Set up Kubernetes/OpenShift monitoring with Helm
This page describes how to set up classic full-stack injection, cloud-native full-stack injection, and automatic application-only injection on Kubernetes using Helm as an alternative to the main kubectl deployment.
- For more information on the existing deployment options, see Deployment options on Kubernetes/OpenShift.
-
If you already set up monitoring using a Dynatrace Operator version earlier than v0.8.0, please migrate to the latest Dynatrace Operator version, as the previous DynaKube custom resource and corresponding secret support are deprecated.
-
If you already set up monitoring using OneAgent Operator, please migrate to Dynatrace Operator, as the OneAgent Operator procedure is deprecated.
- For information about the Dynatrace Operator version changes, see Understand and configure the DynaKube custom resource.
For a fresh installation, follow the instructions below.
Prerequisites
-
Kubernetes version 1.20+ or OpenShift versions 4.7+
-
See Support lifecycle for Kubernetes/OpenShift for supported versions.
-
Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
-
For OpenShift (
cloudNativeFullStack
andapplicationMonitoring
with CSI driver deployments), you need to configure security context constraints (OpenShift).
Tokens and permissions
-
Create an API token in your Dynatrace environment and enable the following permissions:
-
Access problem and event feed, metrics, and topology (
DataExport
) -
PaaS integration - Installer download (
InstallerDownload
) -
Dynatrace Operator version 0.9.0+ Create ActiveGate tokens (
activeGateTokenManagement.create
)Note: This scope creates an authentication token for your ActiveGate to connect to the Dynatrace Cluster. The token is rotated by Dynatrace Operator every 30 days. When an authentication token is rotated, the affected ActiveGate is automatically deleted and redeployed.
-
optional If you want Dynatrace Operator to automatically handle the connection to ActiveGate via public API for Kubernetes monitoring, be sure to also enable the following permissions:
- Read entities (
entities.read
) - Read settings (
settings.read
) - Write settings (
settings.write
)
- Read entities (
-
-
For
cloudNativeFullStack
andapplicationMonitoring
deployments, in addition to the API token, you also need to generate adataIngestToken
token for metadata metric enrichment and enable the Ingest metrics (metrics.ingest
) permission. -
For OpenShift Dedicated, you need cluster-admin privileges.
Install
Follow the steps below to set up Kubernetes/OpenShift monitoring with Helm.
Install the Dynatrace Helm repository
Install Dynatrace Operator
Adjust the values.yaml
file
Create the custom resource definition
Set up the DynaKube custom resource
Install the Dynatrace Helm repository
helm repo add dynatrace \
https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable
Install Dynatrace Operator
You have two options:
Option 1: Install Dynatrace Operator using the default values:
helm install dynatrace-operator dynatrace/dynatrace-operator \
--set "installCRD=true" \
--atomic \
--create-namespace --namespace dynatrace
Option 2: For additional configuration to the Helm chart, edit the values.yaml
sample from GitHub, then run the install command passing the YAML file as an argument:
helm install dynatrace-operator dynatrace/dynatrace-operator \
-f values.yaml \
--atomic \
--create-namespace --namespace dynatrace
Adjust the values.yaml
file
-
Remove fields and sections related to the DynaKube custom resource and the secret containing the tokens. Adapt your
values.yaml
file according to our example on GitHub.Note: Resources created with earlier versions of Dynatrace Operator with Helm based on these values will be preserved.
-
Set and update the following parameters:
Parameter Description Default value Data type installCRD
If you want the Helm chart to install/update the DynaKube custom resource definition during the Helm upgrade, set to true
.false
boolean csidriver.enabled
Section renamed from csi
tocsidriver
. If you use the CSI driver in your setup, setenabled
totrue
.
Note: To check if the CSI driver is in use, run the following command:kubectl -n dynatrace get daemonset dynatrace-oneagent-csi-driver
.false
boolean securityContextConstraints.enabled
Enables security constraints for OpenShift. true
boolean
Create the custom resource definition
-
If
installCRD
is set totrue
, the custom resource definition will be automatically created and managed by Helm. -
If
installCRD
is set tofalse
, you need to create the custom resource definition manually before starting the Helm installation:kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.11.2/dynatrace-operator-crd.yaml
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.11.2/dynatrace-operator-crd.yaml
Set up the DynaKube custom resource
In Get started with Kubernetes/OpenShift monitoring, follow steps 4 to 9.
Migrate to Dynatrace Operator 0.7.0+ with Helm
If you use a Dynatrace Operator version earlier than v0.8.0 in a Helm deployment, follow the steps below to migrate to the latest Dynatrace Operator version with Helm.
Upgrade the custom resource definition
Upgrade the Helm chart
Upgrade the custom resource definition
According to your configuration of the values.yaml
file, select one of the options below.
-
If
installCRD
is set totrue
, the custom resource definition will be automatically upgraded and managed by Helm. -
If
installCRD
is set tofalse
, you need to upgrade the custom resource definition manually before starting the Helm installation:kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.11.2/dynatrace-operator-crd.yaml
oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.11.2/dynatrace-operator-crd.yaml
Upgrade the Helm chart
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace
Note: The above changes make your old values unusable, therefore setting the --reuse-values
flag isn't possible for migration.
Update Dynatrace Operator
To update Dynatrace Operator, you need to update the Helm chart. Run the command below.
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace
Uninstall
Depending on your deployment type, select one of the following to uninstall Dynatrace Operator.
For classicFullStack
and applicationMonitoring
without CSI driver, run the command below.
helm uninstall dynatrace-operator --namespace dynatrace