Store Dynatrace images in private registries in Kubernetes/OpenShift
You can store Dynatrace containers in private registries in Kubernetes environments using either a lightweight or an immutable OneAgent container image.
- The lightweight image consists of a OneAgent installer, which downloads necessary binaries from Dynatrace.
- The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.
Prerequisites
- Dynatrace Operator version 0.3.0+
- A working private registry
- Log in to the Dynatrace container registry for your environment
Immutable mode
The immutable image can only be used for classicFullSTack and hostMonitoring configurations. Any other deployment modes are currently not supported.
To store Dynatrace containers in private registries using an immutable OneAgent image follow the steps below, making sure to replace the placeholders (<...>) in all the example commands or example configurations with your own values, as shown in the following table:
| Parameter | Value description |
|---|---|
<dynatrace_operator_version> | The latest Dynatrace Operator version. |
<oneagent_version> | The semantic versioning form (<major>.<minor>.<patch>) of your desired OneAgent version. |
<activegate_version> | The semantic versioning form (<major>.<minor>.<patch>) of your desired ActiveGate version. |
<your_private_registry> | The address from your private registry |
<your_environment_domain_name> | Your own environment domain name (the URL without https://) |
<your_environment_ID> | Your environment ID |
<sample> | The name of your selected Dynakube custom resource sample. |
1. Pull, tag, and push the Dynatrace Operator image
- Pull the image.
Example command:
docker pull docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version>- Tag the image for your own registry.
Example command:
docker tag docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version> <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>- Push the image to your own registry.
Example command:
docker push <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>2. Pull, tag, and push the OneAgent image
- Pull a specific immutable OneAgent image version.
Example command:
docker pull <your_environment_domain_name>/linux/oneagent:<oneagent_version>- Tag the image for your own registry.
Example command:
docker tag <your_environment_domain_name>/linux/oneagent:<oneagent_version> <your_private_registry>/oneagent:<oneagent_version>- Push the image to your own registry.
Example command:
docker push <your_private_registry>/oneagent:<oneagent_version>3. Pull, tag, and push the ActiveGate image
- Pull the image.
Example command:
docker pull <your_environment_domain_name>/linux/activegate:<activegate_version>- Tag the image for your own registry.
Example command:
docker tag <your_environment_domain_name>/linux/activegate:<activegate_version> <your_private_registry>/activegate:<activegate_version>- Push the image to your own registry.
Example command:
docker push <your_private_registry>/activegate:<activegate_version>4. Fetch, modify, and apply the Kubernetes/OpenShift YAML
- Download the latest Kubernetes/OpenShift YAML from the Dynatrace GitHub repository.
curl -Lo kubernetes.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/latest/kubernetes.yamlcurl -Lo openshift.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/latest/openshift.yaml-
Edit the Kubernetes/OpenShift YAML by replacing the default image location of Dynatrace Operator with your private registry address.
-
If your registries need authentication, update
imagePullSecretson different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods. -
Depending on your platform, select one of the options below.
Create a Dynatrace namespace.
kubectl create namespace dynatraceCreate a Dynatrace project.
oc adm new-project --node-selector="" dynatrace- Deploy Dynatrace Operator.
kubectl apply -f kubernetes.yamloc apply -f openshift.yaml5. Fetch, modify, and apply the DynaKube custom resource
- Download one of the preconfigured DynaKube custom resource samples from GitHub, depending on your monitoring approach.
Example command:
curl -Lo <sample>.yaml https://github.com/Dynatrace/dynatrace-operator/blob/master/config/samples/<sample>.yaml- Edit the DynaKube custom resource as follows:
- Replace the empty value of the image fields (
image: "") withimage: <your_private_registry>. - Adapt other values according to the parameters section of the Dynatrace Operator deployment page.
Note: When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.
Example basic configuration:
apiVersion: dynatrace.com/v1beta1
kind: DynaKube
metadata:
name: dynakube
namespace: dynatrace
spec:
apiUrl: https://ENVIRONMENTID.live.dynatrace.com/api
oneAgent:
classicFullStack:
image: <your_private_registry>/oneagent:<oneagent_version>
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
activeGate:
capabilities:
- routing
- kubernetes-monitoring
image: <your_private_registry>/activegate:<activegate_version>- Deploy the DynaKube custom resource.
Example command:
kubectl apply -f <sample>.yamloc apply -f <sample>.yamlLightweight mode
Note: This method isn't supported by Dynatrace Operator.
To store Dynatrace containers in private registries using a lightweight OneAgent image follow the steps below, making sure to replace the placeholders (<...>) in all the example commands or example configurations with your own values, as shown in the following table:
| Parameter | Value description |
|---|---|
<dynatrace_operator_version> | The latest Dynatrace Operator version. |
<activegate_version> | The semantic versioning form (<major>.<minor>.<patch>) of your desired ActiveGate version. |
<your_private_registry> | The address from your private registry |
<your_environment_domain_name> | Your own environment domain name (the URL without https://) |
<your_environment_ID> | Your environment ID |
<sample> | The name of your selected Dynakube custom resource sample. |
1. Pull, tag, and push the Dynatrace Operator image
- Pull the image.
Example command:
docker pull docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version>- Tag the image for your own registry.
Example command:
docker tag docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version> <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>- Push the image to your own registry.
Example command:
docker push <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>2. Pull, tag, and push the OneAgent image
- Pull the image.
docker pull docker.io/dynatrace/oneagent- Tag the image for your own registry.
Example command:
docker tag docker.io/dynatrace/oneagent:latest <your_private_registry>/oneagent:latest- Push the image to your own registry.
Example command:
docker push <your_private_registry>/oneagent:latest3. Pull, tag, and push the ActiveGate image
- Pull the image.
Example command:
docker pull <your_environment_domain_name>/linux/activegate:<activegate_version>- Tag the image for your own registry.
Example command:
docker tag <your_environment_domain_name>/linux/activegate:<activegate_version> <your_private_registry>/activegate:<activegate_version>- Push the image to your own registry.
Example command:
docker push <your_private_registry>/activegate:<activegate_version>4. Fetch, modify, and apply the Kubernetes/OpenShift YAML
- Download the latest Kubernetes/OpenShift YAML from the Dynatrace GitHub repository.
curl -Lo kubernetes.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/latest/kubernetes.yamlcurl -Lo openshift.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/latest/openshift.yaml-
Edit the Kubernetes/OpenShift YAML by replacing the default image location of Dynatrace Operator with your private registry address.
-
If your registries need authentication, update
imagePullSecretson different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods. -
Depending on your platform, select one of the options below.
Create a Dynatrace namespace.
kubectl create namespace dynatraceCreate a Dynatrace project.
oc adm new-project --node-selector="" dynatrace- Deploy Dynatrace Operator.
kubectl apply -f kubernetes.yamloc apply -f openshift.yaml5. Fetch, modify, and apply the DynaKube custom resource
- Download one of the preconfigured DynaKube custom resource samples from GitHub, depending on your monitoring approach.
Example command:
curl -Lo <sample>.yaml https://github.com/Dynatrace/dynatrace-operator/blob/master/config/samples/<sample>.yaml- Edit the DynaKube custom resource as follows:
- Replace the empty value of the image fields (
image: "") withimage: <your_private_registry>. - Adapt other values according to the parameters section of the Dynatrace Operator deployment page.
Note: When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.
Example basic configuration:
apiVersion: dynatrace.com/v1beta1
kind: DynaKube
metadata:
name: dynakube
namespace: dynatrace
spec:
apiUrl: https://ENVIRONMENTID.live.dynatrace.com/api
oneAgent:
classicFullStack:
image: <your_private_registry>/oneagent:<oneagent_version>
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
activeGate:
capabilities:
- routing
- kubernetes-monitoring
image: <your_private_registry>/activegate:<activegate_version>- Deploy the DynaKube custom resource.
Example command:
kubectl apply -f <sample>.yamloc apply -f <sample>.yaml