Deploy OneAgent for application-only monitoring

Dynatrace supports full-stack monitoring for Kubernetes, from the application down to the infrastructure layer. However, if you don't have access to the infrastructure layer, Dynatrace also provides the option of application-only monitoring. See below for instructions on how to set up Dynatrace to monitor your applications running on Kubernetes.

Prerequisites

Get Dynatrace environment credentials.
Review the list of supported applications and versions.

Note: When deployed in application-only mode, OneAgent monitors only the memory of the processes within the container, not the total memory of the container.

Generate a PaaS token

The first step is to get your environment ID and PaaS token for your Dynatrace environment.

How to get your PaaS token

Login with your Dynatrace account.
Select Deploy Dynatrace from the navigation menu.
Click the Set up PaaS integration button.
Your environment ID appears in the Environment ID text box. You'll need this ID to link your Dynatrace account with your PaaS environment. Click Copy to copy the ID to the clipboard. You can do this at any time by revisiting this page.
To generate a PaaS token, click the Generate new token button. The PaaS token is essentially an API token that's used in combination with your environment ID to download Dynatrace OneAgent. As you'll see, there's also a default InstallerDownload token available that you can alternatively use. However, for security reasons, it's recommended that you create several discrete tokens for each environment you have.
Type in a meaningful name for your PaaS token. A meaningful token name might be the name of the PaaS platform you want to monitor (for example, azure, cloud-foundry, or openshift). To view and manage your existing PaaS tokens, go to Settings -> Integration -> Platform as a Service.
Click Generate to create the PaaS token. The newly created PaaS token will appear in the list below. Click Copy to copy the generated token to the clipboard. You can do this at any time by revisiting this page and clicking Show token next to the relevant PaaS token.

Integrate OneAgent into your application

The following options explain how to integrate OneAgent with Kubernetes applications.

Integrate at container build time.

Prerequisites

Docker version 17.05 or higher.
OneAgent version 1.155 or higher.

Follow the steps below to integrate OneAgent into the application image.

docker login -u <environmentID> <ACTIVEGATE-ADDRESS>

Add the following lines of code to the application image, after the last FROM command:

COPY --from=<ACTIVEGATE-ADDRESS>/linux/oneagent-codemodules:<TECHNOLOGY> / /
ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so

where:

<ACTIVEGATE-ADDRESS>: The URL or IP address of your ActiveGate.
- SaaS {your-environment-id}.live.dynatrace.com¹
- Managed {your-domain}/e/{your-environment-id}¹
  ¹ If you use your own environment ActiveGate, use the <ID_ADDRESS>:9999 or <HOST_NAME>:9999 format.
<TECHNOLOGY>: The OneAgent code module required for your application. Valid options are all, java, apache, nginx, nodejs, dotnet, php, and go. You can specify several code modules, separated by hyphen (-), for example java-go. Including specific technology-support options, rather than support for all technology options, results in a smaller OneAgent package.

What if my Docker image is based on Alpine Linux?
Dynatrace OneAgent supports Alpine Linux based environments.
Use this syntax:

COPY --from=<ACTIVEGATE-ADDRESS>/linux/oneagent-codemodules-musl:<TECHNOLOGY> / /
ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so

Valid options here are all, java, apache, nginx, and nodejs.

Build your application image.
Build the Docker image from your Dockerfile to use it in your Kubernetes environment.

$ docker build -t yourapp .

You can monitor your application containers with a different Dynatrace environment.

For OneAgent version 1.139 or higher, if you have an existing application image where you have already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.
For this, you need to make a call to the REST endpoint of your second Dynatrace environment. Don't forget to adapt the respective placeholders <environmentID> and <token>.

$ curl "https://<environmentID>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<token>"

In return, you get a JSON object that covers the required information that needs to be passed as environment variable to the application container. Make sure you set the environment variables of the application container as described below:

DT_TENANT: equals tenantUUID
DT_TENANTTOKEN: equals tenantToken
DT_CONNECTION_POINT: semi-colon separated list of communicationEndpoints

Integrate at container runtime.

Prerequisites

OneAgent version 1.149 or higher.

With the container run time integration, OneAgent is made available to the application container via an initContainer—your application image remains unaffected.
To integrate OneAgent into your application at runtime, extend your deployment template as follows.

# your application containers
      containers:
      - name: customer-app
        image: tomcat
        env:
        - name: LD_PRELOAD
          value: /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
        volumeMounts:
        - mountPath: /opt/dynatrace/oneagent
          name: oneagent

# initcontainer to download OneAgent
      initContainers:
      - name: install-oneagent
        image: alpine:3.8
        command:
        - /bin/sh
        args:
        - -c
        - ARCHIVE=$(mktemp) && wget -O $ARCHIVE "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?Api-Token=$DT_PAAS_TOKEN&$DT_ONEAGENT_OPTIONS" && unzip -o -d /opt/dynatrace/oneagent $ARCHIVE && rm -f $ARCHIVE
        env:
        - name: DT_API_URL
          value: https://<Your-environment-ID>.live.dynatrace.com/api
        - name: DT_PAAS_TOKEN
          value: <paastoken>
        - name: DT_ONEAGENT_OPTIONS
          value: flavor=<FLAVOR>&include=<TECHNOLOGY>
        volumeMounts:
        - mountPath: /opt/dynatrace/oneagent
          name: oneagent

# Make OneAgent available as a volume
      volumes:
      - name: oneagent
        emptyDir: {}

In the # initContainer to download OneAgent and # Make OneAgent available as a volume sections, add the initContainer, which will download OneAgent, and make it available as a volume.

In the DT_ONEAGENT_OPTIONS section, set the OneAgent code module required for your application (TECHNOLOGY). Valid options for flavor=default are all, java, apache, nginx, nodejs, dotnet, php, and go. You can specify several code modules, use the &include=<technology1>&include=<technology2> syntax for that.
Note: If you include specific technology-support options rather than 'support for all technologies' options, you'll get a smaller OneAgent package.

What if my Docker image is based on Alpine Linux?
Dynatrace OneAgent supports the flavor musl for Alpine Linux based environments.
Valid options for flavor=musl are all, java, apache, nginx, and nodejs.

In the # your application containers section, add the newly created volume to the container of your application. Also add the LD_PRELOAD environment variable.

Configure a proxy address (optional)

In case you run an environment with proxy, you need to set the DT_PROXY environment variable in the application container to pass the proxy credentials to OneAgent.

Note: You might need to update the wget shipped with the Alpine image to allow for proxy authentication for the download of OneAgent.