Set up Kubernetes monitoring

Starting with Dynatrace Cluster version 1.215 , you can deploy full-stack OneAgents and containerized ActiveGates using Dynatrace Operator. Earlier Dynatrace versions can still be deployed with OneAgent Operator. Nevertheless, we recommend migrating to Dynatrace Operator.
For more information on all deployment options, see Kubernetes deployment overview.

Deploy Dynatrace Operator and enable Kubernetes API monitoring

Use the instructions below to configure Dynatrace Operator to monitor your Kubernetes cluster.

  • Dynatrace Cluster version 1.215
  • Kubernetes versions 1.18+
  • Generate an API token and a PaaS token in your Dynatrace environment.
    Note: Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token.

  • Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
  • See Support lifecycle for supported Kubernetes versions.
  1. Create the necessary objects for Dynatrace Operator.
    Dynatrace Operator acts on its separate namespace, dynatrace. It holds the operator deployment and all dependent objects, such as permissions, custom resources, and the corresponding DaemonSet and StatefulSet. You can also observe the logs of Dynatrace Operator.
kubectl create namespace dynatrace
kubectl apply -f
kubectl -n dynatrace logs -f deployment/dynatrace-operator
  1. Create the secret holding API and PaaS tokens for authentication to the Dynatrace Cluster.
    The name of the secret is important in a later step when you configure the custom resource (.spec.tokens). In the following code snippet, the name is dynakube. Be sure to replace API_TOKEN and PAAS_TOKEN with the values explained in the prerequisites.
kubectl -n dynatrace create secret generic dynakube --from-literal="apiToken=API_TOKEN" --from-literal="paasToken=PAAS_TOKEN"
  1. Get the DynaKube custom resource from the GitHub repository.
curl -o cr.yaml
  1. Adapt the values of the custom resource as indicated below.

Example of a basic configuration:

kind: DynaKube
  name: dynakube
  namespace: dynatrace
  # Dynatrace apiUrl including the `/api` path at the end.
  # For SaaS, set `YOUR_ENVIRONMENT_ID` to your environment ID.
  # For Managed, change the apiUrl address.
  # For instructions on how to determine the environment ID and how to configure the apiUrl address, see

  # Name of the secret holding the API and PaaS tokens.
  # If unset, Dynatrace Operator uses the name of the custom resource.
  # tokens: ""

  # Enables and configures an ActiveGate instance that allows monitoring
  # of Kubernetes environments.
    #   Enable Kubernetes monitoring functionality.
    enabled: true
    # Enable classic oneagent monitoring
    enabled: true
      - effect: NoSchedule
        operator: Exists

If you want to revert an argument, you need to set it to empty instead of removing it from the custom resource.

   - "--set-proxy="

For a complete list of parameters, see the list below.

For a complete file with all the properties, see the custom resource file on GitHub.

Configuration for Anthos, SUSE CaaS, GKE, IKS, and TKGI

For Anthos, SUSE CaaS, Google Kubernetes Engine, and VMware Tanzu Kubernetes Grid Integrated Edition (formerly PKE), you must add the following additional parameters to the env section in the cr.yaml file:

  1. Apply the custom resource.
kubectl apply -f cr.yaml

optional  Configure proxy

  • You can configure optional parameters like proxy settings in the cr.yaml file in order to
    • Download the OneAgent installer
    • Ensure communication between the OneAgent and your Dynatrace environment
    • Ensure communication between Dynatrace Operator and the Dynatrace API.

There are two ways to provide the proxy, depending on whether your proxy uses credentials.

Connect your Kubernetes cluster to Dynatrace

Some Kubernetes pages require that your Kubernetes cluster is connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects, such as pods and namespaces.

To connect your cluster

  1. Get the Kubernetes API URL.
kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
  1. Get the bearer token.
kubectl get secret $(kubectl get sa dynatrace-kubernetes-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
  1. In Dynatrace, go to Settings > Cloud and virtualization > Kubernetes.
  2. Select Connect new cluster.
  3. Provide a Name, the Kubernetes API URL, and the Bearer token for the Kubernetes cluster.

Note: For Rancher distributions, you need the bearer token that was created in the Rancher web UI, as described in Special instructions for Rancher distributions to get the API URL and the bearer token above.

  1. Enable Enable monitoring and Show workloads and cloud applications.

In Dynatrace environments earlier than version 1.190, you need to enable Cloud application and workload detection in the Process group detection settings. This way, cloud applications and workloads will be detected properly and process groups won't be spread across different cloud applications and workloads.

  1. Select Connect to save your configuration.

Monitor large Kubernetes environments

Contact Dynatrace ONE if you want to monitor environments that are larger than:

  • 50 Kubernetes clusters per Dynatrace environment
  • 500 nodes per Kubernetes cluster
  • 50,000 pods per Kubernetes cluster

Uninstall Dynatrace Operator

Remove DynaKube custom resources and clean all remaining Dynatrace Operator–specific objects.

kubectl delete -n dynatrace dynakube --all
kubectl delete -f