Monitor your OpenShift clusters with Dynatrace

Prerequisites

Connecting your OpenShift clusters to Dynatrace to take advantage of the dedicated Kubernetes/OpenShift overview page requires that you run an ActiveGate in your environment (version 1.163+).

Set up OpenShift integration

To connect your OpenShift clusters to Dynatrace, follow the instructions provided below.

1. Create a dedicated namespace

$ oc adm new-project --node-selector="" dynatrace

2. Create a service account and cluster role

Create a service account and cluster role for accessing the Kubernetes API. This creates the bearer token necessary to authenticate in the Kubernetes API. Use the following snippet.

$ oc apply -f https://www.dynatrace.com/support/help/codefiles/kubernetes/kubernetes-monitoring-service-account.yaml

3. Get the Kubernetes API URL for later use

$ oc config view --minify -o jsonpath='{.clusters[0].cluster.server}'

4. Get the bearer token for later use

```bash
$ oc get secret $(oc get sa dynatrace-monitoring -o jsonpath='{.secrets[0].name}' -n dynatrace) -o jsonpath='{.data.token}' -n dynatrace | base64 --decode
```

5. Connect your OpenShift cluster to Dynatrace

You'll need the bearer token and the Kubernetes API URL mentioned above to set up the connection to the Kubernetes API.

  1. Go to Settings > Cloud and virtualization > Kubernetes.
  2. Click Connect new cluster.
  3. Provide a Name, Kubernetes API URL, and the Bearer token for the OpenShift cluster.

6. Configure ActiveGate

If your environment uses proxies or self-signed certificates, you need to adapt your ActiveGate configuration.

Set up OpenShift workloads

  1. Ensure that the Show workloads and cloud applications toggle is turned on to enable Kubernetes workload ingestion.
  2. In Dynatrace environments before version 1.190 you need to enable Cloud application and workload detection in the Process group detection settings. In this way cloud applications and workloads will be detected properly and process groups won't extend across different cloud applications and workloads.

Integrate OpenShift events

Events field selectors

Ensure that the Events integration toggle is turned on to enable Kubernetes events ingestion. Also, be sure to specify at least one events field selector. The field selector syntax is the same as the one used in Kubernetes. An event field selector expression can have up to 10 selectors concatenated with a comma. Events matching all comma-separated selectors will be ingested. The logical operator is AND.

events-field-selector

The expression shown in the above example will store all the events related to the namespace hipster-shop that are of type Warning. This is the equivalent of the following command:

oc get events --all-namespaces --field-selector involvedObject.namespace=hipster-shop,type=Warning

If you separate the expression into two independent field selectors, you'll get all events for namespace hipster-shop and all events of type Warning. The logical operator is OR.

Events requiring permission

To use this feature, you need the Events watch permission on your service account.

To check if your role has the necessary permission, run the following command:

oc auth can-i watch events --as=system:serviceaccount:dynatrace:dynatrace-monitoring

If the output of this command is no, update your service account according to the YAML file provided in step 2.

Set up OpenShift workloads

  1. In the web UI, go to Settings > Cloud and virtualization > Kubernetes > Connect new cluster. Ensure that the Show workloads and cloud applications toggle is turned on to enable Kubernetes workload ingestion.
  2. In the web UI, go to Settings > Processes and containers > Process group detection > Cloud application and workload detection and enable the Cloud application and workload detection toggle.
    workloads

Troubleshoot

The connection between Dynatrace and your Kubernetes API might fail due to various connectivity issues. Review the following guidelines for errors that might occur.

Monitor large OpenShift environments

Contact Dynatrace ONE if you want to monitor environments that are larger than:

  • 50 OpenShift clusters per Dynatrace environment
  • 500 nodes per OpenShift cluster
  • 50,000 pods per OpenShift cluster