Monitor your Kubernetes clusters with Dynatrace

1. Set up Kubernetes integration

To connect your Kubernetes clusters to Dynatrace, follow the instructions below.

Install an ActiveGate

Connecting your Kubernetes clusters to Dynatrace to take advantage of the dedicated Kubernetes overview page requires that you run an ActiveGate in your environment (version 1.163+).

Create a bearer token for authenticating against the Kubernetes API

  1. Create a namespace if one doesn't exist already.
$ kubectl create namespace dynatrace
  1. Create a service account and cluster role for accessing the Kubernetes API with the following snippet.
$ kubectl apply -f kubernetes-monitoring-service-account.yaml
  1. Get the Kubernetes API URL for later use.
$ kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'
  1. Get the Bearer token for later use.
$ kubectl get secret $(kubectl get sa dynatrace-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode

Connect your Kubernetes cluster through the Dynatrace settings

You'll need the Bearer token and the Kubernetes API URL mentioned above to set up the connection to the Kubernetes API.

  1. Go to Settings > Cloud and virtualization > Kubernetes.
  2. Click Connect new cluster.
  3. Provide a Name, Kubernetes API URL, and the Bearer token for the Kubernetes cluster.

Configure ActiveGate

If your environment uses proxies or self-signed certificates, you need to adapt your ActiveGate configuration.

2. Integrate Kubernetes events

Events field selectors

In the web UI, go to Settings > Cloud and virtualization > Kubernetes > Connect new cluster. Ensure that the Events integration toggle is turned on to enable Kubernetes events ingestion. Also, be sure to specify at least one events field selector. The field selector syntax is the same as the one used in Kubernetes. An event field selector expression can have up to 10 selectors concatenated with a comma. Events matching all comma-separated selectors will be ingested. The logical operator is AND.

events-field-selector

The expression shown in the above example will store all the events related to the namespace hipster-shop that are of type Warning. This is the equivalent of the following command:

kubectl get events --all-namespaces --field-selector involvedObject.namespace=hipster-shop,type=Warning

If you separate the expression into two independent field selectors, you'll get all events for namespace hipster-shop and all events of type Warning. The logical operator is OR.

Events requiring permission

To use this feature, you need the events watch permission on your service account.

To check if your role has the necessary permission, run the following command:

kubectl auth can-i watch events --as=system:serviceaccount:dynatrace:dynatrace-monitoring

If the output of this command is no, update your service account according to the YAML file that was provided above in the Create a Bearer token section.

3. Troubleshoot

The connection between Dynatrace and your Kubernetes API may fail due to various connectivity issues. Review the following guidelines for errors that may occur.

4. Monitor large Kubernetes environments

Contact us if you want to monitor environments that are larger than:

  • 50 Kubernetes clusters per Dynatrace environment
  • 500 nodes per Kubernetes cluster
  • 50,000 pods per Kubernetes cluster