Store Dynatrace images in private registries in OpenShift

You can store Dynatrace containers in private registries in OpenShift environments using either a lightweight or an immutable OneAgent container image.

  • The lightweight image consists of a OneAgent installer, which downloads necessary binaries from Dynatrace.
  • The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.

Be sure you're logged in to the Dynatrace container registry before you continue with the instructions.

To log in, run the command below, replacing the placeholders with your own values.

sudo docker login -u <your-environment-ID> <your_environment_URL> -p <your-PaaS-token>

To store Dynatrace containers in private registries using an immutable OneAgent image follow the steps below, making sure to replace the placeholders (<...>) in all the example commands or example configurations with your own values, as shown in the following table:

Parameter Value description
<dynatrace_operator_version> The latest Dynatrace Operator version.
<oneagent_version> Your desired OneAgent version
<activegate_version> Your desired ActiveGate version
<your_private_registry> The address from your private registry
<your_environment_domain_name> Your own environment domain name (the URL without https://)
<your_environment_ID> Your environment ID

1. Pull, tag, and push the Dynatrace Operator image

  1. Pull the image.

Example command:

docker pull docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version>
  1. Tag the image for your own registry.

Example command:

docker tag docker.io/dynatrace/dynatrace-operator:v<dynatrace_operator_version> <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>
  1. Push the image to your own registry.

Example command:

docker push <your_private_registry>/dynatrace-operator:v<dynatrace_operator_version>

2. Pull, tag, and push the OneAgent image

  1. Pull a specific immutable OneAgent image version.

Example command:

docker pull <your_environment_domain_name>/linux/oneagent:<oneagent_version>
  1. Tag the image for your own registry.

Example command:

docker tag <your_environment_domain_name>/linux/oneagent:<oneagent_version> <your_private_registry>/oneagent:<oneagent_version>
  1. Push the image to your own registry.

Example command:

docker push <your_private_registry>/oneagent:<oneagent_version>

3. Pull, tag, and push the ActiveGate image

  1. Pull the image.

Example command:

docker pull <your_environment_domain_name>/linux/activegate:<activegate_version>
  1. Tag the image for your own registry.

Example command:

docker tag <your_environment_domain_name>/linux/activegate:<activegate_version> <your_private_registry>/activegate:<activegate_version>
  1. Push the image to your own registry.

Example command:

docker push <your_private_registry>/activegate:<activegate_version>

4. Fetch, modify, and apply openshift.yaml.

  1. Download the latest openshift.yaml file from the Dynatrace GitHub repository.

Note: Be sure to replace the placeholder (<...>) with your own value.

curl -Lo openshift.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/v<dynatrace_operator_version>/openshift.yaml
  1. Edit openshift.yaml by replacing the default image location of Dynatrace Operator with your private registry address.

  2. If your registries need authentication, update imagePullSecrets on different service accounts.

For more information on how Kubernetes handles security for pods, see Configure service accounts for pods.

  1. Create a Dynatrace namespace.
oc adm new-project --node-selector="" dynatrace
  1. Deploy Dynatrace Operator.
oc apply -f openshift.yaml

5. Fetch, modify, and apply cr.yaml.

  1. Download the cr.yaml file for the DynaKube custom resource.
curl -Lo cr.yaml https://github.com/Dynatrace/dynatrace-operator/releases/download/v<dynatrace_operator_version>/cr.yaml
  1. Edit cr.yaml as follows:

Note: When using the immutable image, fields such as proxy, trustedCAs, and skipCertCheck are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.

Example basic configuration:

apiVersion: dynatrace.com/v1alpha1
kind: DynaKube
metadata:
  name: dynakube
  namespace: dynatrace
spec:
  apiUrl: https://<your_environment_ID>.live.dynatrace.com/api
  activeGate:
    image: <your_private_registry>/activegate:<activegate_version>
  oneAgent:
    image: <your_private_registry>/oneagent:<oneagent_version>
  classicFullStack:
    enabled: true
    tolerations:
      - effect: NoSchedule
        key: node-role.kubernetes.io/master
        operator: Exists
  routing:
    enabled: true
  kubernetesMonitoring:
    enabled: true
  1. Deploy the DynaKube custom resource.
oc apply -f cr.yaml