Store Dynatrace images in private registries in Kubernetes/OpenShift
The following options are available:
- Store Dynatrace containers in private registries in Kubernetes environments using either an immutable or a lightweight OneAgent container image.
- The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.
- The lightweight image consists of a OneAgent installer, which downloads necessary binaries from Dynatrace.
- Build and store your code-module image for
applicationMonitoring
andcloudNativeFullstack
deployments.
Immutable mode
Prerequisites
- A working private registry
- Log in to the Dynatrace container registry for your environment
To store Dynatrace containers in private registries using an immutable OneAgent image, follow the steps below, making sure to replace the placeholders (<...>
) in all the example commands or example configurations with your own values as shown in the following table.
Parameter | Value description |
---|---|
<dynatrace_operator_version> | The latest Dynatrace Operator version. |
<oneagent_version> | The semantic versioning form (<major>.<minor>.<patch> ) of your desired OneAgent version. |
<activegate_version> | The semantic versioning form (<major>.<minor>.<patch> ) of your desired ActiveGate version. |
<your_private_registry> | The address from your private registry |
<your_environment_domain_name> | Your own environment domain name (the URL without https:// ) |
<your_environment_ID> | Your environment ID |
<sample> | The name of your selected DynaKube custom resource sample. |
Pull, tag, and push the Dynatrace Operator image
Pull, tag, and push the OneAgent image
Pull, tag, and push the ActiveGate image
Fetch, modify, and apply the Kubernetes/OpenShift YAML
Fetch, modify, and apply the DynaKube custom resource
Pull, tag, and push the Dynatrace Operator image
-
Pull the image.
Example command:
docker pull docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version>
-
Tag the image for your own registry.
Example command:
docker tag docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version> <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>
-
Push the image to your own registry.
Example command:
docker push <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>
Pull, tag, and push the OneAgent image
Each OneAgent image from your environment registry has connection information for that environment, so make sure you use the corresponding image.
-
Pull a specific immutable OneAgent image version.
Example command:
docker pull <your_environment_domain_name>/linux/oneagent:<oneagent_version>
-
Tag the image for your own registry.
Example command:
docker tag <your_environment_domain_name>/linux/oneagent:<oneagent_version> <your_private_registry>/oneagent:<oneagent_version>
-
Push the image to your own registry.
Example command:
docker push <your_private_registry>/oneagent:<oneagent_version>
Pull, tag, and push the ActiveGate image
-
Pull the image.
Example command:
docker pull <your_environment_domain_name>/linux/activegate:<activegate_version>
-
Tag the image for your own registry.
Example command:
docker tag <your_environment_domain_name>/linux/activegate:<activegate_version> <your_private_registry>/activegate:<activegate_version>
-
Push the image to your own registry.
Example command:
docker push <your_private_registry>/activegate:<activegate_version>
Fetch, modify, and apply the Kubernetes/OpenShift YAML
-
Download the latest Kubernetes/OpenShift YAML from the Dynatrace GitHub repository.
curl -Lo kubernetes.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/kubernetes.yaml
curl -Lo openshift.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/openshift.yaml
-
Edit the Kubernetes/OpenShift YAML by replacing the default image location of Dynatrace Operator with your private registry address.
-
If your registries need authentication, update
imagePullSecrets
on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods. -
Depending on your platform, select one of the options below.
Create a Dynatrace namespace.
kubectl create namespace dynatrace
Create a Dynatrace project.
oc adm new-project --node-selector="" dynatrace
-
Deploy Dynatrace Operator.
kubectl apply -f kubernetes.yaml
oc apply -f openshift.yaml
Fetch, modify, and apply the DynaKube custom resource
-
Download one of the preconfigured DynaKube custom resource samples from GitHub, depending on your monitoring approach.
-
Edit the DynaKube custom resource as follows:
- Replace the empty value of the image fields (
image: ""
) withimage: <your_private_registry>
. - Adapt other values according to the parameters section of the Dynatrace Operator deployment page.
When using the immutable image, fields such as
proxy
,trustedCAs
, andskipCertCheck
are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.Example basic configuration:
apiVersion: dynatrace.com/v1beta1 kind: DynaKube metadata: name: dynakube namespace: dynatrace spec: apiUrl: https://ENVIRONMENTID.live.dynatrace.com/api oneAgent: classicFullStack: image: <your_private_registry>/oneagent:<oneagent_version> tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists activeGate: capabilities: - routing - kubernetes-monitoring image: <your_private_registry>/activegate:<activegate_version>
- Replace the empty value of the image fields (
-
Deploy the DynaKube custom resource.
Example command:
kubectl apply -f <sample>.yaml
oc apply -f <sample>.yaml
Lightweight mode
This method isn't supported by Dynatrace Operator.
Prerequisites
- A working private registry
- Log in to the Dynatrace container registry for your environment
To store Dynatrace containers in private registries using a lightweight OneAgent image follow the steps below, making sure to replace the placeholders (<...>
) in all the example commands or example configurations with your own values, as shown in the following table:
Parameter | Value description |
---|---|
<dynatrace_operator_version> | The latest Dynatrace Operator version. |
<activegate_version> | The semantic versioning form (<major>.<minor>.<patch> ) of your desired ActiveGate version. |
<your_private_registry> | The address from your private registry |
<your_environment_domain_name> | Your own environment domain name (the URL without https:// ) |
<your_environment_ID> | Your environment ID |
<sample> | The name of your selected Dynakube custom resource sample. |
Pull, tag, and push the Dynatrace Operator image
Pull, tag, and push the OneAgent image
Pull, tag, and push the ActiveGate image
Fetch, modify, and apply the Kubernetes/OpenShift YAML
Fetch, modify, and apply the DynaKube custom resource
Pull, tag, and push the Dynatrace Operator image
-
Pull the image.
Example command:
docker pull docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version>
-
Tag the image for your own registry.
Example command:
docker tag docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version> <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>
-
Push the image to your own registry.
Example command:
docker push <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>
Pull, tag, and push the OneAgent image
-
Pull the image.
docker pull docker.io/dynatrace/oneagent
-
Tag the image for your own registry.
Example command:
docker tag docker.io/dynatrace/oneagent:latest <your_private_registry>/oneagent:latest
-
Push the image to your own registry.
Example command:
docker push <your_private_registry>/oneagent:latest
Pull, tag, and push the ActiveGate image
-
Pull the image.
Example command:
docker pull <your_environment_domain_name>/linux/activegate:<activegate_version>
-
Tag the image for your own registry.
Example command:
docker tag <your_environment_domain_name>/linux/activegate:<activegate_version> <your_private_registry>/activegate:<activegate_version>
-
Push the image to your own registry.
Example command:
docker push <your_private_registry>/activegate:<activegate_version>
Fetch, modify, and apply the Kubernetes/OpenShift YAML
-
Download the latest Kubernetes/OpenShift YAML from the Dynatrace GitHub repository.
curl -Lo kubernetes.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/kubernetes.yaml
curl -Lo openshift.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/v0.13.0/openshift.yaml
-
Edit the Kubernetes/OpenShift YAML by replacing the default image location of Dynatrace Operator with your private registry address.
-
If your registries need authentication, update
imagePullSecrets
on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods. -
Depending on your platform, select one of the options below.
Create a Dynatrace namespace.
kubectl create namespace dynatrace
Create a Dynatrace project.
oc adm new-project --node-selector="" dynatrace
-
Deploy Dynatrace Operator.
kubectl apply -f kubernetes.yaml
oc apply -f openshift.yaml
Fetch, modify, and apply the DynaKube custom resource
-
Download one of the preconfigured DynaKube custom resource samples from GitHub, depending on your monitoring approach.
-
Edit the DynaKube custom resource as follows:
- Replace the empty value of the image fields (
image: ""
) withimage: <your_private_registry>
. - Adapt other values according to the parameters section of the Dynatrace Operator deployment page.
When using the immutable image, fields such as
proxy
,trustedCAs
, andskipCertCheck
are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.Example basic configuration:
apiVersion: dynatrace.com/v1beta1 kind: DynaKube metadata: name: dynakube namespace: dynatrace spec: apiUrl: https://ENVIRONMENTID.live.dynatrace.com/api oneAgent: classicFullStack: image: <your_private_registry>/oneagent:<oneagent_version> tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master operator: Exists activeGate: capabilities: - routing - kubernetes-monitoring image: <your_private_registry>/activegate:<activegate_version>
- Replace the empty value of the image fields (
-
Deploy the DynaKube custom resource.
Example command:
kubectl apply -f <sample>.yaml
oc apply -f <sample>.yaml
Code modules as an image
applicationMonitoring with CSI driver
cloudNativeFullstack
To build and store your code-module image for applicationMonitoring
and cloudNativeFullstack
deployments, follow the instructions below.
Prerequisites
-
A working private registry
-
Make sure your API token has the PaaS integration - Installer download permission enabled.
-
Determine what architecture you want to use.
- For x86 architecture, you need to download the
multidistro
flavor. - For ARM architecture, you need to download the
default
flavor.
- For x86 architecture, you need to download the
-
Determine which OneAgent version you want to use. Example format:
1.239.14.20220325-164521
.
Build the image
-
Create a Dockerfile, which will download, unpack, and place the necessary binaries (ZIP package) to the right location. For examples of Dockerfiles, consult our GitHub repository.
-
Build the image from the Dockerfile you created above.
Run the command below, making sure to provide the necessary arguments.
docker build \ --build-arg APIURL=<your-API-URL>/api\ --build-arg APITOKEN=<your-API-token> \ --build-arg AGENTVERSION=<your-desired-OneAgent-version> \ --tag <your-registry>/<your-code-modules-repository>:<your-OneAgent-version> \ -f <path-to-your-Dockerfile> .
-
Push the image to your private repository.
docker push <your-registry>/<your-code-modules-repository>:<your-OneAgent-version>
After you're done, you can use the image in the custom resource YAML and download the OneAgent binaries from your private image repository.
-
For Dynatrace Operator to authenticate to the private registry, you need to define the
customPullSecret
parameter in the Dynakube custom resource. For details, see Create a Secret based on existing credentials. -
For
cloudNativeFullStack
andapplicationMonitoring
deployments when using CSI driver, you need to set thecodeModulesImage
parameter in DynaKube. -
Example:
... cloudNativeFullStack: codeModulesImage: <your-registry>/<your-code-modules-repository>:<your-OneAgent-version>
-