Deploy ActiveGate in Kubernetes as a StatefulSet

Dynatrace Operator manages the lifecycle of several Dynatrace components, including ActiveGate. If you can't use Dynatrace Operator, you can deploy the ActiveGate directly as a StatefulSet. See below for instructions.

Prerequisites

Create a PaaS token

Create a dedicated namespace.

kubectl create namespace dynatrace

Create a secret holding the environment URL and login credentials for this registry.

Example command:

kubectl create secret docker-registry dynatrace-docker-registry --docker-server=<YOUR_ENVIRONMENT_URL> --docker-username=<YOUR_ENVIRONMENT_ID> --docker-password=<YOUR_PAAS_TOKEN> -n dynatrace

where you need to replace

<YOUR_ENVIRONMENT_URL> with your environment URL (without 'http'). Example: environment.live.dynatrace.com
<YOUR_ENVIRONMENT_ID> with the Docker account username (same as the ID in your environment URL above)
<YOUR_PAAS_TOKEN> with the PaaS token you created in Prerequisites

Create a file named ag.yaml with the following content, making sure to replace

<YOUR_ENVIRONMENT_URL> and <YOUR_ENVIRONMENT_ID>with your own values as described above
<ANY_UNIQUE_ID> with any unique value. This ID will be used by the ActiveGate to generate a unique name in the UI.

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: dynatrace-activegate-kubernetes-monitoring
  namespace: dynatrace
  labels:
    activegate: kubernetes-monitoring
spec:
  serviceName: ""
  selector:
    matchLabels:
      activegate: kubernetes-monitoring
  template:
    metadata:
      labels:
        activegate: kubernetes-monitoring
    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: beta.kubernetes.io/arch
                operator: In
                values:
                - amd64
              - key: beta.kubernetes.io/os
                operator: In
                values:
                - linux
            - matchExpressions:
              - key: kubernetes.io/arch
                operator: In
                values:
                - amd64
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
      containers:
      - name: activegate
        image: <YOUR_ENVIRONMENT_URL>/linux/activegate
        imagePullPolicy: Always
        env:
        - name: DT_ID_SEED_NAMESPACE
          value: dynatrace
        - name: DT_ID_SEED_K8S_CLUSTER_ID
          value: <ANY_UNIQUE_ID>
        args:
        - --enable=kubernetes_monitoring
        livenessProbe:
          failureThreshold: 2
          httpGet:
            path: /rest/state
            port: 9999
            scheme: HTTPS
          initialDelaySeconds: 30
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 1
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /rest/health
            port: 9999
            scheme: HTTPS
          initialDelaySeconds: 30
          periodSeconds: 15
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          limits:
            cpu: 300m
            memory: 1G
          requests:
            cpu: 150m
            memory: 250M
      imagePullSecrets:
      - name: dynatrace-docker-registry
  updateStrategy:
    type: RollingUpdate

Deploy ActiveGate.

kubectl apply -f ag.yaml

Connect your Kubernetes clusters to Dynatrace

To get native Kubernetes metrics, you need to connect the Kubernetes API to Dynatrace.

To connect the Kubernetes API to Dynatrace

Create a service account and cluster role.
Create a service account and cluster role for accessing the Kubernetes API. This creates the bearer token necessary to authenticate in the Kubernetes API. Use the following snippet.

kubernetes-monitoring-service-account.yaml

Download

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dynatrace-monitoring
  namespace: dynatrace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: dynatrace-monitoring-cluster
rules:
- apiGroups:
  - ""
  - batch
  - apps
  - apps.openshift.io
  resources:
  - nodes
  - pods
  - namespaces
  - deployments
  - replicasets
  - deploymentconfigs
  - replicationcontrollers
  - jobs
  - cronjobs
  - statefulsets
  - daemonsets
  - events
  - resourcequotas
  - pods/proxy
  verbs:
  - list
  - watch
  - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dynatrace-monitoring-cluster
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: dynatrace-monitoring-cluster
subjects:
- kind: ServiceAccount
  name: dynatrace-monitoring
  namespace: dynatrace

kubectl apply -f https://www.dynatrace.com/support/help/codefiles/kubernetes/kubernetes-monitoring-service-account.yaml

Get the Kubernetes API URL.

$ kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'

Get the bearer token.

$ kubectl get secret $(kubectl get sa dynatrace-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode

Special instructions for Rancher distributions

Rancher distributions

For Rancher distributions of Kubernetes, you need to use the bearer token and API URL of the Rancher server, as this server manages and secures traffic to the Kubernetes API server. Follow the steps below.

Get the Kubernetes API URL for later use.

$ kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}'

Configure a user.
On the Rancher web UI page, either create a new user or use an existing user to be associated with the token. We recommend creating a new user.
Set permissions.
Make sure the user has either Owner or Custom permissions to the cluster you want to monitor. We recommend using the Custom permissions for this type of account.

Note: If you select Custom permissions, make sure to check these two roles: View all Projects and View Nodes.

Create an API key.
Go to API & Keys and create a key either for your specific account (enter your cluster name) or for all clusters (enter No scope). For security reasons, we recommend selecting the first option.

Note: Newly created keys display four fields. Make sure to use the content of the field called Bearer token to set up the connection to the Kubernetes API described in the next section.

Go to Settings > Cloud and virtualization > Kubernetes, and select Connect new cluster.
Provide a Name, Kubernetes API URL, and the Bearer token for the Kubernetes cluster.

Note: For Rancher distributions, you need the bearer token that was created in Rancher web UI, as described in Special instructions for Rancher distributions above.

Once you connect your Kubernetes clusters to Dynatrace, you can get native Kubernetes metrics, like request limits, and differences in pods requested vs. running pods.