Deploy OneAgent Operator on Kubernetes (deprecated)
This procedure is deprecated.
- If you are making a fresh installation, you should set up Kubernetes monitoring using Dynatrace Operator.
- If you already have OneAgent installed using OneAgent Operator, please see the instructions for migrating to Dynatrace Operator.
Installation
Find out below how to install and configure OneAgent.
- Generate an API token and a PaaS token in your Dynatrace environment.
Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token.
- Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
- See Support lifecycle for supported Kubernetes versions.
-
Create the necessary objects for OneAgent Operator.
OneAgent Operator acts on its separate namespace
dynatrace
. It holds the operator deployment and all dependent objects like permissions, custom resources and the corresponding DaemonSet. You can also observe the logs of OneAgent Operator.kubectl create namespace dynatrace
kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml
kubectl -n dynatrace logs -f deployment/dynatrace-oneagent-operator
-
Create the secret holding API and PaaS tokens for authentication to the Dynatrace Cluster.
The name of the secret is important in a later step when you configure the custom resource (
.spec.tokens
). In the following code-snippet the name isoneagent
. Be sure to replaceAPI_TOKEN
andPAAS_TOKEN
with the values explained in the prerequisites.kubectl -n dynatrace create secret generic oneagent --from-literal="apiToken=API_TOKEN" --from-literal="paasToken=PAAS_TOKEN"
-
Save custom resource.
The rollout of Dynatrace OneAgent is governed by a custom resource of type
OneAgent
. Retrieve thecr.yaml
file from the GitHub repository.curl -o cr.yaml https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml
-
Adapt the values of the custom resource as indicated below.
If you want to revert an argument, you need to set it to empty instead of removing it from the custom resource.
Example:args: - "--set-proxy="
Configuration for Anthos, SUSE CaaS, GKE, IKS, and TKGIFor Anthos, SUSE CaaS, Google Kubernetes Engine, and VMware Tanzu Kubernetes Grid Integrated Edition (formerly PKE), you must add the following additional parameters to the
env
section in thecr.yaml
file: -
Create the custom resource.
kubectl apply -f cr.yaml
-
optional Configure proxy.
- You can configure optional parameters like proxy settings in the
cr.yaml
file in order to- download the OneAgent installer
- ensure the communication between the OneAgent and your Dynatrace environment
- ensure the communication between the Dynatrace OneAgent Operator and the Dynatrace API.
There are two ways to provide the proxy, depending on whether or not your proxy uses credentials.
- You can configure optional parameters like proxy settings in the
-
optional Configure network zones.
You can configure network zones by setting the following argument:
args: - --set-network-zone=<your.network.zone>
See network zones for more information.
-
Generate an API token and a PaaS token in your Dynatrace environment.
Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token.
-
Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
-
See Support lifecycle for supported Kubernetes versions.
-
Add the Dynatrace OneAgent Helm repository.
helm repo add dynatrace \ https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable
-
Create a Dynatrace namespace.
The Dynatrace OneAgent Operator acts on its separate namespace called dynatrace, which holds the operator deployment and all dependent objects like permissions, custom resources, and corresponding DaemonSets.
kubectl create namespace dynatrace
-
Create the custom resource definitions.
kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents.yaml
kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms.yaml
-
Create a
values.yaml
file with the following content.platform: "kubernetes" operator: image: "" oneagent: name: "oneagent" apiUrl: "https://ENVIRONMENTID.live.dynatrace.com/api" image: "" args: {} env: {} nodeSelector: {} labels: {} skipCertCheck: false disableAgentUpdate: false enableIstio: false dnsPolicy: "" resources: {} waitReadySeconds: null priorityClassName: "" serviceAccountName: "" proxy: "" trustedCAs: "" secret: apiToken: "DYNATRACE_API_TOKEN" paasToken: "PLATFORM_AS_A_SERVICE_TOKEN"
The OneAgent proxy setting is used by both the Operator and the OneAgent containers when communicating to the Dynatrace environment.
Configuration for Anthos, SUSE CaaS, GKE, IKS, and TKGIFor Anthos, SUSE CaaS, Google Kubernetes Engine, and VMware Tanzu Kubernetes Grid Integrated Edition (formerly PKE), you must add the following additional parameters to the
env
section in thevalues.yaml
file: -
optional Configure network zones.
You can configure network zones by setting the following argument:
args: - --set-network-zone=<your.network.zone>
See network zones for more information.
-
To apply the YAML parameters, run the following command:
helm install dynatrace-oneagent-operator \ dynatrace/dynatrace-oneagent-operator -n\ dynatrace --values values.yaml
After deployment, you need to restart your pods so OneAgent can inject into them.
Cluster-wide permissions
The following table shows the permissions needed for OneAgent Operator.
Resources accessed | APIs used | Resource names |
---|---|---|
Nodes | Get/List/Watch | - |
Namespaces | Get/List/Watch | - |
Secrets | Create | - |
Secrets | Get/Update/Delete | dynatrace-oneagent-config , dynatrace-oneagent-pull-secret |
Limitations
See Docker limitations for details.
Troubleshoot
Find out how to troubleshoot issues that you may encounter when deploying OneAgent on Kubernetes.
Deploy an ActiveGate and connect your Kubernetes API to Dynatrace
Now that you have OneAgent running on your Kubernetes nodes, you're able to monitor those nodes, and the applications running in Kubernetes. The next step is to deploy an ActiveGate and connect your Kubernetes API to Dynatrace in order to get native Kubernetes metrics, like request limits, and differences in pods requested vs. running pods.
For further instructions see Deploy ActiveGate in Kubernetes as a StatefulSet.
Update OneAgent Operator with kubectl
OneAgent Operator (for Kubernetes version 1.9+) automatically takes care of the lifecycle of the deployed OneAgents, so you don't need to update OneAgent pods yourself.
Review the release notes of the Operator for any breaking changes on the custom resource.
If the custom resource of the new version is compatible with the already deployed version, you can simply set the OneAgent Operator image to the new tagged version. Be sure to replace vX.Y.Z
with the new version in the following command:
kubectl -n dynatrace set image deployment \
dynatrace-oneagent-operator *=quay.io/dynatrace/\
dynatrace-oneagent-operator:vX.Y.Z
The image version of the OneAgent Operator is independent from the OneAgent version. To check the available versions for the Operator, see the OneAgent Operator releases.
To update OneAgent Operator, run the following command:
kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml
Update OneAgent Operator with Helm
-
Update your Helm repositories.
helm repo update
Another method of updating the Dynatrace OneAgent Helm repository is adding it again, which overwrites the older version.
-
Update OneAgent to the latest version.
Don't omit the
--reuse-values
flag in the command in order to keep your configuration.helm upgrade dynatrace-oneagent-operator dynatrace/\ dynatrace-oneagent-operator -n dynatrace --reuse-values
Uninstall OneAgent Operator
To uninstall OneAgent Operator from Kubernetes version 1.9+
-
Remove OneAgent custom resources and clean up all remaining OneAgent Operator–specific objects.
kubectl delete -n dynatrace oneagent --all kubectl delete -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml
-
optional After deleting OneAgent Operator, the OneAgent binary remains on the node in an inactive state. To uninstall it completely, run the
uninstall.sh
script and delete logs and configuration files.
See Linux related information.
Remove OneAgent custom resources and clean up all remaining OneAgent Operator–specific objects:
helm uninstall dynatrace-oneagent-operator -n dynatrace