Connect your Kubernetes clusters to Dynatrace

To connect your Kubernetes clusters to Dynatrace, follow the instructions provided below.

Set up Kubernetes integration

1. Install an ActiveGate

Connecting your Kubernetes clusters to Dynatrace to take advantage of the dedicated Kubernetes overview page requires that you run an ActiveGate in your environment (version 1.163+).

2. Create a Bearer token for authenticating against the Kubernetes API

  1. Create a namespace if one doesn't already exist.
$ kubectl create namespace dynatrace
  1. Create a service account and cluster role for accessing the Kubernetes API with the following snippet.
$ kubectl apply -f kubernetes-monitoring-service-account.yaml
  1. Get the Kubernetes API URL for later use.
$ kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
  1. Get the Bearer token for later use.
$ kubectl get secret $(kubectl get sa dynatrace-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 -d

3. Connect your Kubernetes cluster through the Dynatrace settings

You'll need the Bearer token and the Kubernetes API URL mentioned above to set up the connection to the Kubernetes API.

  1. Go to Settings > Cloud and virtualization > Kubernetes.
  2. Click Connect new cluster.
  3. Provide a Name, Kubernetes API URL, and the Bearer token for the Kubernetes cluster.

Configure ActiveGate

In case your environment uses proxies or self-signed certificates, you need to do the following configuration.

Configuration for environments with proxies

To configure a proxy for communication with the Kubernetes/OpenShift API, you need to add to your custom.properties file the following set of parameters:

[http.client.external]  
proxy-server = <server or ip address>  
proxy-port = <port number>  
proxy-scheme = <http or https>  
proxy-user = <userid>  
proxy-password = <password>

Configuration for environments with self-signed certificates

For Kubernetes/OpenShift monitoring, it is also possible to use self-signed certificates, even when they are provided as certificate chain. You need to add to your custom.properties file the following set of parameters:

[http.client.external]  
hostname-verification = yes  
certificate-validation = yes

Please note that the self-signed certificate needs to be added to the trusted keystore (trusted.jks).

Monitor large Kubernetes environments

Please contact us if you want to monitor environments larger than:

  • 50 Kubernetes clusters per Dynatrace environment
  • 500 nodes per Kubernetes cluster
  • 50,000 pods per Kubernetes cluster