• Home
  • Setup and configuration
  • Set up Dynatrace on container platforms
  • Kubernetes
  • Get started with Kubernetes/OpenShift monitoring
  • Set up Kubernetes/OpenShift monitoring with Helm

Set up Kubernetes/OpenShift monitoring with Helm

Dynatrace Operator version 0.7.0+

This page describes how to set up classic full-stack injection, cloud-native full-stack injection, and automatic application-only injection on Kubernetes using Helm as an alternative to the main kubectl deployment.

  • For more information on the existing deployment options, see Deployment options on Kubernetes/OpenShift.
Important notes for existing users

  • If you already set up monitoring using a Dynatrace Operator version earlier than v0.7.0, please migrate to the latest Dynatrace Operator version, as the previous DynaKube custom resource and corresponding secret support are deprecated.

  • If you already set up monitoring using OneAgent Operator, please migrate to Dynatrace Operator, as the OneAgent Operator procedure is deprecated.

    • For information about the Dynatrace Operator version changes, see Understand and configure the DynaKube custom resource.

For a fresh installation, follow the instructions below.

Prerequisites

  • Kubernetes version 1.20+ or OpenShift versions 4.7+

  • See Support lifecycle for Kubernetes or Support lifecycle for OpenShift for supported versions.

  • Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.

  • Install Helm version 3.

  • For OpenShift (cloudNativeFullStack and applicationMonitoring with CSI driver deployments), you need to configure security context constraints (OpenShift).

Tokens and permissions

  • Create an API token in your Dynatrace environment and enable the following permissions:

    • Access problem and event feed, metrics, and topology (DataExport)

    • PaaS integration - Installer download (InstallerDownload)

    • Dynatrace Operator version 0.9.0+ Create ActiveGate tokens (activeGateTokenManagement.create)

      Note: This scope creates an authentication token for your ActiveGate to connect to the Dynatrace Cluster. The token is rotated by Dynatrace Operator every 30 days. When an authentication token is rotated, the affected ActiveGate is automatically deleted and redeployed.

    • optional Dynatrace Operator version 0.4.0+ If you want Dynatrace Operator to automatically handle the connection to ActiveGate via public API for Kubernetes monitoring, be sure to also enable the following permissions:

      • Read entities (entities.read)
      • Read settings (settings.read)
      • Write settings (settings.write)

  • Dynatrace Operator version 0.4.0+ For cloudNativeFullStack and applicationMonitoring deployments, in addition to the API token, you also need to generate a dataIngestToken token for metadata metric enrichment, and enable the Ingest metrics (metrics.ingest) permission.

  • For OpenShift Dedicated, you need cluster-admin privileges.

Install

Follow the steps below.

  1. Install the Dynatrace Helm repository.
bash
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable
  1. Install Dynatrace Operator.

You have two options:

Option 1: Install Dynatrace Operator using the default values:

bash
helm install dynatrace-operator dynatrace/dynatrace-operator --atomic --create-namespace -n dynatrace

Option 2: For additional configuration to the Helm chart, edit the values.yaml sample from GitHub, then run the install command passing the YAML file as an argument:

For IKS where CSI driver is used

Dynatrace Operator v.0.9.0+

For IBM Cloud Kubernetes Service (IKS), you need to set the csidriver.kubeletPath value in values.yaml to /var/data/kubelet.

Example:

yaml
csidriver:
enabled: true
nodeSelector: {}
kubeletPath: "/var/data/kubelet"
priorityClassValue: "1000000"
bash
helm install dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic --create-namespace -n dynatrace
  1. Follow steps 4 to 9 from Get started with Kubernetes/OpenShift monitoring.

Migrate to Dynatrace Operator 0.7.0+ with Helm

If you use a Dynatrace Operator version earlier than v0.7.0 in a Helm deployment, follow the steps below to migrate to the latest Dynatrace Operator version with Helm.

Adjust the values.yaml file

Upgrade the custom resource definition

Upgrade the Helm chart

Adjust the values.yaml file

  1. Fields and sections related to the DynaKube custom resource and the secret containing the tokens need to be removed. Adapt your values.yaml file according to our example on GitHub.

    Note: Resources created with earlier versions of Dynatrace Operator with Helm based on these values will be preserved.

  2. Set and update the following parameters:

    ParameterDescriptionDefault valueData type
    installCRDIf you want the Helm chart to update the DynaKube custom resource definition during the Helm upgrade, set to true.falseboolean
    csidriver.enabledSection renamed from csi to csidriver. If you use the CSI driver in your setup, set enabled to true.
    Note: To check if the CSI driver is in use, run the following command: kubectl -n dynatrace get daemonset dynatrace-oneagent-csi-driver.    		falseboolean
    securityContextConstraints.enabledEnables security constraints for OpenShift.trueboolean

Upgrade the custom resource definition

  • If installCRD is set to true, the custom resource definition will be automatically upgraded and managed by Helm.

  • If installCRD is set to false, you need to create/upgrade the custom resource definition manually before starting the Helm installation, as follows:

    bash
    kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.10.0/dynatrace-operator-crd.yaml
    bash
    oc apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.10.0/dynatrace-operator-crd.yaml

Upgrade the Helm chart 

bash
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace

Note: The above changes make your old values unusable, therefore setting the --reuse-values flag isn't possible for migration.

Update Dynatrace Operator

To update Dynatrace Operator, you need to update the Helm chart. Run the command below.

bash
helm upgrade dynatrace-operator dynatrace/dynatrace-operator -f values.yaml --atomic -n dynatrace

Uninstall

Depending on your deployment type, select one of the following to uninstall Dynatrace Operator.

For classicFullStack and applicationMonitoring without CSI driver, run the command below.

bash
helm uninstall dynatrace-operator --namespace dynatrace
For `cloudNativeFullStack` and `applicationMonitoring` with CSI driver

Follow the steps below.

  1. Remove DynaKube custom resources and clean up all remaining Dynatrace Operator–specific objects.

    bash
    kubectl delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.10.0/dynatrace-operator-crd.yaml
    bash
    oc delete -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.10.0/dynatrace-operator-crd.yaml

  2. Wait until Dynatrace Operator components have been deleted.

    bash
    kubectl -n dynatrace wait pod --for=delete -l app.kubernetes.io/component=operator --timeout=300s
    bash
    oc -n dynatrace wait pod --for=delete -l app.kubernetes.io/component=operator --timeout=300s

  3. Restart your monitored applications.

  4. Uninstall Dynatrace Operator and delete the Dynatrace namespace.

    bash
    helm uninstall dynatrace-operator --namespace dynatrace
Related topics
  • Connect your Kubernetes/OpenShift clusters to Dynatrace

    Set up and configure a containerized ActiveGate on Kubernetes/OpenShift with Dynatrace Operator.

  • Kubernetes/OpenShift monitoring

    Monitor Kubernetes/OpenShift with Dynatrace.