Deploy the Dynatrace integration in Google Kubernetes Engine (GKE)

To deploy the Dynatrace GCP Function in a Kubernetes container, follow the steps below.

Prerequisites

For Dynatrace SaaS:
https://<your-environment-id>.live.dynatrace.com/api

For Dynatrace Managed:
https://<your-domain>/e/<your-environment-id>/api

For ActiveGate: https://<your-active-gate-IP-or-hostname>:9999/e/<your-environment-id>/api

To determine <your-environment-id>, see environment ID.

  1. Create a dynatrace namespace.
kubectl create namespace dynatrace
  1. Create the secrets holding the API token and the API URL for authentication to the Dynatrace Cluster.

Note: Be sure to replace <your-Dynatrace-API-token> and <your-Dynatrace-API-URL> with your actual values. For information on how to obtain these values, see Prerequisites.

kubectl -n dynatrace create secret generic dynatrace-gcp-function-secret --from-literal="access-key=<your-Dynatrace-API-token>" --from-literal="url=<your-Dynatrace-API-URL>"
  1. Create an Identity and Access Management (IAM) service account.
gcloud iam service-accounts create dynatrace-gcp-function-sa
  1. Configure the IAM service account for Workload Identity. (Make sure Workload Identity is enabled first. See Prerequisites for details.)

Note: Be sure to replace <your-GCP-project-ID> with your own GCP project ID.

gcloud iam service-accounts add-iam-policy-binding --role roles/iam.workloadIdentityUser --member "serviceAccount:<your-GCP-project-ID>.svc.id.goog[dynatrace/dynatrace-gcp-function-sa]" dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com
  1. Grant the required IAM policies to the service account.

Note: Be sure to replace <your-GCP-project-ID> with your own GCP project ID.

gcloud projects add-iam-policy-binding <your-GCP-project-ID> --member="serviceAccount:dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com" --role=roles/monitoring.editor
gcloud projects add-iam-policy-binding <your-GCP-project-ID> --member="serviceAccount:dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com" --role=roles/monitoring.viewer
gcloud projects add-iam-policy-binding <your-GCP-project-ID> --member="serviceAccount:dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com" --role=roles/compute.viewer
gcloud projects add-iam-policy-binding <your-GCP-project-ID> --member="serviceAccount:dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com" --role=roles/cloudsql.viewer
gcloud projects add-iam-policy-binding <your-GCP-project-ID> --member="serviceAccount:dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com" --role=roles/cloudfunctions.viewer
gcloud projects add-iam-policy-binding <your-GCP-project-ID> --member="serviceAccount:dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com" --role=roles/file.viewer
gcloud projects add-iam-policy-binding <your-GCP-project-ID> --member="serviceAccount:dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com" --role=roles/pubsub.viewer
  1. Enable the APIs required for monitoring.
gcloud services enable cloudapis.googleapis.com monitoring.googleapis.com cloudresourcemanager.googleapis.com
  1. Download and install dynatrace-gcp-function.yaml.
wget https://raw.githubusercontent.com/dynatrace-oss/dynatrace-gcp-function/master/k8s/dynatrace-gcp-function.yaml

Note: You can edit the function behavior defined in the dynatrace-gcp-function-config ConfigMap in dynatrace-gcp-function.yaml.

  1. Deploy the Kubernetes objects.
kubectl apply -f dynatrace-gcp-function.yaml
  1. Create an annotation for the service account.

Note: Be sure to replace <your-GCP-project-ID> with your own GCP project ID.

kubectl annotate serviceaccount --namespace dynatrace dynatrace-gcp-function-sa iam.gke.io/gcp-service-account=dynatrace-gcp-function-sa@<your-GCP-project-ID>.iam.gserviceaccount.com
  1. Check the installation status.
kubectl -n dynatrace logs -l app=dynatrace-gcp-function

After deploying the integration, you can see metrics from monitored services. If you want to add services to monitoring, see Expand monitoring in a Kubernetes container.