameterDescriptionDefault valueData type
    installCRDIf you want the Helm chart to update the DynaKube custom resource definition during the Helm upgrade, set to true.falseboolean
    csidriver.enabledSection renamed from csi to csidriver. If you use the CSI driver in your setup, set enabled to true.
    Note: To check if the CSI driver is in use, run the following command: kubectl -n dynatrace get daemonset dynatrace-oneagent-csi-driver.
    falseboolean
    securityContextConstraints.enabledEnables security constraints for OpenShift.trueboolean

2. Upgrade the custom resource definition

  • If installCRD is set to true, the custom resource definition will be automatically upgraded.

  • If installCRD is set to false, you need to upgrade the custom resource definition manually, as follows:

    bash
    kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/dynatrace.com_dynakubes.yaml
    bash
    oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/dynatrace.com_dynakubes.yaml

3. Upgrade the Helm chart

bash
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace

Note: The above changes make your old values unusable, therefore setting the --reuse-values flag isn't possible for migration.

Update Dynatrace Operator

To update Dynatrace Operator, you need to update the Helm chart. Run the command below.

bash
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace

Uninstall

Depending on your deployment type, select one of the following to uninstall Dynatrace Operator.

For classicFullStack and applicationMonitoring without CSI driver, run the command below.

bash
helm uninstall dynatrace-operator --namespace dynatrace
For `cloudNativeFullStack` and `applicationMonitoring` with CSI driver

Follow the steps below.

  1. Remove DynaKube custom resources and clean up all remaining Dynatrace Operator–specific objects.

    bash
    kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.8.0/dynatrace.com_dynakubes.yaml
    bash
    oc delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.8.0/dynatrace.com_dynakubes.yaml
  2. Wait until Dynatrace Operator components have been deleted.

    bash
    kubectl -n dynatrace wait pod --for=delete -l app.kubernetes.io/component=operator --timeout=300s
    bash
    oc -n dynatrace wait pod --for=delete -l app.kubernetes.io/component=operator --timeout=300s
  3. Restart your monitored applications.

  4. Uninstall Dynatrace Operator and delete the Dynatrace namespace.

    bash
    helm uninstall dynatrace-operator --namespace dynatrace
Related topics
  • Kubernetes/OpenShift monitoring

    Monitor Kubernetes/OpenShift with Dynatrace.