Deploy OneAgent Operator on OpenShift (deprecated)
This procedure is deprecated.
- If you are making a fresh installation, you should set up OpenShift monitoring using Dynatrace Operator.
- If you already have OneAgent installed using OneAgent Operator, please see the instructions for migrating to Dynatrace Operator.
Note: The instructions below apply to OpenShift Dedicated as well. For OpenShift Dedicated, you need cluster-admin privileges.
Installation
Find out below how to install and configure OneAgent.
- Generate an API token and a PaaS token in your Dynatrace environment.
Note: Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token. - Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
- See Support lifecycle for supported OpenShift versions.
-
Add a new project.
oc adm new-project --node-selector="" dynatrace
-
OCP version 3.11 Provide image pull secrets.
Skip this step if you're using a later version.
In order to use the certified OneAgent Operator and OneAgent images from Red Hat Container Catalog (RHCC), you need to provide image pull secrets. The Service Accounts on theopenshift.yaml
manifest already have links to the secrets to be created below.# For OCP 3.11 oc -n dynatrace create secret docker-registry redhat-connect --docker-server=registry.connect.redhat.com --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused oc -n dynatrace create secret docker-registry redhat-connect-sso --docker-server=sso.redhat.com --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
-
OCP version 4.x OCP version 3.11 Apply the
openshift.yaml
manifest to deploy the OneAgent Operator.oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/openshift.yaml oc -n dynatrace logs -f deployment/dynatrace-oneagent-operator
For OpenShift versions earlier than 3.11.188 you need to delete the
type: object
line beneath the required spec validation inopenshift.yaml
before deploying theCustomResourceDefinition
(OpenShift known bug).required: - spec type: object # delete this line, which is a validation rule
-
Create the secret that holds the API and PaaS tokens for authenticating to the Dynatrace Cluster.
The name of the secret will be important in a later step when you configure the custom resource (.spec.tokens
). In the following code-snippet the name isoneagent
. Be sure to replaceAPI_TOKEN
andPAAS_TOKEN
with the values mentioned in prerequisites.oc -n dynatrace create secret generic oneagent --from-literal="apiToken=API_TOKEN" --from-literal="paasToken=PAAS_TOKEN"
-
Save the custom resource.
The rollout of Dynatrace OneAgent is governed by a custom resource of typeOneAgent
. Retrieve thecr.yaml
file from the GitHub repository.curl -o cr.yaml https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml
-
Adapt the custom resource.
If you want to revert an argument, you need to set it to empty instead of removing it from the custom resource. Example:
args: - "--set-proxy="
-
Create the custom resource.
oc apply -f cr.yaml
-
optional Configure proxy.
- You can configure optional parameters like proxy settings in the
cr.yaml
file in order to- download the OneAgent installer
- ensure the communication between the OneAgent and your Dynatrace environment
- ensure the communication between the Dynatrace OneAgent Operator and the Dynatrace API.
There are two ways to provide the proxy, depending on whether or not your proxy uses credentials.
- You can configure optional parameters like proxy settings in the
-
optional Configure network zones.
You can configure network zones by setting the following argument:
args: - --set-network-zone=<your.network.zone>
See network zones for more information.
- Generate an API token and a PaaS token in your Dynatrace environment.
Note: Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token. - Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
- See Support lifecycle for supported OpenShift versions.
- Install Helm version 3.
- We recommend installing a recent version of the Helm chart.
-
Add a new project called
dynatrace
.oc adm new-project --node-selector="" dynatrace
-
Add the Dynatrace OneAgent Helm repository.
helm repo add dynatrace \ https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable
-
Create the custom resource definitions.
oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents.yaml oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms.yaml
Note: For OCP version 3.11, run the commands below.
oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents-v1beta1.yaml oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms-v1beta1.yaml
-
Create a
values.yaml
file with the following content.platform: "openshift" operator: image: "" oneagent: name: "oneagent" apiUrl: "https://ENVIRONMENTID.live.dynatrace.com/api" image: "" args: [] env: [] nodeSelector: [] labels: [] skipCertCheck: false disableAgentUpdate: false enableIstio: false dnsPolicy: "" resources: [] waitReadySeconds: null priorityClassName: "" serviceAccountName: "" proxy: "" trustedCAs: "" secret: apiToken: "DYNATRACE_API_TOKEN" paasToken: "PLATFORM_AS_A_SERVICE_TOKEN"
-
optional Configure network zones.
You can configure network zones by setting the following argument:
args: - --set-network-zone=<your.network.zone>
See network zones for more information.
For OpenShift versions earlier than 3.11.188 you need to delete the
type: object
line beneath the required spec validation inopenshift.yaml
before deploying theCustomResourceDefinition
(OpenShift known bug).required: - spec type: object # delete this line, which is a validation rule
-
To apply the YAML parameters, run the following command:
helm install dynatrace-oneagent-operator \ dynatrace/dynatrace-oneagent-operator -n\ dynatrace --disable-openapi-validation --values values.yaml
Note: After deployment, you need to restart your pods so OneAgent can inject into them.
Cluster-wide permissions
The following table shows the permissions needed for OneAgent Operator.
Resources accessed | APIs used | Resource names |
---|---|---|
Nodes | Get/List/Watch | - |
Namespaces | Get/List/Watch | - |
Secrets | Create | - |
Secrets | Get/Update/Delete | dynatrace-oneagent-config , dynatrace-oneagent-pull-secret |
Limitations
See Docker limitations for details.
Troubleshoot
Find out how to troubleshoot issues that you may encounter when deploying OneAgent on OpenShift.
Deploy an ActiveGate and connect your Kubernetes API to Dynatrace
Now that you have OneAgent running on your OpenShift nodes, you're able to monitor those nodes, and the applications running in OpenShift. The next step is to deploy an ActiveGate and connect your Kubernetes API to Dynatrace in order to get native Kubernetes metrics, like request limits, and differences in pods requested vs. running pods.
For further instructions see Deploy ActiveGate in OpenShift as a StatefulSet.
Update OneAgent Operator with oc
OneAgent Operator for OpenShift version 3.9+ automatically takes care of the lifecycle of the deployed OneAgents, so you don't need to update OneAgent pods yourself.
Review the release notes of the Operator for any breaking changes of the custom resource.
To update OneAgent Operator, run the following command:
oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/openshift.yaml
Update OneAgent Operator with Helm
-
Update your Helm repositories.
helm repo update
Alternative method: add it again. This will overwrite the older version.
-
Update OneAgent to the latest version.
Don't omit the
--reuse-values
flag in the command in order to keep your configuration.helm upgrade dynatrace-oneagent-operator dynatrace/\ dynatrace-oneagent-operator -n dynatrace --reuse-values
Uninstall OneAgent Operator
To uninstall OneAgent Operator from OpenShift version 3.9+
-
Remove OneAgent custom resources and clean up all remaining OneAgent Operator–specific objects.
oc delete -n dynatrace oneagent --all oc delete -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/openshift.yaml
-
optional After you delete OneAgent Operator, the OneAgent binary remains on the node in an inactive state. To uninstall it completely, run the
uninstall.sh
script and delete logs and configuration files.
See Linux related information.
Remove OneAgent custom resources and clean up all remaining OneAgent Operator–specific objects:
helm uninstall dynatrace-oneagent-operator -n dynatrace