Deploy OneAgent Operator on Kubernetes
OneAgent Operator version 0.8.2
We recommend installing OneAgent Operator on Kubernetes with kubectl. If you prefer Helm, you can use the OneAgent Helm chart as a basic alternative.
For more information on all deployment options, see Kubernetes deployment strategies.
Installation
Find out below how to install and configure OneAgent.
-
Generate an API token and a PaaS token in your Dynatrace environment.
Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token. - Pods must allow egress to your Dynatrace environment or to your environment ActiveGate in order for metric routing to work properly.
- See Support lifecycle for supported Kubernetes versions.
- Create the necessary objects for OneAgent Operator.
OneAgent Operator acts on its separate namespacedynatrace
. It holds the operator deployment and all dependent objects like permissions, custom resources and the corresponding DaemonSet. You can also observe the logs of OneAgent Operator.
$ kubectl create namespace dynatrace
$ kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml
$ kubectl -n dynatrace logs -f deployment/dynatrace-oneagent-operator
- Create the secret holding API and PaaS tokens for authentication to the Dynatrace cluster.
The name of the secret is important in a later step when you configure the custom resource (.spec.tokens
). In the following code-snippet the name isoneagent
. Be sure to replaceAPI_TOKEN
andPAAS_TOKEN
with the values explained in the prerequisites.
$ kubectl -n dynatrace create secret generic oneagent --from-literal="apiToken=API_TOKEN" --from-literal="paasToken=PAAS_TOKEN"
- Save custom resource.
The rollout of Dynatrace OneAgent is governed by a custom resource of typeOneAgent
. Retrieve thecr.yaml
file from the GitHub repository.
$ curl -o cr.yaml https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml
- Adapt the values of the custom resource as indicated below.
If you want to revert an argument, you need to set it to empty instead of removing it from the custom resource.
Example:
args:
- "--set-proxy="
For Anthos, SUSE CaaS, Google Kubernetes Engine, and VMware Tanzu Kubernetes Grid Integrated Edition (formerly PKE), you must add the following additional parameters to the env
section in the cr.yaml
file:
- Create the custom resource.
$ kubectl apply -f cr.yaml
- optional Configure proxy.
- You can configure optional parameters like proxy settings in the
cr.yaml
file in order to- download the OneAgent installer
- ensure the communication between the OneAgent and your Dynatrace environment
- ensure the communication between the Dynatrace OneAgent Operator and the Dynatrace API.
There are two ways to provide the proxy, depending on whether or not your proxy uses credentials.
-
optional
Configure network zones.
You can configure network zones by setting the following argument:
args: - --set-network-zone=<your.network.zone>
See network zones for more information.
-
Generate an API token and a PaaS token in your Dynatrace environment.
Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token. - Pods must allow egress to your Dynatrace environment or to your environment ActiveGate in order for metric routing to work properly.
- See Support lifecycle for supported Kubernetes versions.
- Install Helm version 3.
- Add the Dynatrace OneAgent Helm repository.
$ helm repo add dynatrace \
https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable
- Create a Dynatrace namespace.
The Dynatrace OneAgent Operator acts on its separate namespace called dynatrace, which holds the operator deployment and all dependent objects like permissions, custom resources, and corresponding DaemonSets.
$ kubectl create namespace dynatrace
- Create a
values.yaml
file with the following content.
platform: "kubernetes"
operator:
image: ""
oneagent:
name: "oneagent"
apiUrl: "https://ENVIRONMENTID.live.dynatrace.com/api"
image: ""
args:
- --set-app-log-content-access=true
env: {}
nodeSelector: {}
labels: {}
skipCertCheck: false
disableAgentUpdate: false
enableIstio: false
dnsPolicy: ""
resources: {}
waitReadySeconds: null
priorityClassName: ""
serviceAccountName: ""
proxy: ""
trustedCAs: ""
secret:
apiToken: "DYNATRACE_API_TOKEN"
paasToken: "PLATFORM_AS_A_SERVICE_TOKEN"
Note: The OneAgent proxy setting is used by both the Operator and the OneAgent containers when communicating to the Dynatrace environment.
For Anthos, SUSE CaaS, Google Kubernetes Engine, and VMware Tanzu Kubernetes Grid Integrated Edition (formerly PKE), you must add the following additional parameters to the env
section in the values.yaml
file:
-
optional Configure network zones.
You can configure network zones by setting the following argument:
args: - --set-network-zone=<your.network.zone>
See network zones for more information.
-
To apply the YAML parameters, run the following command:
$ helm install dynatrace-oneagent-operator \
dynatrace/dynatrace-oneagent-operator -n\
dynatrace --values values.yaml
Limitations
See Docker limitations for details.
Troubleshoot
Find out how to troubleshoot issues that you may encounter when deploying OneAgent on Kubernetes.
Connect your Kubernetes clusters to Dynatrace
Now that you have OneAgent running on your Kubernetes nodes, you're able to monitor those nodes, and the applications running in Kubernetes. The next step is to connect the Kubernetes API to Dynatrace in order to get native Kubernetes metrics, like request limits, and differences in pods requested vs. running pods.
For further instructions see Monitor your Kubernetes clusters with Dynatrace.