Set up OpenShift monitoring

Starting with Dynatrace version 1.215 , you can deploy full-stack OneAgents and containerized ActiveGates using Dynatrace Operator. Earlier Dynatrace versions can still be deployed with OneAgent Operator. Nevertheless, we recommend migrating to Dynatrace Operator.
For more information on all deployment options, see OpenShift deployment overview

Deploy Dynatrace Operator and enable Kubernetes API monitoring

Follow the instructions below to configure Dynatrace Operator to monitor your OpenShift cluster.

Note: The instructions apply to OpenShift Dedicated as well. For OpenShift Dedicated, you need cluster-admin privileges.

  • Dynatrace Cluster version 1.215
  • OpenShift versions 3.11.188+, 4.5+
  • Generate an API token and a PaaS token in your Dynatrace environment.
    Note: Make sure you have the Access problem and event feed, metrics, and topology setting enabled for the API token.

  • Pods must allow egress to your Dynatrace environment or to your Environment ActiveGate in order for metric routing to work properly.
  • See Support lifecycle for supported OpenShift versions.
  1. Add a new project.
oc adm new-project --node-selector="" dynatrace
  1. OCP version 3.11 Provide image pull secrets.
    Skip this step if you're using a later version.
    In order to use the certified Dynatrace Operator and OneAgent images from Red Hat Container Catalog (RHCC), you need to provide image pull secrets. The service accounts on the openshift.yaml manifest already have links to the secrets to be created below.
# For OCP 3.11
oc -n dynatrace create secret docker-registry redhat-connect --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
oc -n dynatrace create secret docker-registry redhat-connect-sso --docker-username=REDHAT_CONNECT_USERNAME --docker-password=REDHAT_CONNECT_PASSWORD --docker-email=unused
  1. OCP version 4.x or OCP version 3.11 Apply the openshift.yaml manifest to deploy Dynatrace Operator.
oc apply -f
oc -n dynatrace logs -f deployment/dynatrace-operator

For OpenShift versions earlier than 3.11.188, you need to delete the type: object line beneath the required spec validation in openshift.yaml before deploying the CustomResourceDefinition (OpenShift known bug).

-  spec
type: object  # delete this line, which is a validation rule
  1. Create the secret that holds the API and PaaS tokens for authenticating to the Dynatrace Cluster.
    The name of the secret will be important in a later step when you configure the custom resource (.spec.tokens). In the following code snippet, the name is dynakube. Be sure to replace API_TOKEN and PAAS_TOKEN with values as specified in the prerequisites.
oc -n dynatrace create secret generic dynakube --from-literal="apiToken=API_TOKEN" --from-literal="paasToken=PAAS_TOKEN"
  1. Get the DynaKube custom resource from the GitHub repository.
curl -o cr.yaml
  1. Adapt the values of the custom resource as indicated below.

Example of a basic configuration:

kind: DynaKube
  name: dynakube
  namespace: dynatrace
  # Dynatrace apiUrl including the `/api` path at the end.
  # For SaaS, set `YOUR_ENVIRONMENT_ID` to your environment ID.
  # For Managed, change the apiUrl address.
  # For instructions on how to determine the environment ID and how to configure the apiUrl address, see

  # Name of the secret holding the API and PaaS tokens.
  # If unset, Dynatrace Operator uses the name of the custom resource.
  # tokens: ""

  # Enables and configures an ActiveGate instance that allows monitoring
  # of Kubernetes environments.
    #   Enable Kubernetes monitoring functionality.
    enabled: true
    # Enable classic oneagent monitoring
    enabled: true
      - effect: NoSchedule
        operator: Exists

If you want to revert an argument, you need to set it to empty instead of removing it from the custom resource.

   - "--set-proxy="

For a complete list of parameters, see the list below.

For a complete file with all the properties, see the custom resource file on GitHub.

  1. Save the custom resource.
oc apply -f cr.yaml

optional  Configure proxy

  • You can configure optional parameters like proxy settings in the cr.yaml file in order to
    • Download the OneAgent installer
    • Ensure communication between the OneAgent and your Dynatrace environment
    • Ensure communication between Dynatrace Operator and the Dynatrace API.

There are two ways to provide the proxy, depending on whether your proxy uses credentials.

Connect your OpenShift cluster to Dynatrace

Some Kubernetes pages require that your OpenShift cluster is connected to Dynatrace. This connection creates relationships among applications, services, processes, hosts, and Kubernetes objects, such as pods and namespaces.

To connect your cluster

  1. Get the Kubernetes API URL.
oc config view --minify -o jsonpath='{.clusters[0].cluster.server}'
  1. Get the bearer token.
oc get secret $(oc get sa dynatrace-kubernetes-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
  1. In Dynatrace, go to Settings > Cloud and virtualization > Kubernetes.
  2. Select Connect new cluster.
  3. Provide a Name, the Kubernetes API URL, and the Bearer token for the OpenShift cluster.
  4. Turn on Enable monitoring and Show workloads and cloud applications.

In Dynatrace environments earlier than version 1.190, you need to enable Cloud application and workload detection in Process group detection settings. This way, cloud applications and workloads will be detected properly and process groups won't be spread across different cloud applications and workloads.

  1. Select Connect to save your configuration.

Monitor large OpenShift environments

Contact Dynatrace ONE if you want to monitor environments that are larger than:

  • 50 OpenShift clusters per Dynatrace environment
  • 500 nodes per OpenShift cluster
  • 50,000 pods per OpenShift cluster

Uninstall Dynatrace Operator

Remove DynaKube custom resources and clean all remaining Dynatrace Operator–specific objects.

oc delete -n dynatrace dynakube --all
oc delete -f