Monitor your OpenShift clusters with Dynatrace

1. Set up OpenShift integration

To connect your OpenShift clusters to Dynatrace, follow the instructions provided below.

Install an ActiveGate

Connecting your OpenShift clusters to Dynatrace to take advantage of the dedicated Kubernetes/OpenShift overview page requires that you run an ActiveGate in your environment (version 1.163+).

Create a bearer token for authenticating against the Kubernetes API

  1. Create a namespace if one doesn't already exist.
$ oc adm new-project --node-selector="" dynatrace
  1. Create a service account and cluster role for accessing the Kubernetes API with the following snippet.
$ oc apply -f https://www.dynatrace.com/support/help/codefiles/kubernetes/kubernetes-monitoring-service-account.yaml
  1. Get the Kubernetes API URL for later use.
$ oc config view --minify -o jsonpath='{.clusters[0].cluster.server}'
  1. Get the bearer token for later use.

    $ oc get secret $(oc get sa dynatrace-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
    

Connect your OpenShift cluster to Dynatrace

You'll need the bearer token and the Kubernetes API URL mentioned above to set up the connection to the Kubernetes API.

  1. Go to Settings > Cloud and virtualization > Kubernetes.
  2. Click Connect new cluster.
  3. Provide a Name, Kubernetes API URL, and the Bearer token for the OpenShift cluster.

Configure ActiveGate

If your environment uses proxies or self-signed certificates, you need to adapt your ActiveGate configuration.

2. Set up Kubernetes workloads

  1. Ensure that the Show workloads and cloud applications toggle is turned on to enable Kubernetes workload ingestion.
  2. In Dynatrace environments before version 1.190 you need to enable Cloud application and workload detection in the Process group detection settings. In this way cloud applications and workloads will be detected properly and process groups won't extend across different cloud applications and workloads.

3. Integrate Kubernetes events

Events field selectors

Ensure that the Events integration toggle is turned on to enable Kubernetes events ingestion. Also, be sure to specify at least one events field selector. The field selector syntax is the same as the one used in Kubernetes. An event field selector expression can have up to 10 selectors concatenated with a comma. Events matching all comma-separated selectors will be ingested. The logical operator is AND.

events-field-selector

The expression shown in the above example will store all the events related to the namespace hipster-shop that are of type Warning. This is the equivalent of the following command:

oc get events --all-namespaces --field-selector involvedObject.namespace=hipster-shop,type=Warning

If you separate the expression into two independent field selectors, you'll get all events for namespace hipster-shop and all events of type Warning. The logical operator is OR.

Events requiring permission

To use this feature, you need the Events watch permission on your service account.

To check if your role has the necessary permission, run the following command:

oc auth can-i watch events --as=system:serviceaccount:dynatrace:dynatrace-monitoring

If the output of this command is no, update your service account according to the YAML file that was provided above in the Create a bearer token section.

3. Set up OpenShift workloads

  1. In the web UI, go to Settings > Cloud and virtualization > Kubernetes > Connect new cluster. Ensure that the Show workloads and cloud applications toggle is turned on to enable Kubernetes workload ingestion.
  2. In the web UI, go to Settings > Processes and containers > Process group detection > Cloud application and workload detection and enable the Cloud application and workload detection toggle.
    workloads

4. Troubleshoot

The connection between Dynatrace and your Kubernetes API might fail due to various connectivity issues. Review the following guidelines for errors that might occur.

5. Monitor large OpenShift environments

Contact Dynatrace ONE if you want to monitor environments that are larger than:

  • 50 OpenShift clusters per Dynatrace environment
  • 500 nodes per OpenShift cluster
  • 50,000 pods per OpenShift cluster