Set up Kubernetes/OpenShift monitoring with Helm
This page describes how to set up classic full-stack injection, cloud-native full-stack injection, and automatic application-only injection on Kubernetes using Helm as an alternative to the main kubectl deployment.
- For more information on the existing deployment options, see Deployment options on Kubernetes/OpenShift.
-
If you already set up monitoring using a Dynatrace Operator version earlier than v0.7.0, please migrate to the latest Dynatrace Operator version, as the previous DynaKube custom resource and corresponding secret support are deprecated.
-
If you already set up monitoring using OneAgent Operator, please migrate to Dynatrace Operator, as the OneAgent Operator procedure is deprecated.
- For information about the Dynatrace Operator version changes, see Understand and configure the DynaKube custom resource.
For a fresh installation, follow the instructions below.
Prerequisites
-
Kubernetes version 1.20+ or OpenShift versions 4.7+
-
See Support lifecycle for Kubernetes or Support lifecycle for OpenShift for supported versions.
-
Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
-
For OpenShift (
cloudNativeFullStackandapplicationMonitoringwith CSI driver deployments), you need to configure security context constraints (OpenShift).
Tokens and permissions
-
Create an API token in your Dynatrace environment and enable the following permissions:
- Access problem and event feed, metrics, and topology (API v1)
- PaaS integration - Installer download
- optional Dynatrace Operator version 0.4.0+ If you want Dynatrace Operator to automatically handle the connection to ActiveGate via public API for Kubernetes monitoring, be sure to also enable the following permissions:
- Read entities (API v2)
- Read settings (API v2)
- Write settings (API v2)
-
Dynatrace Operator version 0.4.0+ For
cloudNativeFullStackandapplicationMonitoringdeployments, in addition to the API token, you also need to generate adataIngestTokentoken for metadata metric enrichment, and enable the Ingest metrics permission (API v2). -
For OpenShift Dedicated, you need cluster-admin privileges.
Install
1. Install the Dynatrace Helm repository
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable2. Install Dynatrace Operator
You have two options:
Option 1: Install Dynatrace Operator using the default values:
helm install dynatrace-operator dynatrace/dynatrace-operator --atomic --create-namespace -n dynatraceOption 2: For additional configuration to the Helm chart, edit the values.yaml sample from GitHub, then run the install command passing the YAML file as an argument:
helm install dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic --create-namespace -n dynatrace3. Create a secret holding your tokens
Create a secret named dynakube holding the tokens to access the Dynatrace Cluster. Be sure to replace the placeholders (<...>) with the values obtained in Tokens and permissions required.
kubectl create -n dynatrace secret generic dynakube --from-literal=apiToken=<your_API_token> --from-literal=dataIngestToken=<your-data-ingest-token>oc create -n dynatrace secret generic dynakube --from-literal=apiToken=<your_API_token> --from-literal=dataIngestToken=<your-data-ingest-token>4. Download a preconfigured DynaKube custom resource sample
Download one of the preconfigured DynaKube custom resource samples from GitHub, according to your monitoring approach.
5. Review the parameters
Review the available parameters, and adapt the DynaKube custom resource according to your requirements.
6. Review the available configuration options optional
Review the available configuration options for this integration. optional
- Add a custom properties file
- Add a custom certificate for ActiveGate
- Configure proxy
- Read-only file systems support
- Configure monitoring for namespaces and pods
- Import Kubernetes API certificates
- Metadata metric enrichment
- Enable AppArmor for enhanced security
- High availability
- Authenticate ActiveGate to the Dynatrace Cluster
7. Apply the DynaKube custom resource
Run the command below to apply the DynaKube custom resource, making sure to replace <your-DynaKube-CR> with your actual DynaKube custom resource file name.
kubectl apply -f <your-DynaKube-CR>.yamloc apply -f <your-DynaKube-CR>.yamlConnect your Kubernetes cluster to Dynatrace
Some Kubernetes pages require that your Kubernetes cluster be connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects, such as pods and namespaces.
To deploy an ActiveGate in a container
-
Set the ActiveGate values of the DynaKube configuration file according to the list of parameters.
Note: To enable ActiveGate, in the
ActiveGatesection, addroutingand/orkubernetes-monitoringtocapabilities.Example:
activeGate: capabilities: - routing - kubernetes-monitoring ... -
Follow the instructions on how to activate ActiveGate on Kubernetes using Dynatrace Operator.
- If you want to monitor several Kubernetes clusters with one ActiveGate and don't care about network isolation, you can install an ActiveGate on a virtual machine using a conventional installer to connect your clusters to Dynatrace.
Monitor large Kubernetes environments
Contact Dynatrace ONE if you want to monitor environments that are larger than:
- 1,000 Kubernetes clusters per Dynatrace environment
- 500 nodes per Kubernetes cluster
- 50,000 pods per Kubernetes cluster
Migrate to Dynatrace Operator 0.7.0+ with Helm
If you use a Dynatrace Operator version earlier than v0.7.0 in a Helm deployment, follow the steps below to migrate to the latest Dynatrace Operator version with Helm.
1. Adjust the values.yaml file
-
Fields and sections related to the DynaKube custom resource and the secret containing the tokens need to be removed. Adapt your
values.yamlfile according to our example on GitHub.Note: Resources created with earlier versions of Dynatrace Operator with Helm based on these values will be preserved.
-
Set and update the following parameters:
Parameter Description Default value Data type installCRDIf you want the Helm chart to update the DynaKube custom resource definition during the Helm upgrade, set to true.falseboolean csidriver.enabledSection renamed from csitocsidriver. If you use the CSI driver in your setup, setenabledtotrue.
Note: To check if the CSI driver is in use, run the following command:kubectl -n dynatrace get daemonset dynatrace-oneagent-csi-driver.falseboolean securityContextConstraints.enabledEnables security constraints for OpenShift. trueboolean
2. Upgrade the custom resource definition
-
If
installCRDis set totrue, the custom resource definition will be automatically upgraded. -
If
installCRDis set tofalse, you need to upgrade the custom resource definition manually, as follows:kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/dynatrace.com_dynakubes.yamloc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/latest/download/dynatrace.com_dynakubes.yaml
3. Upgrade the Helm chart
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatraceNote: The above changes make your old values unusable, therefore setting the --reuse-values flag isn't possible for migration.
Update Dynatrace Operator
To update Dynatrace Operator, you need to update the Helm chart. Run the command below.
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatraceUninstall
Depending on your deployment type, select one of the following to uninstall Dynatrace Operator.
For classicFullStack and applicationMonitoring without CSI driver, run the command below.
helm uninstall dynatrace-operator --namespace dynatrace